Overview

overview

10

Static

static

10

客户端(...EY.exe

windows7-x64

9

客户端(...EY.exe

windows10-2004-x64

9

UDP.exe

windows7-x64

3

UDP.exe

windows10-2004-x64

3

a

ubuntu-24.04-amd64

8

arm1

debian-9-armhf

4

bj.exe

windows7-x64

10

bj.exe

windows10-2004-x64

10

bjyk.exe

windows7-x64

10

bjyk.exe

windows10-2004-x64

10

cctv.exe

windows7-x64

7

cctv.exe

windows10-2004-x64

10

cctv_2.exe

windows7-x64

1

cctv_2.exe

windows10-2004-x64

10

cn.exe

windows7-x64

7

cn.exe

windows10-2004-x64

7

cn1.exe

windows7-x64

7

cn1.exe

windows10-2004-x64

3

dhl.exe

windows7-x64

10

dhl.exe

windows10-2004-x64

10

java

ubuntu-18.04-amd64

4

java (2)

ubuntu-24.04-amd64

1

java1

ubuntu-24.04-amd64

7

k5.exe

windows7-x64

8

k5.exe

windows10-2004-x64

10

ly1

debian-9-mips

3

mh.exe

windows7-x64

10

mh.exe

windows10-2004-x64

10

mips

debian-12-mipsel

4

pjhxx

ubuntu-24.04-amd64

1

rootkit

ubuntu-24.04-amd64

8

se.exe

windows7-x64

7

Resubmissions

02-01-2025 21:33

250102-1ejbvswpcv 10

08-12-2024 01:12

241208-bkq68azkep 10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    02-01-2025 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    arm1

  • Size

    977KB

  • MD5

    cb75be331a7b5cb54bae9db9f4ca643d

  • SHA1

    789ccb024361d7a4911dfc77bf1c93442491c3c9

  • SHA256

    8366aea8087a354cbd178f920770b35d785f988ec3649bb7e282d1e3272a6b77

  • SHA512

    d16e503bb8434c324976747b9f90092fafdaafcc877c588b18c8d1c14c9d813552389dea496a1b2cacaea4e2ebfdec6a630c68e44c645d1a25da9076e6f4c32f

  • SSDEEP

    12288:erXiRPpwBSHJB2A6f13P5D79dmuxlNzJs4dm3yxiD1WjfGAIFDFvyq766Pd8YTQ0:jvwlP5DJdrRJsskWU5RPdg2ByWwK3R

Score
4/10
discovery

Malware Config

Signatures

  • Reads CPU attributes 1 TTPs 1 IoCs
    discovery
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery
  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/arm1
    /tmp/arm1
    1⤵
    • Reads CPU attributes
    • Reads system network configuration
    • Reads runtime system information
    PID:701
    • /bin/sh
      sh -c "sed -i -e '/exit/d' /etc/rc.local"
      2⤵
        PID:702
        • /bin/sed
          sed -i -e /exit/d /etc/rc.local
          3⤵
          • Reads runtime system information
          PID:703
      • /bin/sh
        sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
        2⤵
          PID:706
          • /bin/sed
            sed -i -e "/^ | | \$/d" /etc/rc.local
            3⤵
            • Reads runtime system information
            PID:707
        • /bin/sh
          sh -c "sed -i -e '/arm1 reboot/d' /etc/rc.local"
          2⤵
            PID:709
            • /bin/sed
              sed -i -e "/arm1 reboot/d" /etc/rc.local
              3⤵
              • Reads runtime system information
              PID:710
          • /bin/sh
            sh -c "sed -i -e '2 i/tmp/arm1 reboot' /etc/rc.local"
            2⤵
              PID:715
              • /bin/sed
                sed -i -e "2 i/tmp/arm1 reboot" /etc/rc.local
                3⤵
                • Reads runtime system information
                PID:716
            • /bin/sh
              sh -c "sed -i -e '2 i/tmp/arm1 reboot start' /etc/rc.d/rc.local"
              2⤵
                PID:717
                • /bin/sed
                  sed -i -e "2 i/tmp/arm1 reboot start" /etc/rc.d/rc.local
                  3⤵
                  • Reads runtime system information
                  PID:719
              • /bin/sh
                sh -c "sed -i -e '2 i/tmp/arm1 reboot start' /etc/init.d/boot.local"
                2⤵
                  PID:721
                  • /bin/sed
                    sed -i -e "2 i/tmp/arm1 reboot start" /etc/init.d/boot.local
                    3⤵
                    • Reads runtime system information
                    PID:722

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads