Analysis

  • max time kernel
    149s
  • max time network
    186s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    31/10/2024, 02:32

General

  • Target

    7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf

  • Size

    2.8MB

  • MD5

    14726ad8f5a96883d6b38af14a343953

  • SHA1

    970325a925d2eecb119a6dd0d544672c2518e5aa

  • SHA256

    7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9

  • SHA512

    86faced0bca3cbe7b0228b3fcdc8930062a4425e747311a6e451fde0779d6793fea81f5ce4876e9ee2692ff2386b989a2565f95f32633b12f055c8c4b7aecddf

  • SSDEEP

    49152:q653PElgXUJ9XP0EBlQOQI/1wSj/xkeCvQKuZs6H+OOiS37wF7Pi4wHEHIwlzGxb:d5fElgXUJZPDBiIqSVt+TOOiS3a7aool

Malware Config

Signatures

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 1 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

  • Reads system network configuration 1 TTPs 6 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 17 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf
    /tmp/7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf
    1⤵
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:715
    • /bin/bash
      /bin/bash -c uptime
      2⤵
        PID:758
      • /usr/bin/uptime
        uptime
        2⤵
        • Virtualization/Sandbox Evasion: Time Based Evasion
        • Reads runtime system information
        PID:758
      • /usr/bin/bash
        bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"
        2⤵
          PID:762
          • /usr/bin/cat
            cat /proc/net/dev
            3⤵
            • Reads system network configuration
            PID:763
          • /usr/bin/grep
            grep eth0
            3⤵
            • Reads runtime system information
            PID:764
          • /usr/bin/awk
            awk "{print \$2}"
            3⤵
            • Reads runtime system information
            PID:765
        • /usr/bin/bash
          bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"
          2⤵
            PID:767
            • /usr/bin/cat
              cat /proc/net/dev
              3⤵
              • Reads system network configuration
              PID:768
            • /usr/bin/grep
              grep eth0
              3⤵
              • Reads runtime system information
              PID:769
            • /usr/bin/awk
              awk "{print \$10}"
              3⤵
              • Reads runtime system information
              PID:770
          • /usr/bin/bash
            bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"
            2⤵
              PID:781
              • /usr/bin/cat
                cat /proc/net/dev
                3⤵
                • Reads system network configuration
                PID:782
              • /usr/bin/grep
                grep eth0
                3⤵
                • Reads runtime system information
                PID:783
              • /usr/bin/awk
                awk "{print \$2}"
                3⤵
                • Reads runtime system information
                PID:784
            • /usr/bin/bash
              bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"
              2⤵
                PID:785
                • /usr/bin/cat
                  cat /proc/net/dev
                  3⤵
                  • Reads system network configuration
                  PID:786
                • /usr/bin/grep
                  grep eth0
                  3⤵
                  • Reads runtime system information
                  PID:787
                • /usr/bin/awk
                  awk "{print \$10}"
                  3⤵
                  • Reads runtime system information
                  PID:788
              • /usr/bin/bash
                bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"
                2⤵
                  PID:789
                  • /usr/bin/grep
                    grep eth0
                    3⤵
                    • Reads runtime system information
                    PID:791
                  • /usr/bin/cat
                    cat /proc/net/dev
                    3⤵
                    • Reads system network configuration
                    PID:790
                  • /usr/bin/awk
                    awk "{print \$2}"
                    3⤵
                    • Reads runtime system information
                    PID:792
                • /usr/bin/bash
                  bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"
                  2⤵
                    PID:793
                    • /usr/bin/cat
                      cat /proc/net/dev
                      3⤵
                      • Reads system network configuration
                      PID:794
                    • /usr/bin/grep
                      grep eth0
                      3⤵
                      • Reads runtime system information
                      PID:795
                    • /usr/bin/awk
                      awk "{print \$10}"
                      3⤵
                      • Reads runtime system information
                      PID:796

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads