Analysis

  • max time kernel
    149s
  • max time network
    165s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    20-08-2024 13:33

General

  • Target

    09c748901b748e91ae570a50c2194d46f17ee782f5833527087c3ac77d4c97f4

  • Size

    158KB

  • MD5

    7f71e02955f16589c2be4dc1a0887635

  • SHA1

    d6463209a43522948baa41c98ea358e6a455ddb3

  • SHA256

    09c748901b748e91ae570a50c2194d46f17ee782f5833527087c3ac77d4c97f4

  • SHA512

    39aff5070f61f1b3b53a805d9d0834aecbc571b94f36f0fc0b488554cdb0bf0205efce501118c8fd670e09ad7755e6772a2992859fd9840acb4163958a89128f

  • SSDEEP

    3072:qFs/AlUAk8mBJfaAnZY4b7rUb4jC7GkLy333fnZeM/9N5mmMFPwKi5qJY:qGaWZY4b7uiCLyn3fngM/9vmmMFPwKit

Score
7/10

Malware Config

Signatures

  • Renames itself 1 IoCs
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/09c748901b748e91ae570a50c2194d46f17ee782f5833527087c3ac77d4c97f4
    /tmp/09c748901b748e91ae570a50c2194d46f17ee782f5833527087c3ac77d4c97f4
    1⤵
    • Reads runtime system information
    PID:656
    • /bin/sh
      sh -c "crontab -l"
      2⤵
        PID:658
        • /usr/bin/crontab
          crontab -l
          3⤵
            PID:660
        • /bin/sh
          sh -c "crontab -"
          2⤵
            PID:663
            • /usr/bin/crontab
              crontab -
              3⤵
              • Creates/modifies Cron job
              • Reads runtime system information
              PID:668

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/spool/cron/crontabs/tmp.MepP4q

          Filesize

          210B

          MD5

          6ea0ae66d75d156f4929efbe5a97db31

          SHA1

          d344bfd3cc89163e9c3083248c99d96a548daac1

          SHA256

          b943fea461bb42de93dd07f294eaac4fa691ba4c7e8a503535548e32fcab5f45

          SHA512

          83516f14cd4a734477b1208376a4880882aba59d1d4cda4afac9599c32192a0c8c7be499c37672305fdbf4f16540290f507d51e4da6a0ad12080bb1821a651e4