Analysis

  • max time kernel
    0s
  • max time network
    1s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    02/04/2024, 01:28

General

  • Target

    f0ee3752736d8d62f1731e60c26db491dfec0fffe85075b6757ddda257056bee.elf

  • Size

    125KB

  • MD5

    e98dc784f23bd67840fd526934f1d37a

  • SHA1

    7dbc330cdd0c57741a3d0b59c7b1f6f11671e052

  • SHA256

    f0ee3752736d8d62f1731e60c26db491dfec0fffe85075b6757ddda257056bee

  • SHA512

    c0af3c040f69dcd92e58499aa18b3831487fcb219ad83b0925dcddbf3fefae5eb8d4ce97432c12da2b6c8142407773e5c5fc81fc9447f9a88072866298539040

  • SSDEEP

    3072:g1DVLql1Q/noJrllehTmvkt4lb5hLDMzruH0yQGblMh7ojwQQRh6RYAvZR:MTmvJlb5hLUruaojwQQRh6RYAvZR

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Writes DNS configuration 1 TTPs 1 IoCs

    Writes data to DNS resolver config file.

Processes

  • /tmp/f0ee3752736d8d62f1731e60c26db491dfec0fffe85075b6757ddda257056bee.elf
    /tmp/f0ee3752736d8d62f1731e60c26db491dfec0fffe85075b6757ddda257056bee.elf
    1⤵
    • Changes its process name
    PID:647

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads