383be3340b8dac3399c5d32c9c300aa17a99b6a7d598437540464ec8d4571877

Analysis

max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
22-05-2024 01:21

Target

383be3340b8dac3399c5d32c9c300aa17a99b6a7d598437540464ec8d4571877.elf
Size

74KB
MD5

61fd4eb55ddf507e4338a29dede543c6
SHA1

3cf12b720148f2bfaf96d4187aef9970777da4d3
SHA256

383be3340b8dac3399c5d32c9c300aa17a99b6a7d598437540464ec8d4571877
SHA512

60f3c6060aa0bbd9d23128c64c12134b572b1dda817e6a5aed5804c22ea3990f8cd0f84fff8effb5c2048435ae115d73f4f6f46d75b673f9dad5bf71b6c7ff3f
SSDEEP

1536:Bqn+PILmg4WiFCJ7z9z8Q730FxqeQ0zWUaa2dlUUiMnmlPvC:dun4WVtp3wxqeQ0zWIenWi

Score

9^/10

discovery

Contacts a large (76775) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 116.203.104.203

description	ioc
Destination IP	116.203.104.203

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact