aff3dc5871d24479c4d05a3c6d7ad073710dc53d785f3caff854d61c1b26e81f

Analysis

max time kernel
149s
max time network
161s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
01-02-2025 04:06

Target

ciubuc_arm7.elf
Size

179KB
MD5

542eb5f626051c3881c08b7f4cfc771e
SHA1

b9bb9a79cb5c279adb5decbdab201f7f71fd1624
SHA256

aff3dc5871d24479c4d05a3c6d7ad073710dc53d785f3caff854d61c1b26e81f
SHA512

fb8acd1b85c67993c20d0cec7162dcc031daf3b720f357914e229cf861ad77a989b37774e6032a1bcd5919988c4fdaaa7f0ce50a9d9056871c81b0d56804471e
SSDEEP

3072:eY3Ld6YV1m3efp8laNn7pgoH36x9JkbVxjJ/RuorM/Rs8y9YKtR:n3Ld66m342laNn7pgoX6mbVxj3XrM/RK

Score

7^/10

Deletes itself 1 IoCs

pid	Process
713	ciubuc_arm7.elf

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
713	ciubuc_arm7.elf
715	ciubuc_arm7.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	713	ciubuc_arm7.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/ciubuc_arm7.elf	ciubuc_arm7.elf