b62a5dcd0a95f79ad425c6e2a6180e48ada7c566540902a70148165f4df32ec4

Analysis

max time kernel
92s
max time network
93s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
14-12-2024 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rebirth.arm4.elf
Size

108KB
MD5

b74f3701eeb8973108ae472f2819d0cb
SHA1

98bf303a7888507d583f4a8e4bad73774920b7c3
SHA256

b62a5dcd0a95f79ad425c6e2a6180e48ada7c566540902a70148165f4df32ec4
SHA512

8526e6a47c25af114a433a4ff49ab135066de835e86c2f36a1fb4e8a7b20b1b7688b588cc53e5e66749f566058e5df4cf54fc02bc726a5c40b6fe74671562b98
SSDEEP

3072:/gvINOc2FN+lhty8nzbvNIhfnKsCvzFcm7QnKQXaeW://Qa3y83viFnKsCJcm7QnKGaeW

Score

6^/10

discovery

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	rebirth.arm4.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	rebirth.arm4.elf

/tmp/rebirth.arm4.elf
/tmp/rebirth.arm4.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads