Analysis
-
max time kernel
149s -
max time network
150s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
07/11/2024, 15:08
Behavioral task
behavioral1
Sample
armv5l.elf
Resource
debian9-armhf-20240611-en
General
-
Target
armv5l.elf
-
Size
84KB
-
MD5
1e9833b30e7d2774a9b8c842b117b53a
-
SHA1
a79fca1f4114f1b5158988121988969700d338d9
-
SHA256
78da34887205a74c6f532dc5e347284624cff44e8320de5ecfeb36a608d05d3d
-
SHA512
809f3974dcfcc1f1f3ac61882487fe3d5f9b60bf05b2e6158657f85ddd165fb09cb5bf23d5d20eecbd8c492328d527bf3fbb3651e45f7d0d2d8ec20ecad244c6
-
SSDEEP
1536:z3vEOQ40HbasYNE+eTk29VHphMDW2BvgnWo4FS8Afq9ZkfgcHD7CIXHExYWvxaNi:TEJDVOyp6xOWo4+fgcj7CIXkxY/UUo
Malware Config
Signatures
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route armv5l.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route armv5l.elf -
description ioc Process File opened for reading /proc/self/exe armv5l.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Infected.log armv5l.elf
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
107B
MD5a70a5dde6f79eaea4e71c88b6a2ccc38
SHA192c0273c4be5d4b7bdbdd500de5a64e5e05652b2
SHA256d087a5a10a09b589993d8cc44a24ef22db26ffd0feeeb3f29b15af008c292af8
SHA512aaa7d00faa34a87292f23a16dae8a7a4b5a40c8e375a579f1286427819c2a04e1c6f970dbc0f2433e6c03f59a2ece0f28ba1e8fc526bc4afe77f176f61876c52