6f922abf3efc96d286a432e6bfdef73a44a6f4257bc9f36f460a57959180e49a | Triage

Submit
Reports

Overview

overview

9

Static

static

7

6f922abf3e...9a.elf

debian-9-armhf

9

Sharing

General

Target

6f922abf3efc96d286a432e6bfdef73a44a6f4257bc9f36f460a57959180e49a.elf
Size

1.2MB
Sample

240529-bx1anadg74
MD5

593d36afabb3b413b9a631027529bc03
SHA1

7775da3d685e5bb20111f0ddc6a41ed123790511
SHA256

6f922abf3efc96d286a432e6bfdef73a44a6f4257bc9f36f460a57959180e49a
SHA512

0733839e55889a9dcaf71e68136010686c36600f4b7cb4968b606f951ad6b9f7382f07238d9172f843b49a0be5e517a443d2f7bac269b0a7e8d55e37c36e445e
SSDEEP

24576:Jl551rNfSMHb0T77nU46Adon7f1IqHvMxqhRmNQoGYKY:JD51ha73nPcn7fZ1hTYD

Score

9^/10

discovery motw phishing upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6f922abf3efc96d286a432e6bfdef73a44a6f4257bc9f36f460a57959180e49a.elf

Resource

debian9-armhf-20240418-en

discovery motw phishing

debian-9-armhf

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  6f922abf3efc96d286a432e6bfdef73a44a6f4257bc9f36f460a57959180e49a.elf
- Size
  
  1.2MB
- MD5
  
  593d36afabb3b413b9a631027529bc03
- SHA1
  
  7775da3d685e5bb20111f0ddc6a41ed123790511
- SHA256
  
  6f922abf3efc96d286a432e6bfdef73a44a6f4257bc9f36f460a57959180e49a
- SHA512
  
  0733839e55889a9dcaf71e68136010686c36600f4b7cb4968b606f951ad6b9f7382f07238d9172f843b49a0be5e517a443d2f7bac269b0a7e8d55e37c36e445e
- SSDEEP
  
  24576:Jl551rNfSMHb0T77nU46Adon7f1IqHvMxqhRmNQoGYKY:JD51ha73nPcn7fZ1hTYD
Score

9^/10

discovery motw phishing
- Contacts a large (557691) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverymotwphishing

© 2018-2024

Terms | Privacy