Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19-12-2024 15:52

General

  • Target

    arm.elf

  • Size

    82KB

  • MD5

    45e89a8836946f8640ffd290aa7c17f0

  • SHA1

    f8a488d66f4b76bd0a5ed3364c326ae9ce12250a

  • SHA256

    8ffd6557e3087e828f71722290691b4154ca98ecbf1b9e975937d144b59ee0ef

  • SHA512

    026ad6cf263c3e5be34aeca2bba06fd7448a500b066ac21c91e813d71c8efb76f8a929848552f68579afd99dcf6552befc39ae2886820f4c0d82eee9d784a141

  • SSDEEP

    1536:knw+Wfc1UXsK1trBtb9r5c2jevjKeZWo5NJ46wiGkogijOv1F4:kwBfc61QvWwV/O6jpB1F4

Malware Config

Signatures

  • Contacts a large (48634) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 40 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/arm.elf
    /tmp/arm.elf
    1⤵
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads