Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
11-03-2024 09:31
Behavioral task
behavioral1
Sample
d588c5a95c74bcee8b39e205121805c0.elf
Resource
debian9-armhf-20240226-en
debian-9-armhf
6 signatures
150 seconds
General
-
Target
d588c5a95c74bcee8b39e205121805c0.elf
-
Size
61KB
-
MD5
d588c5a95c74bcee8b39e205121805c0
-
SHA1
7388e3e52254ca75e9266051850455eb3f12b07c
-
SHA256
adceea0e6e846f2b7d0633b1fc64f62301ab20f8921bb77c1613e2de58939c2d
-
SHA512
3bbc6ed6a13046e942db8dc10b4fe5c8e98e72f0dca4d0194c11628e3473112e05c88cf9214d34833e4a4701dd9b7cf4cf133598fdd9777945ecdb3ef30c4db9
-
SSDEEP
1536:y7s0x7T4Ulds1bD8l5uFKgisX/uteQgHDF:y7s0VK1OkFKgis2Rgp
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself telnetd 663 d588c5a95c74bcee8b39e205121805c0.elf -
Deletes itself 1 IoCs
pid Process 663 d588c5a95c74bcee8b39e205121805c0.elf -
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 134.195.4.2 -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/580/cmdline File opened for reading /proc/657/cmdline File opened for reading /proc/42/cmdline File opened for reading /proc/300/cmdline File opened for reading /proc/722/cmdline File opened for reading /proc/797/cmdline File opened for reading /proc/758/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/311/cmdline File opened for reading /proc/320/cmdline File opened for reading /proc/716/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/28/cmdline File opened for reading /proc/654/cmdline File opened for reading /proc/655/cmdline File opened for reading /proc/668/cmdline File opened for reading /proc/678/cmdline File opened for reading /proc/709/cmdline File opened for reading /proc/730/cmdline File opened for reading /proc/747/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/109/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/703/cmdline File opened for reading /proc/767/cmdline File opened for reading /proc/779/cmdline File opened for reading /proc/158/cmdline File opened for reading /proc/662/cmdline File opened for reading /proc/152/cmdline File opened for reading /proc/266/cmdline File opened for reading /proc/688/cmdline File opened for reading /proc/696/cmdline File opened for reading /proc/743/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/661/cmdline File opened for reading /proc/751/cmdline File opened for reading /proc/744/cmdline File opened for reading /proc/101/cmdline File opened for reading /proc/720/cmdline File opened for reading /proc/711/cmdline File opened for reading /proc/741/cmdline File opened for reading /proc/694/cmdline File opened for reading /proc/695/cmdline File opened for reading /proc/303/cmdline File opened for reading /proc/656/cmdline File opened for reading /proc/702/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/41/cmdline File opened for reading /proc/742/cmdline File opened for reading /proc/170/cmdline File opened for reading /proc/676/cmdline File opened for reading /proc/690/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/277/cmdline File opened for reading /proc/753/cmdline File opened for reading /proc/765/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/784/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/675/cmdline File opened for reading /proc/700/cmdline File opened for reading /proc/788/cmdline