Overview

overview

10

Static

static

10

arm7

debian-12-armhf

7

arm7

debian-9-armhf

7

Analysis

  • max time kernel
    10s
  • max time network
    17s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    15/04/2025, 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    arm7

  • Size

    172KB

  • MD5

    de01ad93cd4233622b86a417093f4b07

  • SHA1

    081c329f7b2e3089f5a23186bb9fe0f5f2de1347

  • SHA256

    73b49ec936248ef113380625bae2745b0578dea4597dcdf55415f75998bd1378

  • SHA512

    2b91aa041da94b3cc5fadd9daf85e44f099d492e8a667d33086601ffcf0b7c7438a271f88b8dba611459dbe4577a01094682579c2912e6e821b7f3a46adcf335

  • SSDEEP

    3072:k68cS0jOJ8srUwE5yawOw9rn4JWS7JInHXQVaAi/tGM/99NhDFHl:k68c5ozE5yawOw9rnEWeIHXQVaAi/4M7

Score
7/10
credential_accessdiscovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Reads process memory 1 TTPs 13 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  • Changes its process name 3 IoCs
  • Reads runtime system information 6 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/arm7
    /tmp/arm7
    1⤵
    • Deletes itself
    • Reads process memory
    • Changes its process name
    • Reads runtime system information
    PID:655

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads