Analysis
-
max time kernel
146s -
max time network
160s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13-11-2024 17:42
Behavioral task
behavioral1
Sample
a-r.m-4.ISIS.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
General
-
Target
a-r.m-4.ISIS.elf
-
Size
110KB
-
MD5
38bd5ce140171f171b2b79ecf3e00718
-
SHA1
e269620032d286823709ed0c21505fe764615302
-
SHA256
bb127ee1f1bbedc9ad4d51cf615e5000b2c8874b6f72cea2b316e803d6055af2
-
SHA512
dc50b510471276f914f8ea9780bf6b100fdec54ecf089a1553b084e3df98b89b1148011da5eba53fd5e42028f8ccb64cc68e71525dfc515db72f8195a9996df3
-
SSDEEP
3072:LC6Z4irwUVBvZgKH7HqCQmGVrQAXiUXouX:NoU1gKH7H8mGVrQAXiUXouX
Malware Config
Signatures
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 Destination IP 66.90.86.44 -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
a-r.m-4.ISIS.elfdescription ioc Process File opened for reading /proc/net/route a-r.m-4.ISIS.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
a-r.m-4.ISIS.elfdescription ioc Process File opened for reading /proc/net/route a-r.m-4.ISIS.elf