Analysis
-
max time kernel
147s -
max time network
166s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
03-07-2024 01:14
Behavioral task
behavioral1
Sample
3923b55e8084b820b8aa863565e853fd60b9f68e2724b214b12ac1d9aca7e53e.elf
Resource
debian9-armhf-20240611-en
General
-
Target
3923b55e8084b820b8aa863565e853fd60b9f68e2724b214b12ac1d9aca7e53e.elf
-
Size
167KB
-
MD5
0ef0232ed0c666d1d4ff61103418d701
-
SHA1
586861f76a514d0c39568369538b8abcd56f44b0
-
SHA256
3923b55e8084b820b8aa863565e853fd60b9f68e2724b214b12ac1d9aca7e53e
-
SHA512
8a4a0d58162be9e6931fb9465aa76ec16a792911d69fdf14159c92bd201c8455c559315294f4f3ec80a17621164f7c682cb8cc14f51bc862863db0cb0da27c17
-
SSDEEP
3072:Bdy8WoZkeDGOvvlIAFZ3U5c0xkuQn3k5h1X7cKUmSQnNbGUBn:bZv9KBxkuQ3k5h1X7xUmSQnNbGUBn
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
3923b55e8084b820b8aa863565e853fd60b9f68e2724b214b12ac1d9aca7e53e.elfdescription ioc process File opened for reading /proc/net/route 3923b55e8084b820b8aa863565e853fd60b9f68e2724b214b12ac1d9aca7e53e.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
3923b55e8084b820b8aa863565e853fd60b9f68e2724b214b12ac1d9aca7e53e.elfdescription ioc process File opened for reading /proc/net/route 3923b55e8084b820b8aa863565e853fd60b9f68e2724b214b12ac1d9aca7e53e.elf