Malware Analysis Report

2025-08-06 02:47

Sample ID 241031-cyqy2sxgrp
Target 61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf
SHA256 61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc
Tags
defense_evasion discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc

Threat Level: Likely benign

The file 61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf was found to be: Likely benign.

Malicious Activity Summary

defense_evasion discovery upx

UPX packed file

Virtualization/Sandbox Evasion: Time Based Evasion

Reads system network configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-31 02:29

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-31 02:29

Reported

2024-10-31 02:39

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

142s

Command Line

[/tmp/61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf]

Signatures

Virtualization/Sandbox Evasion: Time Based Evasion

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/uptime N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/uptime N/A

Reads system network configuration

discovery
Description Indicator Process Target
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A
File opened for reading /proc/net/dev /bin/cat N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/kernel/osrelease /usr/bin/uptime N/A
File opened for reading /proc/sys/net/core/somaxconn /tmp/61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/exe /tmp/61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf N/A
File opened for reading /proc/stat /tmp/61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf N/A
File opened for reading /proc/filesystems /usr/bin/uptime N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/uptime /usr/bin/uptime N/A
File opened for reading /proc/loadavg /usr/bin/uptime N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A

Processes

/tmp/61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf

[/tmp/61ba334fece8115debc5170dfeb680881a93d1cd3610cac61e59c912fc63a7fc.elf]

/bin/bash

[/bin/bash -c uptime]

/usr/bin/uptime

[uptime]

/bin/bash

[bash -c cat /proc/net/dev |grep eth0 |awk '{print $2}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep eth0]

/usr/bin/awk

[awk {print $2}]

/bin/bash

[bash -c cat /proc/net/dev |grep eth0 |awk '{print $10}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep eth0]

/usr/bin/awk

[awk {print $10}]

/bin/bash

[bash -c cat /proc/net/dev |grep eth0 |awk '{print $2}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep eth0]

/usr/bin/awk

[awk {print $2}]

/bin/bash

[bash -c cat /proc/net/dev |grep eth0 |awk '{print $10}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep eth0]

/usr/bin/awk

[awk {print $10}]

/bin/bash

[bash -c cat /proc/net/dev |grep eth0 |awk '{print $2}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep eth0]

/usr/bin/awk

[awk {print $2}]

/bin/bash

[bash -c cat /proc/net/dev |grep eth0 |awk '{print $10}']

/bin/cat

[cat /proc/net/dev]

/bin/grep

[grep eth0]

/usr/bin/awk

[awk {print $10}]

Network

Country Destination Domain Proto
US 1.1.1.1:53 column.mrbasic.com udp
US 1.1.1.1:53 column.mrbasic.com udp
RU 38.60.221.32:80 column.mrbasic.com tcp

Files

memory/647-1-0x00010000-0x00e8f640-memory.dmp