Overview

overview

10

Static

static

10

efefa7.elf

debian-9-armhf

7

Analysis

  • max time kernel
    136s
  • max time network
    148s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20250410-en
  • resource tags

    arch:armhfimage:debian9-armhf-20250410-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    15/04/2025, 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efefa7.elf

  • Size

    172KB

  • MD5

    32353ac6e5ca3fc430b456a8ae3f2b19

  • SHA1

    5443a5bb93f979956b8133fa04f4de5dfb241ce7

  • SHA256

    5b1f04f4a4aed544a64f434b28fefe201ae5942e5a12c6fa04dd9e3011123a24

  • SHA512

    b91ca7955547775ff38ec8e0042875c542f13e099af09ce2c4782e520578114831bc8119579b7f7f8d211f6e7df5fe5597b540764714cc41e9f3f37aa43d302f

  • SSDEEP

    3072:ya/57QWPlDtc9ayBaRm7y4p2Z77XjTIGSt8+/o+deOM/9i9DUq:b/5759xcAyBaRm7y4pw7XIjt84o+dVMa

Score
7/10
credential_accessdiscovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Reads process memory 1 TTPs 14 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  • Changes its process name 3 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/efefa7.elf
    /tmp/efefa7.elf
    1⤵
    • Deletes itself
    • Reads process memory
    • Changes its process name
    • Reads runtime system information
    PID:646

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads