7474bd4b1ced0b9e1d79aeaa0b3bf468a498bd15df135b61ef870c0906485979 | Triage

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29-12-2024 12:47

Sharing

Report Analysis Logs

General

Target

main_arm7.elf
Size

177KB
MD5

5a71d729b3adb9410efcc1dd5def2197
SHA1

db6b063ecfcfc42ea3205328d1c610ab1d0c5b89
SHA256

7474bd4b1ced0b9e1d79aeaa0b3bf468a498bd15df135b61ef870c0906485979
SHA512

06ea0617fb99a64a0599ec5cba667bfe175b7b7b02f106d3e5c538552d10976c8d12e03e6ae2daff9a2a484aa753f36c1994069cf0f87e99ccfe365dc531f11e
SSDEEP

3072:OjeivZm5INXmmme2aE2zuROqb/ANQLDQ38YhTfYo+M/RTYERqLn:GeivZVNX5D2aE2zuROOLLDQ38+x+M/RG

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
638	main_arm7.elf

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
638	main_arm7.elf
639	main_arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	638	main_arm7.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/main_arm7.elf	main_arm7.elf

/tmp/main_arm7.elf
/tmp/main_arm7.elf
1⤵
- Deletes itself
- Traces itself
- Changes its process name
- Writes file to tmp directory
PID:638

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads