Analysis

  • max time kernel
    149s
  • max time network
    162s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    19-12-2024 15:51

General

  • Target

    arm7.elf

  • Size

    161KB

  • MD5

    9d77a063fd8d96acdde0a77ab20e54ca

  • SHA1

    5f8f753b69caed69505249eadaf5696d0d13791c

  • SHA256

    217f6bf3334bc8e6e5b3ecd877a32e1502b7fb1a38ce9508ab3406eba3d41fa8

  • SHA512

    b0d036b651173beac59cb41e8cd2f3ab89c33be4c8cbc26e8964d93525c838ba9bcecfec4c94a9e5e7f6bc8e15dafb0803681bec227fe66a0df9a89864dcbcb9

  • SSDEEP

    3072:TO70zMrZqihLA2IlfdagQJKB/48crKovKF8AHtvtM/9VFVpuA:TO70ArZzAvdagQJKBg80C2AHt1M/9lpV

Malware Config

Signatures

  • Contacts a large (49071) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Changes its process name 1 IoCs
  • Reads runtime system information 26 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/arm7.elf
    /tmp/arm7.elf
    1⤵
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:710

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads