Overview

overview

10

Static

static

10

zmap.arm.elf

debian-9-armhf

7

Analysis

  • max time kernel
    131s
  • max time network
    149s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    13-12-2024 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zmap.arm.elf

  • Size

    74KB

  • MD5

    173d8fde74b8598b83bb68514fac4e63

  • SHA1

    f6617abc60331750a8ab74f3094b113f1fc72469

  • SHA256

    598cf678d1a594529cc1568b82096bebcfa390889aecf634c9baa8f9055c9c53

  • SHA512

    4669f0a93d3230570bf12c918cab81863affabcd1719c4ac3700da2905ba4f636b312ed2c1394624e9c96e5ef3110db87dd3c9b0266ea9175896513d02eac7b4

  • SSDEEP

    1536:ax0KyMsOfJ9CvsbOFSL2rBXWqFnvpWs9vvv:axRqFSL2FXW+Bfvv

Score
7/10
defense_evasion

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/zmap.arm.elf
    /tmp/zmap.arm.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:669

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads