Overview

overview

9

Static

static

1

a438ffa524...be.elf

debian-9-armhf

9

Analysis

  • max time kernel
    152s
  • max time network
    155s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    13/02/2024, 04:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a438ffa52454de2ce0a22733fbfd0fc8b66d66a1eb0eb3ff92d96996c579f9be.elf

  • Size

    124KB

  • MD5

    bb35602fdbd2badaa06a0bad513ed9d5

  • SHA1

    d1d1a6a608a4352eb1c29091529645db9626a16f

  • SHA256

    a438ffa52454de2ce0a22733fbfd0fc8b66d66a1eb0eb3ff92d96996c579f9be

  • SHA512

    5fa24a862cd3d029bcc128d83aacc57388d128832c7d3d7eaed1ebf0562aa45c94a8d38ece4e46a03fd038ead5c0a7043e4a905c82b4accf6dc660ff2c9745b9

  • SSDEEP

    3072:Iz1XP86P63qV70zS19FV37IzMbOYpM/9+pg:op86P4OQzS19FV79bOeM/9+pg

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (43662) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/a438ffa52454de2ce0a22733fbfd0fc8b66d66a1eb0eb3ff92d96996c579f9be.elf
    /tmp/a438ffa52454de2ce0a22733fbfd0fc8b66d66a1eb0eb3ff92d96996c579f9be.elf
    1⤵
      PID:656

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads