Overview

overview

10

Static

static

10

novo.arm7.elf

debian-12-armhf

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    03-10-2024 05:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    novo.arm7.elf

  • Size

    151KB

  • MD5

    c7c2c22ece45e3152136dc542a8b09e4

  • SHA1

    2ed7c1f5542d21e9aaf7664b1e37947b7984ddfa

  • SHA256

    648555a9b0940b9bc4e34e59ca1d2e714c08a14808869168f100e7326e17b9d4

  • SHA512

    9cb5feebb750894282b5ecbcd522d69f1885f674a9b2226572f5383376f354cf4c366b8ac55674dbba1c98934d91ea4474385fcfcb46f13f5034c4ab7d9f1ef8

  • SSDEEP

    3072:rSLHt1HmyJ/i2sX6NaICmaE8MUCIZa3kqekwbZnIJS9p+M/9psKIC:rSLHHG+AKNaICmaE8pCIJlkwRIJS9UMP

Score
9/10
discoveryexecution

Malware Config

Signatures

  • Contacts a large (24165) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Changes its process name 1 IoCs
  • Command and Scripting Interpreter: Unix Shell 1 TTPs 1 IoCs

    Execute scripts via Unix Shell.

    execution

Processes

  • /tmp/novo.arm7.elf
    /tmp/novo.arm7.elf
    1⤵
    • Changes its process name
    PID:703
    • /bin/sh
      /bin/sh -c "rm -rf /tmp/novo.arm7.elf && rm -rf novo*"
      2⤵
      • Command and Scripting Interpreter: Unix Shell
      PID:706
      • /usr/bin/rm
        rm -rf /tmp/novo.arm7.elf
        3⤵
          PID:708
        • /usr/bin/rm
          rm -rf "novo*"
          3⤵
            PID:712

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads