Analysis
-
max time kernel
151s -
max time network
150s -
platform
debian-9_armhf -
resource
debian9-armhf-20231222-en -
resource tags
arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13-02-2024 03:18
Behavioral task
behavioral1
Sample
8f811d8fa83f669a63e5869b3253fae97cc8f1aa291762435208631ae4dae11c.elf
Resource
debian9-armhf-20231222-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
8f811d8fa83f669a63e5869b3253fae97cc8f1aa291762435208631ae4dae11c.elf
-
Size
124KB
-
MD5
c39188407f28e1d3e6cd8c5e9c75776d
-
SHA1
a06917f6c1bda363a62fdae67ed1cd63c6b4e92b
-
SHA256
8f811d8fa83f669a63e5869b3253fae97cc8f1aa291762435208631ae4dae11c
-
SHA512
f342043c6c3a555ea432df8b68c4740c93f0ce1c019882f108a1c7bb265b6e40540653297708a91b48afecd0b9d4954fe0910e97299b5c9262cddd6ed5a307aa
-
SSDEEP
1536:Qonr7/CxMBUVyaoetIMiCag4NGwESHIKT9LNl7mixdnU4cwD2qopSl1Dzw/9Hi6e:Ij7cO4NGwESHIYZdn1cwDjUkDM/9tSis
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 669 8f811d8fa83f669a63e5869b3253fae97cc8f1aa291762435208631ae4dae11c.elf -
Deletes itself 1 IoCs
pid Process 669 8f811d8fa83f669a63e5869b3253fae97cc8f1aa291762435208631ae4dae11c.elf -
Renames itself 2 IoCs
pid Process 669 8f811d8fa83f669a63e5869b3253fae97cc8f1aa291762435208631ae4dae11c.elf 669 8f811d8fa83f669a63e5869b3253fae97cc8f1aa291762435208631ae4dae11c.elf -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 37.252.191.197 Destination IP 81.169.136.222 Destination IP 172.96.167.214 Destination IP 185.84.81.194 Destination IP 80.78.132.79 Destination IP 65.21.1.106 Destination IP 103.87.68.194 Destination IP 94.16.114.254 Destination IP 168.138.8.38 Destination IP 172.96.167.214 Destination IP 51.77.149.139 Destination IP 51.158.108.203 Destination IP 51.77.149.139 Destination IP 130.61.64.122 Destination IP 51.77.149.139 Destination IP 51.77.149.139 Destination IP 45.84.1.149 Destination IP 168.138.8.38 Destination IP 168.138.8.38 Destination IP 89.163.140.67 Destination IP 35.211.96.150 Destination IP 51.77.149.139 Destination IP 130.61.64.122 Destination IP 65.21.1.106 Destination IP 138.197.140.189 Destination IP 51.77.149.139 Destination IP 81.169.136.222 Destination IP 45.84.1.149 Destination IP 51.77.149.139 Destination IP 94.16.114.254 Destination IP 138.197.140.189 Destination IP 89.163.140.67 Destination IP 35.211.96.150 Destination IP 192.71.166.92 Destination IP 130.61.64.122 Destination IP 51.77.149.139 Destination IP 81.169.136.222 Destination IP 80.78.132.79 Destination IP 35.211.96.150 Destination IP 94.16.114.254 Destination IP 172.96.167.214 Destination IP 130.61.64.122 Destination IP 192.71.166.92 Destination IP 35.211.96.150 Destination IP 51.77.149.139 Destination IP 51.77.149.139 Destination IP 80.78.132.79 Destination IP 70.34.254.19 Destination IP 45.84.1.149 Destination IP 51.77.149.139 Destination IP 185.84.81.194 Destination IP 65.21.1.106 Destination IP 103.87.68.194 Destination IP 192.71.166.92 Destination IP 134.195.4.2 Destination IP 185.181.61.24 Destination IP 103.1.206.179 Destination IP 51.77.149.139 Destination IP 89.163.140.67 Destination IP 103.87.68.194 Destination IP 192.71.166.92 Destination IP 94.16.114.254 Destination IP 185.181.61.24 Destination IP 81.169.136.222