57c62930fd2745c9bd63722cbd438278d5c1e4f3612ffae871c80a798bf734c8

Analysis

max time kernel
149s
max time network
159s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/03/2025, 10:27

Target

main_arm.elf
Size

130KB
MD5

430d5ce27098f7a1b678e00b8babed16
SHA1

9379f845fbacb3e0e0e109acdf7ee0bd8ed586b8
SHA256

57c62930fd2745c9bd63722cbd438278d5c1e4f3612ffae871c80a798bf734c8
SHA512

2eee190f74109f7622939bc3749840c3be157cded3ff4461889b86aa48880f0b43531b22127431a7219b7747555b6c8277f7c603fe10da916db3a3b71c3dff1b
SSDEEP

1536:kKdnEPmm8uKrRZWjp7F8PAZYg4V9z6mTQfoAO0fF5wpr8VBipAFly+wywnRl2JIX:kKtV8Nh8P24PvsoAOwFMo+pC6+K9

Score

7^/10

Deletes itself 1 IoCs

pid	Process
641	main_arm.elf

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
641	main_arm.elf
642	main_arm.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	641	main_arm.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/main_arm.elf	main_arm.elf