d779b79f37a8903b60ba1f42e5d50b00440fd614a50eaa859492dc02593c8f96

Analysis

max time kernel
149s
max time network
159s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
06/08/2024, 07:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2a18619f870a03f2f9102449996b9318
Size

968KB
MD5

2a18619f870a03f2f9102449996b9318
SHA1

482780580d4102bcf9d63743978be465ba20f62c
SHA256

d779b79f37a8903b60ba1f42e5d50b00440fd614a50eaa859492dc02593c8f96
SHA512

1aaa8df1d9b7a4f5d5ddcff1e4828329117f12f9fe22e77bae146fc2caa3e96564a962d322ad9d07525813cd33bbda8f6933ac64bd7393b3310d475691cbb3e4
SSDEEP

12288:vf54iYqmS4Mh2pIzp37Pe6MoQUNpjfekSEw8v1fqgPv1nc4yG5x9uNKxf2uWscsQ:35nEYdFNpbekSEw8vDukxfRtc3WUQ78n

Score

4^/10

Malware Config

Signatures

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/dev	2a18619f870a03f2f9102449996b9318

Reads runtime system information 7 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/stat	2a18619f870a03f2f9102449996b9318

/tmp/2a18619f870a03f2f9102449996b9318
/tmp/2a18619f870a03f2f9102449996b9318
1⤵
- Reads system network configuration
- Reads runtime system information
PID:708
- /bin/sh
  sh -c "sed -i -e '/exit/d' /etc/rc.local"
  2⤵
  PID:710
- - /usr/bin/sed
    sed -i -e /exit/d /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:713
- /bin/sh
  sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
  2⤵
  PID:721
- - /usr/bin/sed
    sed -i -e "/^ | | \$/d" /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:723
- /bin/sh
  sh -c "sed -i -e '/2a18619f870a03f2f9102449996b9318 reboot/d' /etc/rc.local"
  2⤵
  PID:727
- - /usr/bin/sed
    sed -i -e "/2a18619f870a03f2f9102449996b9318 reboot/d" /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:730
- /bin/sh
  sh -c "sed -i -e '2 i/tmp/2a18619f870a03f2f9102449996b9318 reboot' /etc/rc.local"
  2⤵
  PID:734
- - /usr/bin/sed
    sed -i -e "2 i/tmp/2a18619f870a03f2f9102449996b9318 reboot" /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:736
- /bin/sh
  sh -c "sed -i -e '2 i/tmp/2a18619f870a03f2f9102449996b9318 reboot start' /etc/rc.d/rc.local"
  2⤵
  PID:739
- - /usr/bin/sed
    sed -i -e "2 i/tmp/2a18619f870a03f2f9102449996b9318 reboot start" /etc/rc.d/rc.local
    3⤵
    - Reads runtime system information
    PID:742
- /bin/sh
  sh -c "sed -i -e '2 i/tmp/2a18619f870a03f2f9102449996b9318 reboot start' /etc/init.d/boot.local"
  2⤵
  PID:746
- - /usr/bin/sed
    sed -i -e "2 i/tmp/2a18619f870a03f2f9102449996b9318 reboot start" /etc/init.d/boot.local
    3⤵
    - Reads runtime system information
    PID:749

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads