Overview

overview

7

Static

static

1

na.elf

debian-9-armhf

7

Analysis

  • max time kernel
    1s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    10-10-2024 06:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    na.elf

  • Size

    58KB

  • MD5

    4048eaa3159815ffcc6c30341fcb42f3

  • SHA1

    c78f0f9bc97b745aa622fc748869e3d22955ad40

  • SHA256

    706a5a333d6cc0e9816ee852949dc673cdb0d712ce1b99006c8139ec41e3dec0

  • SHA512

    ea2a798cd6778dfa0ecab86b1a6ba4b6d77ccdfe08af6365d5c4028f86ed54df01c72f836cd5b56cab0b3b101dd1fc68a520e7aedb33c9d22ceb34ea98fbc5b5

  • SSDEEP

    1536:U+nlNeK4rkkgtAEqLb/MEEGYMNQFgqcMODfiLzWvmc:virkkgtE/0kSzWvmc

Score
7/10
credential_accessdiscovery

Malware Config

Signatures

  • Renames itself 1 IoCs
  • Reads process memory 1 TTPs 11 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  • Changes its process name 1 IoCs
  • Reads runtime system information 47 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/na.elf
    /tmp/na.elf
    1⤵
    • Renames itself
    • Reads process memory
    • Changes its process name
    • Reads runtime system information
    PID:662

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads