General
-
Target
arm7.nn.elf
-
Size
193KB
-
Sample
241124-dfk6hswrhq
-
MD5
52f8ba7ec3fb098b98b2a6af0e1a167d
-
SHA1
fec4ea7eef169861312a6f18bd33f7717135616a
-
SHA256
ecb44ab91fc6a094fb568523f7e23f3338b95386b71657a5f335b1031c9f89cf
-
SHA512
a0294ab1e8bbce589ae627017cfc20caa8546c189db868e599b5689d518b6159e08b3a2def36c214a4d379c48fd1aa3ac4904e74becd680c1527f17f0dd2f8aa
-
SSDEEP
6144:QTNCjBOFn0QasgIyfJkUvnuH+G2HdM/9SPamqwQjy/:SCon0Qa/IyfJkUv35q/cymqljy/
Static task
static1
Behavioral task
behavioral1
Sample
arm7.nn.elf
Resource
debian12-armhf-20240221-en
Malware Config
Targets
-
-
Target
arm7.nn.elf
-
Size
193KB
-
MD5
52f8ba7ec3fb098b98b2a6af0e1a167d
-
SHA1
fec4ea7eef169861312a6f18bd33f7717135616a
-
SHA256
ecb44ab91fc6a094fb568523f7e23f3338b95386b71657a5f335b1031c9f89cf
-
SHA512
a0294ab1e8bbce589ae627017cfc20caa8546c189db868e599b5689d518b6159e08b3a2def36c214a4d379c48fd1aa3ac4904e74becd680c1527f17f0dd2f8aa
-
SSDEEP
6144:QTNCjBOFn0QasgIyfJkUvnuH+G2HdM/9SPamqwQjy/:SCon0Qa/IyfJkUv35q/cymqljy/
-
Contacts a large (14162) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1