Analysis
-
max time network
152s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
28/05/2024, 01:38
Static task
static1
Behavioral task
behavioral1
Sample
e23d15b3afc42d22486d652989e08422bbdae37408861377f3ed718365727cff.elf
Resource
debian9-armhf-20240226-en
General
-
Target
e23d15b3afc42d22486d652989e08422bbdae37408861377f3ed718365727cff.elf
-
Size
85KB
-
MD5
995f6e4d37fc242e56f7519d9096bdeb
-
SHA1
b22ca546a59b9186e79d9151883eb9dc952c7079
-
SHA256
e23d15b3afc42d22486d652989e08422bbdae37408861377f3ed718365727cff
-
SHA512
5748d829c90dafba6dcf8251aab7197678f483ba34780ce9746312ef11e5a4d14af26b800391fc7775511ca03cd12faaed1aa52351afb6da5042bf88ca4d5d0b
-
SSDEEP
1536:/2gN/F3oM0/Ph/5wk8d3z7DLRpSHf6WoZwoOhFl8OBjn21vo:/pNNtQPh/Ok8d3hpSHi/z6Fl8OBDko
Malware Config
Signatures
-
Contacts a large (76753) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 192.3.165.37 Destination IP 192.3.165.37