2e1e3f75fdb08c26e41d7870db6ffea5b89b39100899fe609b3c1d0d018c87d3

Resubmissions

14-06-2024 14:23

240614-rqapesxhrn 3

17-04-2024 09:42

240417-lpnl1abc26 4

Analysis

max time kernel
117s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
17-04-2024 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d_lin_arm_ru
Size

18.2MB
MD5

f3712eac9c20d7981504f7682c67ac05
SHA1

fcd7fba6b46bff0e23769ad2e5943bf02baf8c4b
SHA256

3607940034b6f67f144611ba61f56aadab6b2405a365b0d238aeb73d4ff8b3b2
SHA512

825ac8c0962a280f9361c3a0d3caac72ddef3eaea09eddd31f1eca686f9abd296152b1c12f84bce40d35654416cf7096ae3ae3e3d263b1abc5a27d84b1e65c81
SSDEEP

98304:UtzJdTsyrziPyX7zHRGCMo1D8j8WwGHD6NmK4ccrZqA3xXBnv6:Utz/KUUj8WwGj6NSccrZLxX

Score

3^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	d_lin_arm_ru

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/stat	d_lin_arm_ru

/tmp/d_lin_arm_ru
/tmp/d_lin_arm_ru
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads