Analysis
-
max time kernel
149s -
max time network
150s -
platform
debian-12_armhf -
resource
debian12-armhf-20240729-en -
resource tags
arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
17-12-2024 04:37
Behavioral task
behavioral1
Sample
cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf
Resource
debian12-armhf-20240729-en
debian-12-armhf
4 signatures
150 seconds
General
-
Target
cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf
-
Size
177KB
-
MD5
e214c228b72129d4ef294b6fad3f9de1
-
SHA1
2bc198315923a8683b89ef876c30b3325f03f6aa
-
SHA256
cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6
-
SHA512
98cf5fa86b5e929d58e446ae3156a945929c3de11f2d28d1646317a6e98117d6254a906a79864b2a01cd6ae3e469307ec2edf4c9c7b2da521ea88f222575701b
-
SSDEEP
3072:OLe6vh1ZQIvuCeeuaMuTuRez43IVILaZQy38YhTfYo+M/RgDlplLn:ee6vhEIv1ruaMuTuReErLa738+x+M/Ro
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 704 cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf -
Traces itself 2 IoCs
Traces itself to prevent debugging attempts
pid Process 704 cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf 706 cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 704 cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6.elf