Overview

overview

10

Static

static

10

arm7.elf

debian-12-armhf

7

Analysis

  • max time kernel
    133s
  • max time network
    151s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20250410-en
  • resource tags

    arch:armhfimage:debian12-armhf-20250410-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    14/04/2025, 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    arm7.elf

  • Size

    172KB

  • MD5

    de01ad93cd4233622b86a417093f4b07

  • SHA1

    081c329f7b2e3089f5a23186bb9fe0f5f2de1347

  • SHA256

    73b49ec936248ef113380625bae2745b0578dea4597dcdf55415f75998bd1378

  • SHA512

    2b91aa041da94b3cc5fadd9daf85e44f099d492e8a667d33086601ffcf0b7c7438a271f88b8dba611459dbe4577a01094682579c2912e6e821b7f3a46adcf335

  • SSDEEP

    3072:k68cS0jOJ8srUwE5yawOw9rn4JWS7JInHXQVaAi/tGM/99NhDFHl:k68c5ozE5yawOw9rnEWeIHXQVaAi/4M7

Score
7/10
credential_accessdiscovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Reads process memory 1 TTPs 15 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  • Changes its process name 3 IoCs
  • Reads runtime system information 8 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/arm7.elf
    /tmp/arm7.elf
    1⤵
    • Deletes itself
    • Reads process memory
    • Changes its process name
    • Reads runtime system information
    PID:758

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads