84f198dba0d95044db735cabd182ce7a633a22f1add39dccda481f9a9d607712

Analysis

max time kernel
146s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
10/04/2025, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a-r.m-5.ISIS.elf
Size

102KB
MD5

c015027320b2c7af2cae0dc6a4172a8b
SHA1

93dc5b0c3a473a14a11435d21662e3d77f8b4238
SHA256

84f198dba0d95044db735cabd182ce7a633a22f1add39dccda481f9a9d607712
SHA512

e7d42c22b3912f55f68db97ff939d65413e18f23d68cc23a6b930f1f9dec792f18ec7c28f0ba27713bd534f03a5621064addfea927bdf418a5e2d5fd11134821
SSDEEP

3072:Plf1jKRi/VYf84Yyk7XTRUmpEqQ45vVXY0X:vjdVC7Yyk7qmpEqQ45vVXY0X

Score

6^/10

discovery

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	a-r.m-5.ISIS.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	a-r.m-5.ISIS.elf

/tmp/a-r.m-5.ISIS.elf
/tmp/a-r.m-5.ISIS.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:645

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads