Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    07/11/2024, 15:08

General

  • Target

    armv5l.elf

  • Size

    84KB

  • MD5

    1e9833b30e7d2774a9b8c842b117b53a

  • SHA1

    a79fca1f4114f1b5158988121988969700d338d9

  • SHA256

    78da34887205a74c6f532dc5e347284624cff44e8320de5ecfeb36a608d05d3d

  • SHA512

    809f3974dcfcc1f1f3ac61882487fe3d5f9b60bf05b2e6158657f85ddd165fb09cb5bf23d5d20eecbd8c492328d527bf3fbb3651e45f7d0d2d8ec20ecad244c6

  • SSDEEP

    1536:z3vEOQ40HbasYNE+eTk29VHphMDW2BvgnWo4FS8Afq9ZkfgcHD7CIXHExYWvxaNi:TEJDVOyp6xOWo4+fgcj7CIXkxY/UUo

Score
6/10

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/armv5l.elf
    /tmp/armv5l.elf
    1⤵
    • Reads system routing table
    • Reads system network configuration
    • Reads runtime system information
    • Writes file to tmp directory
    PID:656

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/Infected.log

          Filesize

          107B

          MD5

          a70a5dde6f79eaea4e71c88b6a2ccc38

          SHA1

          92c0273c4be5d4b7bdbdd500de5a64e5e05652b2

          SHA256

          d087a5a10a09b589993d8cc44a24ef22db26ffd0feeeb3f29b15af008c292af8

          SHA512

          aaa7d00faa34a87292f23a16dae8a7a4b5a40c8e375a579f1286427819c2a04e1c6f970dbc0f2433e6c03f59a2ece0f28ba1e8fc526bc4afe77f176f61876c52