Overview

overview

10

Static

static

10

armv6l.elf

debian-12-armhf

7

Analysis

  • max time kernel
    146s
  • max time network
    145s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    28-11-2024 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    armv6l.elf

  • Size

    139KB

  • MD5

    e47d11e8dfc51759179331c9629f82e7

  • SHA1

    eeb7b6616bc4feff251057d5b9253f0d4971b346

  • SHA256

    4cf8ec53f17cfe68db4344a77b44f284716a42e4f44590ef9719acdcb4138657

  • SHA512

    c8f5963f7c6aea19ed3736222bd5cea42b7c547f14c234d732751b65e0dbd723cbbf5e3148f63b965b3af545503fb4d50d8fe2711a0ed0c7996b209f87f44ee3

  • SSDEEP

    3072:Cv/WwsLgaq353qHiCOvhOpZqkDQHbeskmhxQwoVSUNu:KPLaq351hOpZqkLskmhxQwoVSUNu

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery

Processes

  • /tmp/armv6l.elf
    /tmp/armv6l.elf
    1⤵
    • Modifies Watchdog functionality
    • Reads system routing table
    • Changes its process name
    • Reads system network configuration
    PID:707

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads