efb7c3a4e5fd61c890c19f1863106ca95a95732a483f8e80c2c2fe92bfe64421

Analysis

max time kernel
98s
max time network
143s
platform
debian-12_armhf
resource
debian12-armhf-20240729-en
resource tags

arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
18/02/2025, 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d.elf
Size

139KB
MD5

9574c6e15b3cd6a99216d69a5e67098c
SHA1

508e4c6e40bbdbe55a317f658da3c572fc716513
SHA256

efb7c3a4e5fd61c890c19f1863106ca95a95732a483f8e80c2c2fe92bfe64421
SHA512

509a0df503d97d781fb4c14843fa9d343a70f44093919bcbdf69c9a113ce53c6d8834e4e99913c83f8cc572af0ce46ba427183fedb80e0fa2f7ab433e35303a5
SSDEEP

3072:nVfyQ+d+pceQGf3bssaXv2hWOiwTteFrwZoPI3njddZ4RemydQCYMhEFg:TbssaXv2hoHrVPI3LuYmydQCYMhEFg

Score

7^/10

Malware Config

Signatures

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Adversary-in-the-Middle

T1557

description	ioc	Process
File opened for modification	/etc/resolv.conf	d.elf

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	701	d.elf

/tmp/d.elf
/tmp/d.elf
1⤵
- Writes DNS configuration
- Changes its process name
PID:701

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

T1557

Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

T1557

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads