0ed7c92c832c1a9ac93891b4199a6dd8dc8f73edb60c75759349ff1d362e02b6

Analysis

max time kernel
120s
max time network
137s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
11-11-2024 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apache2.elf
Size

143KB
MD5

3d5b895c49817db7dfad1574226dcc31
SHA1

a86f02c6ffd51a5ec540a80d51358012ce0d1fde
SHA256

0ed7c92c832c1a9ac93891b4199a6dd8dc8f73edb60c75759349ff1d362e02b6
SHA512

c1ceffda5d67393f31ebe9d330b2fd6811b20a36b1c8d7bac6a9bb4e338ccd8e3b10a122c08226ef1e6318e899bb1f402f8aad63d9b2bad28672c044b67d4c24
SSDEEP

3072:OhRHih54YD1pMwNvaRt4JoI8B4wetJ8add9QzhsaG6xVDxagZ+TtX4TtQ6W8GoQq:QBt4JJ04wetJ8addQvG6VctX4TtQ6Wvq

Score

6^/10

discovery

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

Processes:

apache2.elf

description	ioc	Process
File opened for reading	/proc/net/route	apache2.elf

Changes its process name 1 IoCs

Processes:

apache2.elf

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	657	apache2.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

Processes:

apache2.elf

description	ioc	Process
File opened for reading	/proc/net/route	apache2.elf

/tmp/apache2.elf
/tmp/apache2.elf
1⤵
- Reads system routing table
- Changes its process name
- Reads system network configuration
PID:657

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads