Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    07/11/2024, 15:04

General

  • Target

    armv7l.elf

  • Size

    96KB

  • MD5

    9ec7f9ce534ba36e9a53bdda680ba488

  • SHA1

    eaa98232f06ab0fbf6dc1e8b9fc61ff45e6150c5

  • SHA256

    5d478f6b5d75d96127d490cc21d9cc8c31400066f2e989dd7e76d0db02ca5712

  • SHA512

    586d70096cc1a29924fe0e4d77f16e5557175a26c2570fd1e90337dcecdc7486f83e07ef453a8f14dc238041b4faac30ce2e404ca0736715ad588581958aa23f

  • SSDEEP

    3072:O6f0JGz5eAUei09e/5Kzchv7xZvEoVxeOeeMsTizp:O6f0J7AUCexKzY7xZ1e3cil

Score
6/10

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/armv7l.elf
    /tmp/armv7l.elf
    1⤵
    • Reads system routing table
    • Reads system network configuration
    • Reads runtime system information
    • Writes file to tmp directory
    PID:706

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/Infected.log

          Filesize

          107B

          MD5

          a70a5dde6f79eaea4e71c88b6a2ccc38

          SHA1

          92c0273c4be5d4b7bdbdd500de5a64e5e05652b2

          SHA256

          d087a5a10a09b589993d8cc44a24ef22db26ffd0feeeb3f29b15af008c292af8

          SHA512

          aaa7d00faa34a87292f23a16dae8a7a4b5a40c8e375a579f1286427819c2a04e1c6f970dbc0f2433e6c03f59a2ece0f28ba1e8fc526bc4afe77f176f61876c52