Analysis
-
max time kernel
149s -
max time network
139s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
25-08-2024 16:32
Static task
static1
Behavioral task
behavioral1
Sample
aisuru.arm7
Resource
debian9-armhf-20240729-en
debian-9-armhf
7 signatures
150 seconds
General
-
Target
aisuru.arm7
-
Size
93KB
-
MD5
d2d7ad31c3916de5e22ad2820b561b6b
-
SHA1
383f8ef9d3e1b5cb99ad8b28d52ab2aa12908f90
-
SHA256
0a5828cbda8dfaa85298a90de71a1b9d9c9002fe2dd876b5b62d76ed5cd2552b
-
SHA512
5e4a3fa756364c1d84546d830fef648454ef4611a00797bf0934da5c90fc5b0c17ff3c71a20621281bbc854df677ea01773b6a0a44a017fd55e9b453646c7152
-
SSDEEP
1536:kYntXt1r8IaMHD+YIMGJop9oc/Chan/fGoiuxUHfqllwEiTH1wO+uY7nO:B3zbHDRG+pmc/Chan/fGoiuKFHOO+uIO
Score
7/10
Malware Config
Signatures
-
Renames itself 1 IoCs
pid Process 668 aisuru.arm7 -
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 208.67.222.222 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp aisuru.arm7 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself goahead 668 aisuru.arm7 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp aisuru.arm7 -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/332/maps aisuru.arm7 File opened for reading /proc/610/cmdline aisuru.arm7 File opened for reading /proc/689/maps aisuru.arm7 File opened for reading /proc/722/maps aisuru.arm7 File opened for reading /proc/8/maps aisuru.arm7 File opened for reading /proc/14/cmdline aisuru.arm7 File opened for reading /proc/17/maps aisuru.arm7 File opened for reading /proc/304/cmdline aisuru.arm7 File opened for reading /proc/795/cmdline aisuru.arm7 File opened for reading /proc/339/maps aisuru.arm7 File opened for reading /proc/736/maps aisuru.arm7 File opened for reading /proc/769/cmdline aisuru.arm7 File opened for reading /proc/776/cmdline aisuru.arm7 File opened for reading /proc/788/maps aisuru.arm7 File opened for reading /proc/10/maps aisuru.arm7 File opened for reading /proc/600/maps aisuru.arm7 File opened for reading /proc/698/maps aisuru.arm7 File opened for reading /proc/758/maps aisuru.arm7 File opened for reading /proc/710/cmdline aisuru.arm7 File opened for reading /proc/723/maps aisuru.arm7 File opened for reading /proc/723/cmdline aisuru.arm7 File opened for reading /proc/755/cmdline aisuru.arm7 File opened for reading /proc/6/maps aisuru.arm7 File opened for reading /proc/22/cmdline aisuru.arm7 File opened for reading /proc/663/cmdline aisuru.arm7 File opened for reading /proc/677/cmdline aisuru.arm7 File opened for reading /proc/655/maps aisuru.arm7 File opened for reading /proc/766/maps aisuru.arm7 File opened for reading /proc/777/cmdline aisuru.arm7 File opened for reading /proc/798/cmdline aisuru.arm7 File opened for reading /proc/805/cmdline aisuru.arm7 File opened for reading /proc/20/maps aisuru.arm7 File opened for reading /proc/340/maps aisuru.arm7 File opened for reading /proc/667/maps aisuru.arm7 File opened for reading /proc/773/maps aisuru.arm7 File opened for reading /proc/733/cmdline aisuru.arm7 File opened for reading /proc/790/maps aisuru.arm7 File opened for reading /proc/7/maps aisuru.arm7 File opened for reading /proc/662/maps aisuru.arm7 File opened for reading /proc/718/maps aisuru.arm7 File opened for reading /proc/728/maps aisuru.arm7 File opened for reading /proc/725/cmdline aisuru.arm7 File opened for reading /proc/26/maps aisuru.arm7 File opened for reading /proc/695/cmdline aisuru.arm7 File opened for reading /proc/703/cmdline aisuru.arm7 File opened for reading /proc/714/maps aisuru.arm7 File opened for reading /proc/801/maps aisuru.arm7 File opened for reading /proc/6/cmdline aisuru.arm7 File opened for reading /proc/704/maps aisuru.arm7 File opened for reading /proc/755/maps aisuru.arm7 File opened for reading /proc/781/maps aisuru.arm7 File opened for reading /proc/109/cmdline aisuru.arm7 File opened for reading /proc/667/cmdline aisuru.arm7 File opened for reading /proc/684/maps aisuru.arm7 File opened for reading /proc/762/maps aisuru.arm7 File opened for reading /proc/750/cmdline aisuru.arm7 File opened for reading /proc/792/maps aisuru.arm7 File opened for reading /proc/800/maps aisuru.arm7 File opened for reading /proc/7/cmdline aisuru.arm7 File opened for reading /proc/112/maps aisuru.arm7 File opened for reading /proc/146/cmdline aisuru.arm7 File opened for reading /proc/724/cmdline aisuru.arm7 File opened for reading /proc/716/cmdline aisuru.arm7 File opened for reading /proc/743/cmdline aisuru.arm7