Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    07-12-2024 00:35

General

  • Target

    bot.arm.elf

  • Size

    134KB

  • MD5

    d783504587c35e7c79a5b4dcd5f13b87

  • SHA1

    683250294e68e0bf9a71c037215c240a98f87164

  • SHA256

    7e0d6994aa8215e3da3e9780724c47278287de916d366e765c08dde9f31168fd

  • SHA512

    a08c5920b1baab526fd09e20633e4099442e005765aa80bea8293d5ddaff619ceb416fbac1e6f0131c8ef64473a8d413ea5ae566d26435b4f56ddc82b04087fc

  • SSDEEP

    1536:LeIIcq87ZO8VQzlHauyUARDvlFFAeSv4VAZJsTgVsU8BD+2/oXd7lOrMwywmFfb2:6IIifcyUWDtFFQ4UiMVsU8XAXGRqvQL

Score
6/10

Malware Config

Signatures

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/bot.arm.elf
    /tmp/bot.arm.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:666

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads