Analysis
-
max time kernel
149s -
max time network
186s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
31/10/2024, 02:32
Behavioral task
behavioral1
Sample
7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf
Resource
debian12-armhf-20240221-en
General
-
Target
7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf
-
Size
2.8MB
-
MD5
14726ad8f5a96883d6b38af14a343953
-
SHA1
970325a925d2eecb119a6dd0d544672c2518e5aa
-
SHA256
7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9
-
SHA512
86faced0bca3cbe7b0228b3fcdc8930062a4425e747311a6e451fde0779d6793fea81f5ce4876e9ee2692ff2386b989a2565f95f32633b12f055c8c4b7aecddf
-
SSDEEP
49152:q653PElgXUJ9XP0EBlQOQI/1wSj/xkeCvQKuZs6H+OOiS37wF7Pi4wHEHIwlzGxb:d5fElgXUJZPDBiIqSVt+TOOiS3a7aool
Malware Config
Signatures
-
Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 1 IoCs
Adversaries may detect and evade virtualized environments and sandboxes.
pid Process 758 uptime -
Reads system network configuration 1 TTPs 6 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size 7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf -
description ioc Process File opened for reading /proc/stat 7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps awk File opened for reading /proc/loadavg uptime File opened for reading /proc/self/maps awk File opened for reading /proc/sys/net/core/somaxconn 7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf File opened for reading /proc/self/exe 7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf File opened for reading /proc/uptime uptime File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps grep
Processes
-
/tmp/7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf/tmp/7246fdc4743c4136d6f09ce465fed1e47865b982fcc9809939a9d47744ea01b9.elf1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:715 -
/bin/bash/bin/bash -c uptime2⤵PID:758
-
-
/usr/bin/uptimeuptime2⤵
- Virtualization/Sandbox Evasion: Time Based Evasion
- Reads runtime system information
PID:758
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"2⤵PID:762
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:763
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:764
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:765
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"2⤵PID:767
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:768
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:769
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:770
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"2⤵PID:781
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:782
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:783
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:784
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"2⤵PID:785
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:786
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:787
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:788
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"2⤵PID:789
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:791
-
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:790
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:792
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"2⤵PID:793
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:794
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:795
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:796
-
-