Analysis
-
max time kernel
149s -
max time network
147s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
-
submitted
01-02-2025 20:42
General
-
Target
.Sarm.elf
-
Size
69KB
-
MD5
219075688bc6cef9a9ca8867ed6b779a
-
SHA1
b9441c919cba775ec32ad4d94d02f56b3f100290
-
SHA256
3179295bcfdfe05649b48bdeb03f86fd72a2c4414da58740ad7e5f881c94cc03
-
SHA512
b6f13eae7db84aa675465e1b5de0dfe7265c183925c9094902c4bc44d9c88a4462c910bb4a275f23ab3e0938ad76c600090385eefcb48bd766ff5dbd180fa3b7
-
SSDEEP
1536:oKMsKzlnbkClERF0LPGmSsdV/OQvZ54Lr72muf0vy:oKGZGmSKJZ6n2sy
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Traces itself 1 IoCs
Traces itself to prevent debugging attempts
-
Writes file to system bin folder 2 IoCs
-
Changes its process name 1 IoCs
Processes
-
/tmp/.Sarm.elf/tmp/.Sarm.elf1⤵
- Deletes itself
- Modifies Watchdog functionality
- Traces itself
- Writes file to system bin folder
- Changes its process name