Overview

overview

9

Static

static

1

a9a2aa7d6a...b1.elf

debian-12-armhf

9

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    04/10/2024, 06:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a9a2aa7d6ae4dd395c877bbe22e86fb421d3279f7e8e7bea73bdd1df672043b1.elf

  • Size

    3.2MB

  • MD5

    e999c14d28e1ad3d95af37f3f36737e8

  • SHA1

    075fa838a8fcde8de084551cd849c2d01db3f4b4

  • SHA256

    a9a2aa7d6ae4dd395c877bbe22e86fb421d3279f7e8e7bea73bdd1df672043b1

  • SHA512

    0b15eec664a788604fc85332d782e2b8a5e1e99cc4c1644d98bc885a99d6fd9b0f53d441917d9ebc133a7084682ae062abfa3963f86330b299c9569e7d3b66a0

  • SSDEEP

    24576:6b8hPceyPUS6px96LDncsZwjx24OBRIavzvt7OpubJu+lWd5WHGRw1GFUXoYmntP:GYG9a5t0yOzN+bvSvxw

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (54009) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery

Processes

  • /tmp/a9a2aa7d6ae4dd395c877bbe22e86fb421d3279f7e8e7bea73bdd1df672043b1.elf
    /tmp/a9a2aa7d6ae4dd395c877bbe22e86fb421d3279f7e8e7bea73bdd1df672043b1.elf
    1⤵
    • Enumerates kernel/hardware configuration
    PID:710

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads