651493d85dd7df04b0f4e9a0ff8e64db91f2137bd38165fb3d74d4a99d748e90

Analysis

max time kernel
149s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
10/04/2025, 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a-r.m-6.ISIS.elf
Size

124KB
MD5

d7d5d3fb9791068aca1d54e254b2f221
SHA1

ff8cb61a8304cadc27b99e64090cd9a21ef89cbb
SHA256

651493d85dd7df04b0f4e9a0ff8e64db91f2137bd38165fb3d74d4a99d748e90
SHA512

4512371daa8989aeceba17338a0f49e2378a8439eaab0297b10d695ac771cc2b322efa3a04a29f95300f4f6e2de919389676f52a55af03ff2683a31dbe2878cb
SSDEEP

3072:KdB2qwap6KVXPi4jv8x+wMDkmDhZmTQOIsXAqE:aRwap6Kt6+wMDHZmTQOICAqE

Score

6^/10

discovery

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	a-r.m-6.ISIS.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	a-r.m-6.ISIS.elf

/tmp/a-r.m-6.ISIS.elf
/tmp/a-r.m-6.ISIS.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:646

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads