Analysis
-
max time kernel
150s -
max time network
156s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
-
submitted
20/08/2024, 00:45
General
-
Target
adroidarm7.elf
-
Size
132KB
-
MD5
366851c5a73632cf43b87b2812c24c3c
-
SHA1
483410218bfcd253bbe3f21333623d8697c2c150
-
SHA256
2cfe0a164b32f4c3696bff543860f4230b6d8a90607e215d52ebe856818a413c
-
SHA512
91e24454cc56572d8b48e1b92cc4706086f5515391b8a856e7c5a3cc499ca29572a7c55d72e41f67161b64e399c68906c65a8e39890e1afcbf10e9b6667958d3
-
SSDEEP
3072:5fB//1+yAxK3sjkpmz8s7DffdM/9w/BGWh:5fBHgyAxK3sUmJ7DflM/9w/0S
Score
9/10
Malware Config
Signatures
-
Contacts a large (65012) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Changes its process name 1 IoCs
Processes
-
/tmp/adroidarm7.elf/tmp/adroidarm7.elf1⤵
- Deletes itself
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name