Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    31/10/2024, 02:34

General

  • Target

    7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf

  • Size

    2.8MB

  • MD5

    73032b0249fe1dfc3c54fcc4c3c85c0f

  • SHA1

    eb7e1b29e7dd483e9587937e63456f2612e63742

  • SHA256

    7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e

  • SHA512

    b578a43e9b74ae817c7b1040a7e8c6fc049e21379301ef5c15a9dcfa70afc82f46249b47182b9c5949dcf3911aef3d0858693cff2dad1bf7d96e02d4e710c29a

  • SSDEEP

    49152:JbAMcyXWoYnvmahceXOucgBLaSLpRaOZ6FgtPX1fFBhgLD0JO:JbAMWBnpVcOllMgVvDu

Malware Config

Signatures

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 1 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

  • Reads system network configuration 1 TTPs 6 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 17 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf
    /tmp/7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf
    1⤵
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:708
    • /bin/bash
      /bin/bash -c uptime
      2⤵
        PID:750
      • /usr/bin/uptime
        uptime
        2⤵
        • Virtualization/Sandbox Evasion: Time Based Evasion
        • Reads runtime system information
        PID:750
      • /usr/bin/bash
        bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"
        2⤵
          PID:758
          • /usr/bin/cat
            cat /proc/net/dev
            3⤵
            • Reads system network configuration
            PID:761
          • /usr/bin/grep
            grep eth0
            3⤵
            • Reads runtime system information
            PID:762
          • /usr/bin/awk
            awk "{print \$2}"
            3⤵
            • Reads runtime system information
            PID:763
        • /usr/bin/bash
          bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"
          2⤵
            PID:765
            • /usr/bin/cat
              cat /proc/net/dev
              3⤵
              • Reads system network configuration
              PID:766
            • /usr/bin/grep
              grep eth0
              3⤵
              • Reads runtime system information
              PID:767
            • /usr/bin/awk
              awk "{print \$10}"
              3⤵
              • Reads runtime system information
              PID:768
          • /usr/bin/bash
            bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"
            2⤵
              PID:779
              • /usr/bin/grep
                grep eth0
                3⤵
                • Reads runtime system information
                PID:781
              • /usr/bin/cat
                cat /proc/net/dev
                3⤵
                • Reads system network configuration
                PID:780
              • /usr/bin/awk
                awk "{print \$2}"
                3⤵
                • Reads runtime system information
                PID:782
            • /usr/bin/bash
              bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"
              2⤵
                PID:783
                • /usr/bin/grep
                  grep eth0
                  3⤵
                  • Reads runtime system information
                  PID:785
                • /usr/bin/cat
                  cat /proc/net/dev
                  3⤵
                  • Reads system network configuration
                  PID:784
                • /usr/bin/awk
                  awk "{print \$10}"
                  3⤵
                  • Reads runtime system information
                  PID:786
              • /usr/bin/bash
                bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"
                2⤵
                  PID:787
                  • /usr/bin/cat
                    cat /proc/net/dev
                    3⤵
                    • Reads system network configuration
                    PID:788
                  • /usr/bin/grep
                    grep eth0
                    3⤵
                    • Reads runtime system information
                    PID:789
                  • /usr/bin/awk
                    awk "{print \$2}"
                    3⤵
                    • Reads runtime system information
                    PID:790
                • /usr/bin/bash
                  bash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"
                  2⤵
                    PID:791
                    • /usr/bin/cat
                      cat /proc/net/dev
                      3⤵
                      • Reads system network configuration
                      PID:792
                    • /usr/bin/grep
                      grep eth0
                      3⤵
                      • Reads runtime system information
                      PID:793
                    • /usr/bin/awk
                      awk "{print \$10}"
                      3⤵
                      • Reads runtime system information
                      PID:794

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads