Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    17-12-2024 04:37

General

  • Target

    cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf

  • Size

    177KB

  • MD5

    e214c228b72129d4ef294b6fad3f9de1

  • SHA1

    2bc198315923a8683b89ef876c30b3325f03f6aa

  • SHA256

    cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6

  • SHA512

    98cf5fa86b5e929d58e446ae3156a945929c3de11f2d28d1646317a6e98117d6254a906a79864b2a01cd6ae3e469307ec2edf4c9c7b2da521ea88f222575701b

  • SSDEEP

    3072:OLe6vh1ZQIvuCeeuaMuTuRez43IVILaZQy38YhTfYo+M/RgDlplLn:ee6vhEIv1ruaMuTuReErLa738+x+M/Ro

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Traces itself 2 IoCs

    Traces itself to prevent debugging attempts

  • Changes its process name 1 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf
    /tmp/cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf
    1⤵
    • Deletes itself
    • Traces itself
    • Changes its process name
    • Writes file to tmp directory
    PID:704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads