Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_armhf -
resource
debian9-armhf-20231222-en -
resource tags
arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13-02-2024 05:18
Static task
static1
Behavioral task
behavioral1
Sample
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16.elf
Resource
debian9-armhf-20231222-en
debian-9-armhf
General
-
Target
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16.elf
-
Size
70KB
-
MD5
fc4a3d98f6e52c8df6c916c55f75cf01
-
SHA1
e2a5cf795d785bc4b50b555f4f12be3763487675
-
SHA256
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16
-
SHA512
967fd9b8d41b1340ee7f186106faabd481a7d73071c25ab01aa8d36010baffe1773ad4863c76c5978bfcac346f707c0ff2cffa6f74059cbe0d771bec356827dd
-
SSDEEP
1536:PTSwDOf56jPsbf8tKZFfk0/CwTZtef6kBW4va:Ef5Ssb0tKZFNTfZv4C
Malware Config
Signatures
-
Contacts a large (47026) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/10/maps File opened for reading /proc/140/maps File opened for reading /proc/6/exe File opened for reading /proc/147/maps File opened for reading /proc/698/maps File opened for reading /proc/742/maps File opened for reading /proc/793/maps File opened for reading /proc/2/maps File opened for reading /proc/5/exe File opened for reading /proc/15/exe File opened for reading /proc/22/maps File opened for reading /proc/264/maps File opened for reading /proc/644/maps File opened for reading /proc/664/maps File opened for reading /proc/42/exe File opened for reading /proc/661/maps File opened for reading /proc/674/maps File opened for reading /proc/681/exe File opened for reading /proc/766/maps File opened for reading /proc/22/exe File opened for reading /proc/23/exe File opened for reading /proc/663/exe File opened for reading /proc/20/exe File opened for reading /proc/634/maps File opened for reading /proc/641/exe File opened for reading /proc/667/maps File opened for reading /proc/759/maps File opened for reading /proc/773/maps File opened for reading /proc/21/maps File opened for reading /proc/21/exe File opened for reading /proc/29/maps File opened for reading /proc/43/exe File opened for reading /proc/147/exe File opened for reading /proc/301/maps File opened for reading /proc/324/maps File opened for reading /proc/659/maps File opened for reading /proc/789/maps File opened for reading /proc/19/exe File opened for reading /proc/27/maps File opened for reading /proc/104/maps File opened for reading /proc/144/maps File opened for reading /proc/164/maps File opened for reading /proc/271/maps File opened for reading /proc/12/maps File opened for reading /proc/140/exe File opened for reading /proc/727/maps File opened for reading /proc/747/maps File opened for reading /proc/775/maps File opened for reading /proc/779/maps File opened for reading /proc/1/maps File opened for reading /proc/7/maps File opened for reading /proc/17/exe File opened for reading /proc/26/exe File opened for reading /proc/628/maps File opened for reading /proc/724/maps File opened for reading /proc/4/exe File opened for reading /proc/11/exe File opened for reading /proc/18/exe File opened for reading /proc/24/maps File opened for reading /proc/12/exe File opened for reading /proc/768/maps File opened for reading /proc/777/maps File opened for reading /proc/9/maps File opened for reading /proc/17/maps