1b6436787e2d470eb8bd5af8f2ffd1e555d6cfbb05daf46acbd0b1dde91d2e8e

Analysis

max time kernel
0s
max time network
11s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-12-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b6436787e2d470eb8bd5af8f2ffd1e555d6cfbb05daf46acbd0b1dde91d2e8e.elf
Size

106KB
MD5

420cfb8958ec3bb756882e6c75cef650
SHA1

9440d547136a91310a8b34cffb54ff9d802ed734
SHA256

1b6436787e2d470eb8bd5af8f2ffd1e555d6cfbb05daf46acbd0b1dde91d2e8e
SHA512

08b75964959e06ab366b3d68dca91ed3d6c8f93bcffad1b9212d96e6ccc96fcb45e875180d58738e71ab23d148ce94aca598920564bd11cb2bebf3e3e0585baa
SSDEEP

3072:pqDUOulvQ+nozm8CWJgpwSJYV5h8TbB8Cqzve7HoDQHDVpZAlvm:mJgdSV5h8TbR7HoDQHDVpZAlvm

Score

7^/10

Malware Config

Signatures

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Adversary-in-the-Middle

T1557

description	ioc	Process
File opened for modification	/etc/resolv.conf	1b6436787e2d470eb8bd5af8f2ffd1e555d6cfbb05daf46acbd0b1dde91d2e8e.elf

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	639	1b6436787e2d470eb8bd5af8f2ffd1e555d6cfbb05daf46acbd0b1dde91d2e8e.elf

/tmp/1b6436787e2d470eb8bd5af8f2ffd1e555d6cfbb05daf46acbd0b1dde91d2e8e.elf
/tmp/1b6436787e2d470eb8bd5af8f2ffd1e555d6cfbb05daf46acbd0b1dde91d2e8e.elf
1⤵
- Writes DNS configuration
- Changes its process name
PID:639

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

T1557

Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

T1557

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads