34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a | Triage

Analysis

max time kernel
59s
max time network
62s
platform
debian-12_armhf
resource
debian12-armhf-20240729-en
resource tags

arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
03/02/2025, 17:49

Sharing

Report Analysis Logs

General

Target

main_arm7
Size

177KB
MD5

0272b30dfa9e5757e0ddb8238b4bc524
SHA1

2cbfef6b3ee11c035c1a4fd3475029952341269c
SHA256

34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a
SHA512

d979c768ee3af8ada100e33fa68e98153dd351647a8c454afa77c209dfd7551e5ca79e851caa0ecd3d2e8e90f17b878d5091ac8e8abf6ee1689c5c4116ddbe71
SSDEEP

3072:OLe6vhN1QIruCee+asuTuRebU7IVILVZQy38YhTfYo+M/Rvs1tlLn:ee6vhQIr1r+asuTuReAvLV738+x+M/RO

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
702	main_arm7

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
702	main_arm7
705	main_arm7

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	702	main_arm7

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/main_arm7	main_arm7

/tmp/main_arm7
/tmp/main_arm7 arm7
1⤵
- Deletes itself
- Traces itself
- Changes its process name
- Writes file to tmp directory
PID:702

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads