70871aedab0f9d4f5da309709738ed89fc6e0461457f2a3812c9a6d91ac73168 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

arm6.elf

debian-12-armhf

9

Sharing

General

Target

arm6.elf
Size

116KB
Sample

250328-ecw92stly7
MD5

6c04e05f915c597955f76bbb94cb86b7
SHA1

275158212364f282a2c77ded085607090a25e08e
SHA256

70871aedab0f9d4f5da309709738ed89fc6e0461457f2a3812c9a6d91ac73168
SHA512

642124378333756291599d15a9465d78d328df279f9ff71865eb192d71b7b982e0d8007646951637cbaafdc069b3231998357c9e8ea60db9897264096f69abbc
SSDEEP

3072:fBmKyo0CgHtFdRtoH0skJkZaWL4YuBRBG6f3ON1LknQ/:fBmKyo0CgHtFdH4qJ7W/IRBhf61L

Score

9^/10

credential_access discovery

Static task

static1

Behavioral task

behavioral1

Sample

arm6.elf

Resource

debian12-armhf-20240221-en

credential_access discovery

debian-12-armhf

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  arm6.elf
- Size
  
  116KB
- MD5
  
  6c04e05f915c597955f76bbb94cb86b7
- SHA1
  
  275158212364f282a2c77ded085607090a25e08e
- SHA256
  
  70871aedab0f9d4f5da309709738ed89fc6e0461457f2a3812c9a6d91ac73168
- SHA512
  
  642124378333756291599d15a9465d78d328df279f9ff71865eb192d71b7b982e0d8007646951637cbaafdc069b3231998357c9e8ea60db9897264096f69abbc
- SSDEEP
  
  3072:fBmKyo0CgHtFdRtoH0skJkZaWL4YuBRBG6f3ON1LknQ/:fBmKyo0CgHtFdH4qJ7W/IRBhf61L
Score

9^/10

credential_access discovery
- Contacts a large (30004) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscovery

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.