f0d7db4ad3d65529f483aa98507d9b4928124a6c3d96c6d43726a5adcc120c56 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

5c33d55d1c...ac.elf

debian-9-armhf

9

Sharing

General

Target

ae4dbc2886c3b1e8426fcee0ae79ecfe.bin
Size

91KB
Sample

250105-b3al7ayqcj
MD5

e6e78ad3c2575d297b88d54b82359a56
SHA1

3bfd4ce3576802e1abe555886fee5e103dd1ca10
SHA256

f0d7db4ad3d65529f483aa98507d9b4928124a6c3d96c6d43726a5adcc120c56
SHA512

f92cb9ebc5eee50fa1a870db5bb717609386b09be40ab84d82a62eb7841c6ffbd9c168f53b16b3b64cd79fa09822752ec0584424a79226b7311084f8bebe47c5
SSDEEP

1536:A8f/trOwmKTPC6UQK4jjgTXQx4P3atE3YTYT7/zWqnEhu/KFyVOalh7fuIy:As/tr9PC6UgjnxMaC3YMvVEMSFyVOyLe

Score

9^/10

discovery evasion

Static task

static1

Behavioral task

behavioral1

Sample

5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac.elf

Resource

debian9-armhf-20240729-en

discovery evasion

debian-9-armhf

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac.elf
- Size
  
  206KB
- MD5
  
  ae4dbc2886c3b1e8426fcee0ae79ecfe
- SHA1
  
  54d0ec17a3bdf39a9d0351f84e62df17fc605cb7
- SHA256
  
  5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac
- SHA512
  
  c1749c3565ab0b3a349c3f42ccf63075defb13ee57aa6f75f4e462ba0ed6d83f124cd5578d9f4fb3163f17d9ef2b259077506cb9f728a397952d14021b26aad6
- SSDEEP
  
  3072:50EUfecN2T7bg3tG78TBVBFuUrdzPvSRpLLJ1i9BZDLX0/:nYAfc3tGYTLu6nopLLTifZH0
Score

9^/10

discovery evasion
- Contacts a large (233980) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Reads MAC address of network interface
  Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.
  evasion discovery
- Reads network interface configuration
  Fetches information about one or more active network interfaces.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Wi-Fi Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

© 2018-2025

Terms | Privacy