8a63867373e137707a9c4c2285cdea70a76bd1a16afb7b14414724f9aedacd05

Analysis

max time kernel
145s
max time network
162s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
28/02/2025, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tftp.elf
Size

108KB
MD5

dda1e45981458bf8a12c4baf6a3c09eb
SHA1

3eee156bc96d79ce7fc7efd94140709c41d48c50
SHA256

8a63867373e137707a9c4c2285cdea70a76bd1a16afb7b14414724f9aedacd05
SHA512

a3139e44bd96035808d90e675494be632d0bd8c2d5ad5fa44d17a86d5a9312f6b58256e95b2a52c8b06151ab454ca1d1c96c0843a6b9ad3220c0f798c30e186f
SSDEEP

3072:01rJLKDLzea8Yj+yYGIGZfZQomiQ9WtX9+a:01rJgzea+yYG1QomiQ9Wx9+a

Score

6^/10

discovery

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	tftp.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	tftp.elf

/tmp/tftp.elf
/tmp/tftp.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:709

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads