ff0811a41e0c7594c355f33c54c1cde1e544eb7ec81b8033fa5da9a628aeb448

Analysis

max time kernel
149s
max time network
159s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/03/2025, 10:27

Target

main_arm5.elf
Size

126KB
MD5

0c178203ddde161cd0a9578d1dc8696a
SHA1

987f1fbbe2a7aba7408292d2b3f0b22aa7fcd6cf
SHA256

ff0811a41e0c7594c355f33c54c1cde1e544eb7ec81b8033fa5da9a628aeb448
SHA512

a4169f3df941368d366185c475a6057ffa5cfaf6db028566acb28d959db6d0bf3e9a5ad5a19f1c5b9e81d8f69ef6a446a3e53cda25925c9608fa023959068d60
SSDEEP

1536:pnK20FG5NCjNoCDMQkYOqcW2AcRX4VRo6TDjJtCyMLYRCCaXYv4BPQlnKwywDROH:BK23kPRPOfW2R446rJtCZLYpQYAHb9

Score

7^/10

Deletes itself 1 IoCs

pid	Process
639	main_arm5.elf

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
639	main_arm5.elf
641	main_arm5.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	639	main_arm5.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/main_arm5.elf	main_arm5.elf