Analysis

  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    28/05/2024, 01:38

General

  • Target

    e23d15b3afc42d22486d652989e08422bbdae37408861377f3ed718365727cff.elf

  • Size

    85KB

  • MD5

    995f6e4d37fc242e56f7519d9096bdeb

  • SHA1

    b22ca546a59b9186e79d9151883eb9dc952c7079

  • SHA256

    e23d15b3afc42d22486d652989e08422bbdae37408861377f3ed718365727cff

  • SHA512

    5748d829c90dafba6dcf8251aab7197678f483ba34780ce9746312ef11e5a4d14af26b800391fc7775511ca03cd12faaed1aa52351afb6da5042bf88ca4d5d0b

  • SSDEEP

    1536:/2gN/F3oM0/Ph/5wk8d3z7DLRpSHf6WoZwoOhFl8OBjn21vo:/pNNtQPh/Ok8d3hpSHi/z6Fl8OBDko

Score
9/10

Malware Config

Signatures

  • Contacts a large (76753) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads