Malware Analysis Report

2025-05-06 00:52

Sample ID 241109-za9sks1hnm
Target sshd.elf
SHA256 3db746c26ae86678af941392b66af6a6467d9449370a7bb23b70111b972e9e82
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

3db746c26ae86678af941392b66af6a6467d9449370a7bb23b70111b972e9e82

Threat Level: Likely benign

The file sshd.elf was found to be: Likely benign.

Malicious Activity Summary

discovery

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-09 20:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 20:32

Reported

2024-11-09 20:34

Platform

debian12-armhf-20240729-en

Max time kernel

1s

Max time network

148s

Command Line

[/tmp/sshd.elf]

Signatures

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/706/fd /tmp/sshd.elf N/A

Processes

/tmp/sshd.elf

[/tmp/sshd.elf]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240729-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240729-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240729-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240729-en-3 udp
US 1.1.1.1:53 0.debian.pool.ntp.org udp

Files

N/A