Analysis
-
max time kernel
146s -
max time network
148s -
platform
debian-12_armhf -
resource
debian12-armhf-20240729-en -
resource tags
arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
07/11/2024, 15:04
Behavioral task
behavioral1
Sample
armv7l.elf
Resource
debian12-armhf-20240729-en
General
-
Target
armv7l.elf
-
Size
96KB
-
MD5
9ec7f9ce534ba36e9a53bdda680ba488
-
SHA1
eaa98232f06ab0fbf6dc1e8b9fc61ff45e6150c5
-
SHA256
5d478f6b5d75d96127d490cc21d9cc8c31400066f2e989dd7e76d0db02ca5712
-
SHA512
586d70096cc1a29924fe0e4d77f16e5557175a26c2570fd1e90337dcecdc7486f83e07ef453a8f14dc238041b4faac30ce2e404ca0736715ad588581958aa23f
-
SSDEEP
3072:O6f0JGz5eAUei09e/5Kzchv7xZvEoVxeOeeMsTizp:O6f0J7AUCexKzY7xZ1e3cil
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route armv7l.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route armv7l.elf -
description ioc Process File opened for reading /proc/self/exe armv7l.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Infected.log armv7l.elf
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
107B
MD5a70a5dde6f79eaea4e71c88b6a2ccc38
SHA192c0273c4be5d4b7bdbdd500de5a64e5e05652b2
SHA256d087a5a10a09b589993d8cc44a24ef22db26ffd0feeeb3f29b15af008c292af8
SHA512aaa7d00faa34a87292f23a16dae8a7a4b5a40c8e375a579f1286427819c2a04e1c6f970dbc0f2433e6c03f59a2ece0f28ba1e8fc526bc4afe77f176f61876c52