Overview

overview

10

Static

static

10

bde1f43636...99.elf

debian-9-armhf

7

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    07-01-2025 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bde1f436368a6eb6cc655643b4a463d4e83e064db00ce12a48d9d3ee6a2ffc99.elf

  • Size

    82KB

  • MD5

    e4c06f131d9c9081859ab1071b6fa221

  • SHA1

    b08a82702d62782a9d64b8b5607300ac513c6992

  • SHA256

    bde1f436368a6eb6cc655643b4a463d4e83e064db00ce12a48d9d3ee6a2ffc99

  • SHA512

    cd1c52ad973e598556969f46455655e00eaba09464c1cff703b56a7a8a6e47793bee62770228b4e5950766b726baa54c5fb0b49e7a35256d8bc1ac7a864b0f9d

  • SSDEEP

    1536:boViXgeg8lbip2Mq/UrMFswJflvwT7F/LEHRn7r6sSHv44:boV/KH1WwJtYT7RLEJfe44

Score
7/10
defense_evasiondiscoveryevasionpersistenceprivilege_escalation

Malware Config

Signatures

  • Deletes Audit logs 1 TTPs 1 IoCs

    Deletes logs related to the Linux Audit framework.

    evasion
  • Deletes itself 1 IoCs
  • Deletes system logs 1 TTPs 2 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    evasion
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Deletes log files 1 TTPs 3 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies systemd 2 TTPs 1 IoCs

    Adds/ modifies systemd service files. Likely to achieve persistence.

    persistenceprivilege_escalation
  • Changes its process name 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/bde1f436368a6eb6cc655643b4a463d4e83e064db00ce12a48d9d3ee6a2ffc99.elf
    /tmp/bde1f436368a6eb6cc655643b4a463d4e83e064db00ce12a48d9d3ee6a2ffc99.elf
    1⤵
    • Deletes Audit logs
    • Deletes itself
    • Deletes system logs
    • Modifies Watchdog functionality
    • Deletes log files
    • Modifies systemd
    • Changes its process name
    • Reads runtime system information
    PID:648
    • /bin/sh
      sh -c "systemctl daemon-reload"
      2⤵
        PID:653
        • /bin/systemctl
          systemctl daemon-reload
          3⤵
          • Enumerates kernel/hardware configuration
          • Reads runtime system information
          PID:655
      • /bin/sh
        sh -c "systemctl enable startup_command.service"
        2⤵
          PID:674
          • /bin/systemctl
            systemctl enable startup_command.service
            3⤵
            • Enumerates kernel/hardware configuration
            • Reads runtime system information
            PID:676

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /etc/systemd/system/startup_command.service
        Filesize

        361B

        MD5

        af7d62b73266e0b457b114fe91f7e926

        SHA1

        11261aef4573b56b67b32020049c69c7282fc212

        SHA256

        14cb525e5a6b8aaf20c38672f8a9f974a684990888214848818326a739906642

        SHA512

        3926fbb53496c3aaa34cc782bd5c8379e0ab94b11fe4e63bbbfeac4e2b5057369c94bbe25ac56c3f04363076c91b978f9199fed97c5ed8377a6dc852b01ebfd9

        Download Submit