840f71bd9511687d213b34f5897782402bd1874a67d732540d08b85be32a3e62

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29-12-2024 22:57

Target

main_arm.elf
Size

130KB
MD5

232b002e8b9b8f3f4564962c029076ef
SHA1

e838bf467d084469afd217a7fca4b7b9ffefdb97
SHA256

840f71bd9511687d213b34f5897782402bd1874a67d732540d08b85be32a3e62
SHA512

d5e4cb8c0e4bf0bedd28234b66b1b8e8f2de3b354ca281aba091013db737e2b856e4b5e45de9309527251f911a0d5100a191fa7a0bcab1f54c82d9246af3ca0c
SSDEEP

1536:kKdnEPmm8uKrRZWjp7F8PAZYg4V9z6mTQfoAO0fF5wpr8VBipAFly+wywnRl2JIn:kKtV8Nh8P24PvsoAOwFMo+pC6+KN

Score

7^/10

Deletes itself 1 IoCs

pid	Process
645	main_arm.elf

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
645	main_arm.elf
646	main_arm.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	645	main_arm.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/main_arm.elf	main_arm.elf