c01b1e7fdd3f14fd99523c71da4ce97497b4262065a6f29d9251b26cab7e03bb

Analysis

max time kernel
140s
max time network
156s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
25-09-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35616602442412040
Size

385KB
MD5

b27315d7b16e45c1ed5dadb86bed7280
SHA1

eba49957cc5f7933aed7deee0fd798abd7ddca55
SHA256

f26910f97d3e1ba27299a5b3e05c6a344dd80a8d84ceb5288723ab5e3c3b7753
SHA512

71e026059e9026af839e6584d450a061239abaf39bd1f3deba8e63e28850d68a10d1a4891d8aae8328468b7fb57116a12b6a43bd0f9d4dc4d5c0180616a749bc
SSDEEP

6144:Z6xeJy0ykZ1e5hhdO1j33ZWPBmhGQQTvD0R/bl:Z6xeJy7GI5hOjHOmhGQQvD0R/bl

Score

6^/10

discovery

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	35616602442412040

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	35616602442412040

/tmp/35616602442412040
/tmp/35616602442412040
1⤵
- Reads system routing table
- Reads system network configuration
PID:665

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads