Analysis
-
max time kernel
152s -
max time network
157s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13-02-2024 05:18
Static task
static1
Behavioral task
behavioral1
Sample
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16.elf
Resource
debian9-armhf-20231215-en
debian-9-armhf
General
-
Target
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16.elf
-
Size
70KB
-
MD5
fc4a3d98f6e52c8df6c916c55f75cf01
-
SHA1
e2a5cf795d785bc4b50b555f4f12be3763487675
-
SHA256
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16
-
SHA512
967fd9b8d41b1340ee7f186106faabd481a7d73071c25ab01aa8d36010baffe1773ad4863c76c5978bfcac346f707c0ff2cffa6f74059cbe0d771bec356827dd
-
SSDEEP
1536:PTSwDOf56jPsbf8tKZFfk0/CwTZtef6kBW4va:Ef5Ssb0tKZFNTfZv4C
Malware Config
Signatures
-
Contacts a large (43821) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/655/maps File opened for reading /proc/807/maps File opened for reading /proc/878/maps File opened for reading /proc/896/maps File opened for reading /proc/939/exe File opened for reading /proc/22/maps File opened for reading /proc/41/maps File opened for reading /proc/313/maps File opened for reading /proc/926/exe File opened for reading /proc/4/exe File opened for reading /proc/920/exe File opened for reading /proc/283/maps File opened for reading /proc/650/maps File opened for reading /proc/5/maps File opened for reading /proc/811/maps File opened for reading /proc/820/maps File opened for reading /proc/859/maps File opened for reading /proc/20/maps File opened for reading /proc/676/maps File opened for reading /proc/865/maps File opened for reading /proc/10/maps File opened for reading /proc/656/maps File opened for reading /proc/691/maps File opened for reading /proc/839/exe File opened for reading /proc/14/maps File opened for reading /proc/23/maps File opened for reading /proc/43/maps File opened for reading /proc/19/maps File opened for reading /proc/897/exe File opened for reading /proc/279/maps File opened for reading /proc/770/maps File opened for reading /proc/24/maps File opened for reading /proc/879/exe File opened for reading /proc/835/maps File opened for reading /proc/912/maps File opened for reading /proc/21/exe File opened for reading /proc/43/exe File opened for reading /proc/4/maps File opened for reading /proc/748/maps File opened for reading /proc/18/maps File opened for reading /proc/916/maps File opened for reading /proc/6/maps File opened for reading /proc/806/maps File opened for reading /proc/843/maps File opened for reading /proc/934/exe File opened for reading /proc/15/exe File opened for reading /proc/653/exe File opened for reading /proc/104/maps File opened for reading /proc/156/exe File opened for reading /proc/883/exe File opened for reading /proc/916/exe File opened for reading /proc/943/maps File opened for reading /proc/28/exe File opened for reading /proc/486/maps File opened for reading /proc/113/maps File opened for reading /proc/21/maps File opened for reading /proc/42/exe File opened for reading /proc/678/exe File opened for reading /proc/913/exe File opened for reading /proc/1/maps File opened for reading /proc/115/maps File opened for reading /proc/319/maps File opened for reading /proc/6/exe File opened for reading /proc/2/exe