20e63d3a036e926f874bced12a82e9b67b93e200a1bbd80803e91b5cd685df56

Analysis

max time kernel
2s
max time network
14s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01-11-2024 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

h.arm7
Size

2.6MB
MD5

2b1d4cb858a4484be45252de62f3c5b8
SHA1

1547e2d9be573ff7bf4e5e316b0a73bfb968b73a
SHA256

20e63d3a036e926f874bced12a82e9b67b93e200a1bbd80803e91b5cd685df56
SHA512

29ab53908a3446b225321409b6ae1bd7aed769ed7933eb4e08998ff0acce2ba3870fd7a8fea3ab61737b6aad31e9819d068becdcfefc7fe2cef0b8a2caf9bd7c
SSDEEP

49152:eFsYzndiHHEp4EmsNJQNuXxZq4IxwD/soSqqbKqoJ3jntLPWQRhwxCAyny/QO4Lp:eF3MEpnl7Sczf8KqMZrRhcT/Ml

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

h.arm7

pid process

657 h.arm7
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
discovery

System Information Discovery
T1082

Processes:

h.arm7

description ioc process

File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size h.arm7
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
discovery

Processes:

h.arm7

description ioc process

File opened for reading /proc/self/exe h.arm7

pid	process
657	h.arm7

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	h.arm7

description	ioc	process
File opened for reading	/proc/self/exe	h.arm7

/tmp/h.arm7
/tmp/h.arm7
1⤵
- Deletes itself
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:657

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/657-1-0x00010000-0x00cc94b8-memory.dmp

Download