Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    30/03/2024, 17:47

General

  • Target

    97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f.elf

  • Size

    162KB

  • MD5

    20ac928a32d7259907e93b82c7a9a046

  • SHA1

    d63d1860d7cec58ad0ecfde259644c1f94691f95

  • SHA256

    97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f

  • SHA512

    7697bcc693fd60e9c9d8146a2d5561a2e6de288a2b9f04da47dbf0299239a6fa9463626264e16cd91229b43e3bc9d895d05a20f84031dcbe95aa66168b2b5ab7

  • SSDEEP

    3072:EEz42nad2snP1yJShni71cvvK5SXeE2DxVsWmJhny2qAQYzc:znad2sn9yqi7mvvKcXeE2DxVsWmJhnyL

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f.elf
    /tmp/97cf5198be05d13e85a49e4720b2050f2af110ae775bcd6c180391e8853ecd7f.elf
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:649

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads