Overview

overview

10

Static

static

10

main_arm5.elf

debian-9-armhf

7

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    11-12-2024 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main_arm5.elf

  • Size

    126KB

  • MD5

    5807cbf2efad63de4bdd273ad2797715

  • SHA1

    4b44e407766093eaaa5ba3570b4e9e1c370c52ad

  • SHA256

    112aad7cd360bf1beae056f008ca4098b48b1c4ba3ced6764d6a1d52ac306a75

  • SHA512

    1de4a0a70a547caf95f9b0fd3861ec43468b48b9551505b5df8301df97596b3897282e7b04f6a719b66a6e03ea59c8ef704a3dce3bea983b9887c84932708d6b

  • SSDEEP

    1536:pnK20FG5NCjNoCDMQkYOqcW2AcRX4VRo6TDjJtCyMLYRCCaXYv4BPQlnKwywDROi:BK23kPRPOfW2R446rJtCZLYpQYAHbo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Traces itself 2 IoCs

    Traces itself to prevent debugging attempts

  • Changes its process name 1 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/main_arm5.elf
    /tmp/main_arm5.elf
    1⤵
    • Deletes itself
    • Traces itself
    • Changes its process name
    • Writes file to tmp directory
    PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads