366e98a9113a97168c187c6a8491ecc1e290c1320908d3df158d7c92d37333f6 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

armv6l.elf

debian-9-armhf

9

Sharing

General

Target

armv6l.elf
Size

259KB
Sample

241017-rcpw7azglc
MD5

074922d9c3bf6f9be14310ea548575bf
SHA1

a45d1e104f4a8aba1c59a444a5115e18cc2859d7
SHA256

366e98a9113a97168c187c6a8491ecc1e290c1320908d3df158d7c92d37333f6
SHA512

22b6f8be118e69f41fd12632c102393aa0199141a300b3fc89043be413d34d47412a1e142b08eecbf06c021a7516fbbfcafd1c1478d9cc7297e743be980c62b2
SSDEEP

3072:1kCiVhTjd+YKqFmaHaA/WUq+VrHaYDiGa54ic2r2iB7:WCkTBq+FnY12i

Score

9^/10

defense_evasion discovery evasion

Static task

static1

Behavioral task

behavioral1

Sample

armv6l.elf

Resource

debian9-armhf-20240611-en

defense_evasion discovery evasion

debian-9-armhf

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  armv6l.elf
- Size
  
  259KB
- MD5
  
  074922d9c3bf6f9be14310ea548575bf
- SHA1
  
  a45d1e104f4a8aba1c59a444a5115e18cc2859d7
- SHA256
  
  366e98a9113a97168c187c6a8491ecc1e290c1320908d3df158d7c92d37333f6
- SHA512
  
  22b6f8be118e69f41fd12632c102393aa0199141a300b3fc89043be413d34d47412a1e142b08eecbf06c021a7516fbbfcafd1c1478d9cc7297e743be980c62b2
- SSDEEP
  
  3072:1kCiVhTjd+YKqFmaHaA/WUq+VrHaYDiGa54ic2r2iB7:WCkTBq+FnY12i
Score

9^/10

defense_evasion discovery evasion
- Contacts a large (73652) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Reads MAC address of network interface
  Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.
  evasion discovery
- Reads network interface configuration
  Fetches information about one or more active network interfaces.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Wi-Fi Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasion

© 2018-2025

Terms | Privacy