Overview

overview

10

Static

static

10

823b7a97a1...33.elf

debian-9-armhf

7

Analysis

  • max time kernel
    5s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    09-03-2024 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    823b7a97a1bd003183b786f732a9de33.elf

  • Size

    59KB

  • MD5

    823b7a97a1bd003183b786f732a9de33

  • SHA1

    7e36d6294d99c9ec6eaec7a25ce420bab409260b

  • SHA256

    d4062b2a980e5934919bc4385edeff9b056a9e6afcb4b1204cb59ed85717fe98

  • SHA512

    e18dc945d5a3f106a30b9ba6f3737619e67751142aaa674e99f74b98c8d020f6cee52bb9ab9871c8a9a4c4c794bc00bfacbd9336c7e8fe4b666f333e50de44ee

  • SSDEEP

    1536:GmxLM+eDqnWcjv6x7WSkAXrl058rj2yBWat5zrK6xAQ:lxQDqnWcMZqK3TbzG6xX

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/823b7a97a1bd003183b786f732a9de33.elf
    /tmp/823b7a97a1bd003183b786f732a9de33.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    PID:662

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads