Overview

overview

10

Static

static

10

arm7.elf

debian-12-armhf

9

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    15-12-2024 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    arm7.elf

  • Size

    57KB

  • MD5

    9d484f6ed2b8778d980d70671472bcff

  • SHA1

    10fc2d052d72c3e5208f71e900f9c4cd9df42921

  • SHA256

    3a1855bb750d12e731792daf173b5af76f525347fd52f250f59df920843f40a8

  • SHA512

    3968d7773da142ad9f4f37ddf917969e2803311093709181e73189d4f90c312331aabb73f6ee9e9179a75354e0be5a048b0f2911c1cd2cfd39680f19558167f5

  • SSDEEP

    1536:iZnp7aQDL3k7KlSVbn1UyRQ1VRBoYpFn9s9lvZiCa3fJUwIW:e7aQvUMqTK/HRBoYpFYNmfJNIW

Score
9/10
defense_evasiondiscovery

Malware Config

Signatures

  • Contacts a large (104975) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

Processes

  • /tmp/arm7.elf
    /tmp/arm7.elf
    1⤵
    • Modifies Watchdog functionality
    PID:702

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads