Overview

overview

10

Static

static

10

main_arm5.elf

debian-9-armhf

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    25-10-2024 13:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main_arm5.elf

  • Size

    126KB

  • MD5

    4567b4b272c2376b5d8c0c0b24cd0923

  • SHA1

    8c3701f85aa2399e639f62c3db7f59f65ff4ca0b

  • SHA256

    2646e0250d76bf5a22e32a16af066457a53126576f588a649a0c3d39e648b28d

  • SHA512

    ebcdd49438d0b647af4267640d35ead4b549eafc8e99efa4af62ef705f46654817511ed69d8268e9952ccba5be5465f409aec45adc9772e881c94175d2deeee5

  • SSDEEP

    1536:pPKa0rG5yC/cMChygtaOBdWFAcJX4VlgXTAvwFM/UGZr3t51WhjV1lXJwywEReQw:pKaprMh7UOXWFh4UXkwFM/5ZJvWluu5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Traces itself 2 IoCs

    Traces itself to prevent debugging attempts

  • Changes its process name 1 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_arm5.elf
    /tmp/main_arm5.elf
    1⤵
    • Deletes itself
    • Traces itself
    • Changes its process name
    • Writes file to tmp directory
    PID:648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads