Overview

overview

10

Static

static

10

223d8461f4...72.elf

debian-9-armhf

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    01-07-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    223d8461f47473f5db08fd4afaadc572.elf

  • Size

    41KB

  • MD5

    223d8461f47473f5db08fd4afaadc572

  • SHA1

    02c74fa47f57f5dd7ee200fbc09e0483feaa3006

  • SHA256

    06d3de1f4ed49d4154d6be53c1a97fa1a7bb17de8abfba1a3feb1da8d5aec6d4

  • SHA512

    f55cc66b781fa1134c53f1f584af8adab046f47804325a635fe9a623cac1e869ff95930de5e988041353ac1ed4a1e63a4bae7e481326435fe6772d0108fa449a

  • SSDEEP

    768:N8pWwBZD5qrNVKZZjPGCo9IwxTcSPut5L9f6/NPc5bt7eLR:SWuSVKL+7hxTcaut5R6V

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (76259) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/223d8461f47473f5db08fd4afaadc572.elf
    /tmp/223d8461f47473f5db08fd4afaadc572.elf
    1⤵
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:647

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads