Overview

overview

7

Static

static

7

e8319b0105...d0.elf

debian-9-armhf

7

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    25-03-2024 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8319b0105f112f7813e7af3b296d7d0.elf

  • Size

    79KB

  • MD5

    e8319b0105f112f7813e7af3b296d7d0

  • SHA1

    7f08d7d238dd91ee38658ebd784ef03806fb954c

  • SHA256

    d0ca9ff1304cca7a9ffe1ba91fbd444ae0aa2f67b38d7b906cabcafa351c6315

  • SHA512

    fd9535bf2d993048c6332af8e98f98f65ccf0257e7f741646016073fff4e84224b41fd4848cf73cac2f795817f22626ff2f7abbe317cc5b11b7bdb0d14432771

  • SSDEEP

    1536:Ff0U3/Cu7f6EBlJ8DxPyVfzMrw+m67nlNzv3aUmSbBAe7y:Fx/B6aMPOfIP7nldaUmSb2ey

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 21 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/e8319b0105f112f7813e7af3b296d7d0.elf
    /tmp/e8319b0105f112f7813e7af3b296d7d0.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:664
  • /bin/sh
    /bin/sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
    1⤵
      PID:670
      • /sbin/iptables
        iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        2⤵
          PID:675
      • /bin/sh
        /bin/sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
        1⤵
          PID:684
          • /bin/busybox
            /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
            2⤵
              PID:685
          • /bin/sh
            /bin/sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            1⤵
              PID:687
              • /bin/iptables
                /bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                2⤵
                  PID:689
              • /bin/sh
                /bin/sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                1⤵
                  PID:690
                  • /usr/bin/iptables
                    /usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                    2⤵
                      PID:692
                  • /bin/sh
                    /bin/sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                    1⤵
                      PID:693
                      • /bin/busybox
                        busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                        2⤵
                          PID:696

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/664-1-0x00008000-0x0003f5ec-memory.dmp

                        Download