Overview

overview

10

Static

static

10

fnkea7.elf

debian-9-armhf

7

Analysis

  • max time kernel
    130s
  • max time network
    137s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    28-12-2024 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fnkea7.elf

  • Size

    211KB

  • MD5

    9459f8d509e4be4d841e2a9d29aae54e

  • SHA1

    3db5f9abc13b59ee3291704259feac81238c0ec6

  • SHA256

    635589bbf5d0b0a3b1fc77ab35087010897be88b7b7cce68b952663a2f929768

  • SHA512

    7fa25108ed342cfb9bf47ae1e654346fd71ba82a3f90bc05cdd1745437c4661558de754fe358db3ea15f83d89224bf66842b9f904dfa04a22f941085c67c802a

  • SSDEEP

    6144:9LziNEEQ/E8OFR3h0sEiaUVB1ILe6uuQdtEwCSw0M/RZmhY:96NHMTc39EiaaB1ILXPgEKwJ/HmO

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads CPU attributes 1 TTPs 1 IoCs
    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/fnkea7.elf
    /tmp/fnkea7.elf
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    PID:639
    • /bin/sh
      sh -c "ps -e -o pid,args="
      2⤵
        PID:642
        • /bin/ps
          ps -e -o "pid,args="
          3⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:644

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads