44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b

Analysis

max time kernel
149s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
23/04/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
Size

168KB
MD5

97371f1d7757f96207bf9c2c2f99d965
SHA1

568b2a0426f941377cdc9b7bd9be3cd75a03d63a
SHA256

44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b
SHA512

1137f7e54cd0741c14748fca74aa66c78c2f713735257c3a7fcbca1a0fd46914bc741327156f1cf025c5db4da7e7868a4888408280706674a35754c26a6b94d6
SSDEEP

3072:ng2LFI/S/u8fDo3qdfagJqlkkzQnewIH3PJQ7T+R8miGI2dM/9DwUBc:ng2Lq/epfywfagJqlkeceX3RqCumiBk/

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (38130) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 64 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	telnetd	671	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
Changes the process name, possibly in an attempt to hide itself	sshd	671	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
Changes the process name, possibly in an attempt to hide itself	systemd	673	Process not Found
Changes the process name, possibly in an attempt to hide itself	bash	672	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found
Changes the process name, possibly in an attempt to hide itself	telnetd	674	Process not Found

Reads runtime system information 12 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/8/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/9/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/10/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/11/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/12/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/1/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/3/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/4/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/5/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/6/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/7/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
File opened for reading	/proc/2/maps	44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf

/tmp/44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
/tmp/44dc75823821a69342223e5f1687a698b8561385b5de0787a44b0106e0a1fe8b.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:671

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...