Overview

overview

10

Static

static

10

EdiAf.arm7.elf

debian-9-armhf

7

Analysis

  • max time kernel
    130s
  • max time network
    157s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    03-02-2025 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EdiAf.arm7.elf

  • Size

    154KB

  • MD5

    10f52ddae53bb05198a7d7db4bce03f0

  • SHA1

    585069a2d6acf63fa009e9d4e3d69aea08e76996

  • SHA256

    3eef3948e820ff97ae864c4aafe66ea16de138d302ab1be156fcf73943af9d82

  • SHA512

    b3c2ddcf831ffc1248f0bdde1d0a3c4fbe9e344eab0900d792efdddd0705e0b6b401170f2bcd3b543f7aea87b35218e76e38b58637600fbc5cbf5ccee7d82271

  • SSDEEP

    3072:1diyInIdhuXk0vOP3a1akbrea47vYzfMu1b5ZHXoIXM/9yNLoBc:1diyq0IP11aYrea47wzdnHXocM/9j+

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/EdiAf.arm7.elf
    /tmp/EdiAf.arm7.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    • Reads runtime system information
    PID:651

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads