2f4a65b15973fb7b866943caffd5663b1b31ff69fcad36a00f8642b7cc5c66c0 | Triage

Analysis

max time kernel
4s
max time network
130s
platform
debian-12_armhf
resource
debian12-armhf-20240418-en
resource tags

arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
15-12-2024 16:52

Sharing

Report Analysis Logs

General

Target

arm7.elf
Size

137KB
MD5

8569a390632c3b32ac656a0729053a0b
SHA1

7b21f474036efd318f51490ab5ba5aeec4218c95
SHA256

2f4a65b15973fb7b866943caffd5663b1b31ff69fcad36a00f8642b7cc5c66c0
SHA512

e0ce2f4e02688502f6f0533b314979e85680efa66d331f3906592be825e320b6381e37dfe544492fffb5771814e5288e67b6173d3c4e6d3b7ff83d85cff62ddd
SSDEEP

3072:9S6VGvX5uazAFEsHY8jNCB4wxGn5E+SQkM/9w4H:9S6VEuazAFEs46Nugn5E+SDM/9nH

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
712	arm7.elf

Changes its process name 7 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	nginx	718	arm7.elf
Changes the process name, possibly in an attempt to hide itself	bash	717	arm7.elf
Changes the process name, possibly in an attempt to hide itself	inetd	719	arm7.elf
Changes the process name, possibly in an attempt to hide itself	sshd	720	arm7.elf
Changes the process name, possibly in an attempt to hide itself	bash	719	arm7.elf
Changes the process name, possibly in an attempt to hide itself	inetd	767	arm7.elf
Changes the process name, possibly in an attempt to hide itself	sshd	768	arm7.elf

Reads runtime system information 17 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/2/cmdline	arm7.elf
File opened for reading	/proc/3/cmdline	arm7.elf
File opened for reading	/proc/5/cmdline	arm7.elf
File opened for reading	/proc/10/cmdline	arm7.elf
File opened for reading	/proc/17/cmdline	arm7.elf
File opened for reading	/proc/1/cmdline	arm7.elf
File opened for reading	/proc/4/cmdline	arm7.elf
File opened for reading	/proc/6/cmdline	arm7.elf
File opened for reading	/proc/8/cmdline	arm7.elf
File opened for reading	/proc/9/cmdline	arm7.elf
File opened for reading	/proc/12/cmdline	arm7.elf
File opened for reading	/proc/14/cmdline	arm7.elf
File opened for reading	/proc/16/cmdline	arm7.elf
File opened for reading	/proc/7/cmdline	arm7.elf
File opened for reading	/proc/11/cmdline	arm7.elf
File opened for reading	/proc/13/cmdline	arm7.elf
File opened for reading	/proc/15/cmdline	arm7.elf

/tmp/arm7.elf
/tmp/arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads