18ec419326c72cad270da262d178dd3ee8a2c88d615b254cd838262a89a2b961

Analysis

max time kernel
97s
max time network
160s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
09/03/2025, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zyxel.elf
Size

149KB
MD5

6324ba37c929071f8a3c65d7bae2cfd3
SHA1

f89a463328df433b597b53267f75b2f742d647a1
SHA256

18ec419326c72cad270da262d178dd3ee8a2c88d615b254cd838262a89a2b961
SHA512

cd05a6d286bc4ebab1eb3ab4e6f047e036043e875a3af846b95245ac46248eba61336492ce6df794fa6f08e1fa76581a2bf67f9af35f64bbfbe1c0234deeae92
SSDEEP

3072:8pTHcZwn2J+wVJVdFFH+DsEncLTdOoRrWwduHuDM/9FTsHQhoR:aTHcZw2oQdjGsEncLTkoRDduH6M/9FhE

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (210164) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	��Ȣ��Ⱥ�	646	zyxel.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/stat	zyxel.elf

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/笭�玜��迩��	zyxel.elf
File opened for modification	/tmp/Ŏ��ŝ��	zyxel.elf
File opened for modification	/tmp/笭�祡��翩��	zyxel.elf
File opened for modification	/tmp/Ŏ��Ŭ��۵��	zyxel.elf

/tmp/zyxel.elf
/tmp/zyxel.elf
1⤵
- Changes its process name
- Reads runtime system information
- Writes file to tmp directory
PID:646

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads