Overview

overview

10

Static

static

10

a6c59e3347...6f.elf

debian-12-armhf

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    02-02-2025 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f.elf

  • Size

    71KB

  • MD5

    4c0725b09a3315b154f27659636ec08a

  • SHA1

    0af8abf486fb04a3cc300c83449de61d98c775b1

  • SHA256

    a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f

  • SHA512

    fd2832b55375ff5091285e9bfc4e8c8478d8028fd40e8f14d6a053ad5bbeb511eead925aea19b33cdda0a851a1b444fd01b42eede96ce1ccc715eff1e4d17c2e

  • SSDEEP

    1536:FQnTL3+lI/A0hBZN86OrhSW1DXMHODMxC6yPimg979l9aigHwJfR5:U+q/pZFuJxXMuDMxC6yPimQWwJ5

Score
7/10
defense_evasion

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Renames itself 1 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Changes its process name 1 IoCs

Processes

  • /tmp/a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f.elf
    /tmp/a6c59e3347982e3f37b9785910af1e6879f24ae91c7461043d86308651a0e16f.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Renames itself
    • Changes its process name
    PID:706

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads