Analysis
-
max time kernel
149s -
max time network
166s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
-
submitted
11-08-2024 01:16
General
-
Target
5710232603fc96b92ada3cc40cfb24bdbca4391e057d3efdc2957b3d0b59b868.elf
-
Size
97KB
-
MD5
e61a00d197cc57712cbce5cdc5a6e939
-
SHA1
45ba9114e60ae0577512c6d8d8f457fcb5bf5bf2
-
SHA256
5710232603fc96b92ada3cc40cfb24bdbca4391e057d3efdc2957b3d0b59b868
-
SHA512
705bf15971eb2a8ee5a6c247e8256e3fda80e3d98400edd244dd5c09a7979b85069cd648dffdf0406f21a6341548c1beaabde5975f51b61898d6a863e4bc5b2f
-
SSDEEP
1536:yKncjqEDHkR8F5D/vp9xadr3p3oRWT9NNl34iPeD4ay+aAZcYHUrhb1P:Y68F9vpHadr3p3oReJeD1y+aAGnrx1P
Score
9/10
Malware Config
Signatures
-
Contacts a large (66680) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Renames itself 1 IoCs
-
Unexpected DNS network traffic destination 8 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Changes its process name 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/5710232603fc96b92ada3cc40cfb24bdbca4391e057d3efdc2957b3d0b59b868.elf/tmp/5710232603fc96b92ada3cc40cfb24bdbca4391e057d3efdc2957b3d0b59b868.elf1⤵
- Renames itself
- Changes its process name
- Reads runtime system information