5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac | Triage

Submit
Reports

Overview

overview

9

Static

static

1

5c33d55d1c...ac.elf

debian-9-armhf

9

Sharing

General

Target

5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac.elf
Size

206KB
Sample

250104-dm23lszrbp
MD5

ae4dbc2886c3b1e8426fcee0ae79ecfe
SHA1

54d0ec17a3bdf39a9d0351f84e62df17fc605cb7
SHA256

5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac
SHA512

c1749c3565ab0b3a349c3f42ccf63075defb13ee57aa6f75f4e462ba0ed6d83f124cd5578d9f4fb3163f17d9ef2b259077506cb9f728a397952d14021b26aad6
SSDEEP

3072:50EUfecN2T7bg3tG78TBVBFuUrdzPvSRpLLJ1i9BZDLX0/:nYAfc3tGYTLu6nopLLTifZH0

Score

9^/10

discovery evasion

Static task

static1

Behavioral task

behavioral1

Sample

5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac.elf

Resource

debian9-armhf-20240418-en

discovery evasion

debian-9-armhf

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac.elf
- Size
  
  206KB
- MD5
  
  ae4dbc2886c3b1e8426fcee0ae79ecfe
- SHA1
  
  54d0ec17a3bdf39a9d0351f84e62df17fc605cb7
- SHA256
  
  5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac
- SHA512
  
  c1749c3565ab0b3a349c3f42ccf63075defb13ee57aa6f75f4e462ba0ed6d83f124cd5578d9f4fb3163f17d9ef2b259077506cb9f728a397952d14021b26aad6
- SSDEEP
  
  3072:50EUfecN2T7bg3tG78TBVBFuUrdzPvSRpLLJ1i9BZDLX0/:nYAfc3tGYTLu6nopLLTifZH0
Score

9^/10

discovery evasion
- Contacts a large (168482) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Reads MAC address of network interface
  Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.
  evasion discovery
- Reads network interface configuration
  Fetches information about one or more active network interfaces.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Wi-Fi Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

© 2018-2025

Terms | Privacy