Analysis
-
max time kernel
149s -
max time network
162s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
19-12-2024 15:51
Behavioral task
behavioral1
Sample
arm7.elf
Resource
debian12-armhf-20240221-en
debian-12-armhf
5 signatures
150 seconds
General
-
Target
arm7.elf
-
Size
161KB
-
MD5
9d77a063fd8d96acdde0a77ab20e54ca
-
SHA1
5f8f753b69caed69505249eadaf5696d0d13791c
-
SHA256
217f6bf3334bc8e6e5b3ecd877a32e1502b7fb1a38ce9508ab3406eba3d41fa8
-
SHA512
b0d036b651173beac59cb41e8cd2f3ab89c33be4c8cbc26e8964d93525c838ba9bcecfec4c94a9e5e7f6bc8e15dafb0803681bec227fe66a0df9a89864dcbcb9
-
SSDEEP
3072:TO70zMrZqihLA2IlfdagQJKB/48crKovKF8AHtvtM/9VFVpuA:TO70ArZzAvdagQJKBg80C2AHt1M/9lpV
Score
9/10
Malware Config
Signatures
-
Contacts a large (49071) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog arm7.elf File opened for modification /dev/misc/watchdog arm7.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself GpgUsfHJlVvbiBidXL 710 arm7.elf -
description ioc Process File opened for reading /proc/711/cmdline arm7.elf File opened for reading /proc/714/cmdline arm7.elf File opened for reading /proc/790/cmdline arm7.elf File opened for reading /proc/795/cmdline arm7.elf File opened for reading /proc/702/cmdline arm7.elf File opened for reading /proc/713/cmdline arm7.elf File opened for reading /proc/708/cmdline arm7.elf File opened for reading /proc/722/cmdline arm7.elf File opened for reading /proc/770/cmdline arm7.elf File opened for reading /proc/774/cmdline arm7.elf File opened for reading /proc/660/cmdline arm7.elf File opened for reading /proc/700/cmdline arm7.elf File opened for reading /proc/663/cmdline arm7.elf File opened for reading /proc/683/cmdline arm7.elf File opened for reading /proc/717/cmdline arm7.elf File opened for reading /proc/716/cmdline arm7.elf File opened for reading /proc/718/cmdline arm7.elf File opened for reading /proc/629/cmdline arm7.elf File opened for reading /proc/645/cmdline arm7.elf File opened for reading /proc/680/cmdline arm7.elf File opened for reading /proc/707/cmdline arm7.elf File opened for reading /proc/715/cmdline arm7.elf File opened for reading /proc/794/cmdline arm7.elf File opened for reading /proc/809/cmdline arm7.elf File opened for reading /proc/644/cmdline arm7.elf File opened for reading /proc/679/cmdline arm7.elf