Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    24-12-2024 00:09

General

  • Target

    bot.arm.elf

  • Size

    134KB

  • MD5

    ac277ab772bcf5e631087de018213b1d

  • SHA1

    b02bd2f706dd8d9654a66c91439ce5953ae9c912

  • SHA256

    2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9

  • SHA512

    14878c7f9c52d221555ca1ac8e1b1850e3a9a57037448f73710f64f4f316119627088e1c6caa512f7a3b568b1520bc448ffa5bdf2a8363280fe85d8c033ebe68

  • SSDEEP

    1536:DeIIcq87ZO8VQzlHai3UAGXlFFAeSz4VAZJsTgVYYgBna2/AbdjlifIwywmFfb1O:CIIifY3UVVFFM4UiMVYYgnobKZGvQd

Score
6/10

Malware Config

Signatures

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/bot.arm.elf
    /tmp/bot.arm.elf
    1⤵
    • Changes its process name
    • Reads runtime system information
    PID:652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads