85a4547a9bb25cdf8cec737dc2bde4e2b8760ecfec9bd5b9b8ee44d0017e74b2 | Triage

Analysis

max time kernel
59s
max time network
58s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08-10-2024 21:09

Sharing

Report Analysis Logs

General

Target

main_arm7
Size

177KB
MD5

31a39da6fa99caf519a96cb943e34fb2
SHA1

2026b835474ca4b17daffac5fa931755dfe28c74
SHA256

85a4547a9bb25cdf8cec737dc2bde4e2b8760ecfec9bd5b9b8ee44d0017e74b2
SHA512

5bd91251ea535028ae6a85057d1db2540bce4015d82b3e4dc89b03d0ec8eb07436e03b0a9d2f6518911c03b8558aef504ec45f083845be47eba67fb0434aca76
SSDEEP

3072:OLe6vh1ZQIvuCeeuaMuTuRez43IVILJZQy38YhTfYo+M/RgDlplLn:ee6vhEIv1ruaMuTuReErLJ738+x+M/Ro

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
644	main_arm7

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
644	main_arm7
645	main_arm7

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	644	main_arm7

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/main_arm7	main_arm7

/tmp/main_arm7
/tmp/main_arm7 massload
1⤵
- Deletes itself
- Traces itself
- Changes its process name
- Writes file to tmp directory
PID:644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads