d0ca9ff1304cca7a9ffe1ba91fbd444ae0aa2f67b38d7b906cabcafa351c6315 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

e8319b0105...d0.elf

debian-9-armhf

7

Sharing

Copy URL Twitter E-mail

General

Target

e8319b0105f112f7813e7af3b296d7d0.elf
Size

79KB
Sample

240325-paay5saa9y
MD5

e8319b0105f112f7813e7af3b296d7d0
SHA1

7f08d7d238dd91ee38658ebd784ef03806fb954c
SHA256

d0ca9ff1304cca7a9ffe1ba91fbd444ae0aa2f67b38d7b906cabcafa351c6315
SHA512

fd9535bf2d993048c6332af8e98f98f65ccf0257e7f741646016073fff4e84224b41fd4848cf73cac2f795817f22626ff2f7abbe317cc5b11b7bdb0d14432771
SSDEEP

1536:Ff0U3/Cu7f6EBlJ8DxPyVfzMrw+m67nlNzv3aUmSbBAe7y:Fx/B6aMPOfIP7nldaUmSb2ey

Score

7^/10

upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e8319b0105f112f7813e7af3b296d7d0.elf

Resource

debian9-armhf-20240226-en

debian-9-armhf

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  e8319b0105f112f7813e7af3b296d7d0.elf
- Size
  
  79KB
- MD5
  
  e8319b0105f112f7813e7af3b296d7d0
- SHA1
  
  7f08d7d238dd91ee38658ebd784ef03806fb954c
- SHA256
  
  d0ca9ff1304cca7a9ffe1ba91fbd444ae0aa2f67b38d7b906cabcafa351c6315
- SHA512
  
  fd9535bf2d993048c6332af8e98f98f65ccf0257e7f741646016073fff4e84224b41fd4848cf73cac2f795817f22626ff2f7abbe317cc5b11b7bdb0d14432771
- SSDEEP
  
  1536:Ff0U3/Cu7f6EBlJ8DxPyVfzMrw+m67nlNzv3aUmSbBAe7y:Fx/B6aMPOfIP7nldaUmSb2ey
Score

7^/10
- Changes its process name
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy