Analysis

  • max time kernel
    149s
  • max time network
    166s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    08-08-2024 01:39

General

  • Target

    9ea845aa28dba907ee2abc3a3dc2c50bfbc593bfaa4b1a4e40dba83c3468b45b.elf

  • Size

    115KB

  • MD5

    c3c1c6803141e720ba63cd168cc5712c

  • SHA1

    40986073cff0b4ee1b7ef4ccfb3620b53bc7f174

  • SHA256

    9ea845aa28dba907ee2abc3a3dc2c50bfbc593bfaa4b1a4e40dba83c3468b45b

  • SHA512

    2a48a05ae346ea6a6efd56c9d07501f60a304f2be6a42a9f86c0279d0a38c1777c56aa2f2aa76736469a1c9d9b7e6c431e4a0b05002dbfc304f4443dfcbfaea9

  • SSDEEP

    3072:hzoMfD4gqnu9hO5gGJkkYavCMM/9WAqdz:loMfDdyu9hO57Jgav9M/9WAqdz

Score
9/10

Malware Config

Signatures

  • Contacts a large (23532) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Deletes itself 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/9ea845aa28dba907ee2abc3a3dc2c50bfbc593bfaa4b1a4e40dba83c3468b45b.elf
    /tmp/9ea845aa28dba907ee2abc3a3dc2c50bfbc593bfaa4b1a4e40dba83c3468b45b.elf
    1⤵
    • Reads runtime system information
    PID:704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads