Analysis
-
max time kernel
140s -
max time network
149s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
30/03/2024, 17:47
Behavioral task
behavioral1
Sample
97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f.elf
Resource
debian9-armhf-20240226-en
3 signatures
150 seconds
General
-
Target
97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f.elf
-
Size
162KB
-
MD5
20ac928a32d7259907e93b82c7a9a046
-
SHA1
d63d1860d7cec58ad0ecfde259644c1f94691f95
-
SHA256
97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f
-
SHA512
7697bcc693fd60e9c9d8146a2d5561a2e6de288a2b9f04da47dbf0299239a6fa9463626264e16cd91229b43e3bc9d895d05a20f84031dcbe95aa66168b2b5ab7
-
SSDEEP
3072:EEz42nad2snP1yJShni71cvvK5SXeE2DxVsWmJhny2qAQYzc:znad2sn9yqi7mvvKcXeE2DxVsWmJhnyL
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself sshd 649 97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f.elf -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f.elf