Analysis
-
max time kernel
151s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20231222-en -
resource tags
arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13/02/2024, 04:25
Static task
static1
Behavioral task
behavioral1
Sample
a438ffa52454de2ce0a22733fbfd0fc8b66d66a1eb0eb3ff92d96996c579f9be.elf
Resource
debian9-armhf-20231222-en
debian-9-armhf
General
-
Target
a438ffa52454de2ce0a22733fbfd0fc8b66d66a1eb0eb3ff92d96996c579f9be.elf
-
Size
124KB
-
MD5
bb35602fdbd2badaa06a0bad513ed9d5
-
SHA1
d1d1a6a608a4352eb1c29091529645db9626a16f
-
SHA256
a438ffa52454de2ce0a22733fbfd0fc8b66d66a1eb0eb3ff92d96996c579f9be
-
SHA512
5fa24a862cd3d029bcc128d83aacc57388d128832c7d3d7eaed1ebf0562aa45c94a8d38ece4e46a03fd038ead5c0a7043e4a905c82b4accf6dc660ff2c9745b9
-
SSDEEP
3072:Iz1XP86P63qV70zS19FV37IzMbOYpM/9+pg:op86P4OQzS19FV79bOeM/9+pg
Malware Config
Signatures
-
Contacts a large (47032) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/764/maps File opened for reading /proc/830/maps File opened for reading /proc/76/exe File opened for reading /proc/141/maps File opened for reading /proc/277/maps File opened for reading /proc/685/exe File opened for reading /proc/697/maps File opened for reading /proc/795/maps File opened for reading /proc/5/exe File opened for reading /proc/12/maps File opened for reading /proc/109/exe File opened for reading /proc/145/exe File opened for reading /proc/18/maps File opened for reading /proc/685/maps File opened for reading /proc/29/maps File opened for reading /proc/42/exe File opened for reading /proc/43/maps File opened for reading /proc/148/exe File opened for reading /proc/3/maps File opened for reading /proc/9/maps File opened for reading /proc/12/exe File opened for reading /proc/19/maps File opened for reading /proc/686/exe File opened for reading /proc/780/maps File opened for reading /proc/832/maps File opened for reading /proc/2/maps File opened for reading /proc/18/exe File opened for reading /proc/272/maps File opened for reading /proc/577/maps File opened for reading /proc/27/maps File opened for reading /proc/148/maps File opened for reading /proc/697/exe File opened for reading /proc/765/maps File opened for reading /proc/308/maps File opened for reading /proc/817/maps File opened for reading /proc/10/exe File opened for reading /proc/16/maps File opened for reading /proc/23/maps File opened for reading /proc/274/maps File opened for reading /proc/622/maps File opened for reading /proc/694/maps File opened for reading /proc/742/exe File opened for reading /proc/746/maps File opened for reading /proc/6/maps File opened for reading /proc/14/exe File opened for reading /proc/145/maps File opened for reading /proc/292/maps File opened for reading /proc/799/maps File opened for reading /proc/803/exe File opened for reading /proc/7/maps File opened for reading /proc/13/exe File opened for reading /proc/29/exe File opened for reading /proc/571/maps File opened for reading /proc/657/maps File opened for reading /proc/662/maps File opened for reading /proc/834/maps File opened for reading /proc/20/exe File opened for reading /proc/24/exe File opened for reading /proc/42/maps File opened for reading /proc/222/maps File opened for reading /proc/21/exe File opened for reading /proc/314/maps File opened for reading /proc/735/maps File opened for reading /proc/807/maps