Overview

overview

10

Static

static

10

dvwkja7.elf

debian-12-armhf

7

Analysis

  • max time kernel
    135s
  • max time network
    152s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    11-12-2024 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dvwkja7.elf

  • Size

    211KB

  • MD5

    cc46ad336ea582beb1e6bf06871efccb

  • SHA1

    bf95a69fa2704c2cadd2de7fedd6b573489f8a3e

  • SHA256

    db7fedf7dc012292b4490f3c526c2f3f8dbbc5542da74551f8f0ec15bab3a01d

  • SHA512

    1206b0e0c79ad1d0e7a77b9a16b1afded0e19198fd3df094524b0688fa7a168511fc055d58d4f7957fc1c035ef2d1fa4251ce74146b04b1fb4fcdcaeba2c5cb1

  • SSDEEP

    6144:9LziNEEQ/s8OFR3h0sEiaUVB1ILe6uuQdtEwCSw0M/RZmhY:96NHMLc39EiaaB1ILXPgEKwJ/HmO

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/dvwkja7.elf
    /tmp/dvwkja7.elf
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    PID:708
    • /bin/sh
      sh -c "ps -e -o pid,args="
      2⤵
        PID:714
        • /usr/bin/ps
          ps -e -o "pid,args="
          3⤵
          • Reads runtime system information
          PID:717

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads