Analysis
-
max time kernel
149s -
max time network
153s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
31/10/2024, 02:34
Behavioral task
behavioral1
Sample
7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf
Resource
debian12-armhf-20240221-en
General
-
Target
7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf
-
Size
2.8MB
-
MD5
73032b0249fe1dfc3c54fcc4c3c85c0f
-
SHA1
eb7e1b29e7dd483e9587937e63456f2612e63742
-
SHA256
7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e
-
SHA512
b578a43e9b74ae817c7b1040a7e8c6fc049e21379301ef5c15a9dcfa70afc82f46249b47182b9c5949dcf3911aef3d0858693cff2dad1bf7d96e02d4e710c29a
-
SSDEEP
49152:JbAMcyXWoYnvmahceXOucgBLaSLpRaOZ6FgtPX1fFBhgLD0JO:JbAMWBnpVcOllMgVvDu
Malware Config
Signatures
-
Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 1 IoCs
Adversaries may detect and evade virtualized environments and sandboxes.
pid Process 750 uptime -
Reads system network configuration 1 TTPs 6 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat File opened for reading /proc/net/dev cat -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size 7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf -
description ioc Process File opened for reading /proc/uptime uptime File opened for reading /proc/loadavg uptime File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps awk File opened for reading /proc/self/exe 7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps awk File opened for reading /proc/sys/net/core/somaxconn 7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps awk File opened for reading /proc/stat 7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf File opened for reading /proc/self/maps awk File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep
Processes
-
/tmp/7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf/tmp/7bcced6ebff1e1dba919581e6d253a914347c5d65dcf72587b162e193598189e.elf1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:708 -
/bin/bash/bin/bash -c uptime2⤵PID:750
-
-
/usr/bin/uptimeuptime2⤵
- Virtualization/Sandbox Evasion: Time Based Evasion
- Reads runtime system information
PID:750
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"2⤵PID:758
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:761
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:762
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:763
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"2⤵PID:765
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:766
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:767
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:768
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"2⤵PID:779
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:781
-
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:780
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:782
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"2⤵PID:783
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:785
-
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:784
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:786
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$2}'"2⤵PID:787
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:788
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:789
-
-
/usr/bin/awkawk "{print \$2}"3⤵
- Reads runtime system information
PID:790
-
-
-
/usr/bin/bashbash -c "cat /proc/net/dev |grep eth0 |awk '{print \$10}'"2⤵PID:791
-
/usr/bin/catcat /proc/net/dev3⤵
- Reads system network configuration
PID:792
-
-
/usr/bin/grepgrep eth03⤵
- Reads runtime system information
PID:793
-
-
/usr/bin/awkawk "{print \$10}"3⤵
- Reads runtime system information
PID:794
-
-