f211f61284bf71a80ff6efee7b60e3832f39b8f6f07108c1e7548d7c9c9942e7

Analysis

max time kernel
138s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
06-12-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

roze.armv6.elf
Size

204KB
MD5

b71f0eb4583f48a56cba5f039415cfd7
SHA1

3a869eb5bdf21dae97b544d3f056bbba6e2652f0
SHA256

f211f61284bf71a80ff6efee7b60e3832f39b8f6f07108c1e7548d7c9c9942e7
SHA512

d9043c17a937bca554309351d989a73c24e02f2744572f1c2eaf43edae27ef17a50386202cd08c98fff3bd8a0e3192328dfaa6858d47322b4458a77a00a5285b
SSDEEP

6144:VNfeaUiwXi0MtA0eG5hgu6K2axVPx2m0wfB5RyAn:VNfeaUiwXi0jG5hg/yb2m0mB5RyAn

Score

6^/10

discovery

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	roze.armv6.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	roze.armv6.elf

/tmp/roze.armv6.elf
/tmp/roze.armv6.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:641

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads