8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001

Analysis

max time kernel
148s
max time network
149s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
25/09/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
Size

122KB
MD5

2145ca5683d623be51c209635b761ff0
SHA1

095ee85aa648de4e557fc243de17d4f00ab2091f
SHA256

8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
SHA512

02263afbfd5b02159773ea4fa9934d48e3169dd9ddf1047f7a83e1e96a6d5d3f461f50ca28d82cf5267561f9de76490283a147e7326d4602f88f2089cbd13b04
SSDEEP

1536:JsDwKexO4ADN97FqdMn7XqWuoig3tDyp7zUlw6wywR/YmR0YQUbkTOKqfdTL2:23evA3FqerqydDy794Ub5TL2

Score

6^/10

discovery persistence

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Modifies init.d 2 TTPs 1 IoCs

Adds/modifies system service, likely for persistence.

persistence

Boot or Logon Autostart Execution

T1547

RC Scripts

T1037.004

description	ioc	Process
File opened for modification	/etc/init.d/rcS	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/98/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/106/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/637/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/12/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/638/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/271/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/141/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/309/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/4/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/23/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/305/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/634/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/641/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/7/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/25/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/109/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/17/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/13/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/16/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/20/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/21/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/219/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/321/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/6/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/10/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/273/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/5/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/22/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/26/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/573/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/586/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/11/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/167/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/632/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/42/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/18/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/76/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/636/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/3/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/8/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/19/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/28/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/43/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/268/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/269/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/625/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/1/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/29/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/274/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/290/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/594/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/631/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/15/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/14/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/200/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/308/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/591/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/643/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/9/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/41/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/2/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/27/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/108/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
File opened for reading	/proc/146/cmdline	8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001

/tmp/8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
/tmp/8771f66d0e79816bab02485d18d3f2566c54a656b33d731508995c3761681001
1⤵
- Modifies init.d
- Reads runtime system information
PID:639

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads