Analysis

  • max time kernel
    130s
  • max time network
    140s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19-12-2024 21:33

General

  • Target

    ngwa5.elf

  • Size

    154KB

  • MD5

    b3d2354bd8a1a2db55179416fd67ec5f

  • SHA1

    fd8620f2490a9bfe9ffce4cdffd33b41dec3cf40

  • SHA256

    93616b561baa0dbf7946ef615431ed2dbacafb7e14b84df4f47088bf976cfee8

  • SHA512

    4d7cb62a43c668939d220945346b5e756706552705aec8f62d654e253dace902c0b441de641998af827822495bc3c7a00586e7d64e36f4d11f7c4f6bc7662b1d

  • SSDEEP

    3072:os5DGTspungiRVm4NYR89hBhzBMZ8/fs:os0TUmdTm4NY29hXz+Z8/fs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 55 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/ngwa5.elf
    /tmp/ngwa5.elf
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    PID:666

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads