Overview

overview

9

Static

static

1

adf9e44d80...0d.elf

debian-12-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ead9d3290c96e6b9dccc57160026c84c.bin

  • Size

    44KB

  • Sample

    240701-el4eqawaqb

  • MD5

    50e2f859a437c0d1eda682eaed11f1e6

  • SHA1

    48a71f6a1416d326374d7d7ea10740efa5c3d159

  • SHA256

    d071915da340d66299ef5f1af8bcb5c398fbd0b753678411e85ee6ac91a60528

  • SHA512

    c892b7e2a1769ad89714b55541cd74a0f2aef5c041f308c5378ec6c1ff187670d23e014d8f816aed46e5ae41f31630171bc8303238c01b8688f0bdc6dd26bc64

  • SSDEEP

    768:LZpnxca7MvZeBEp1cd5q6IIrI9Hc6PJZSh9Of0QrV+ZXIQSl+T00rqDnfSE:rnxchReSjcd1rSc6xIjOX8dIQBxmf

Score
9/10
discovery

Malware Config

Targets

    • Target

      adf9e44d80c9d77c6ff1e9c3c96eb022ccfbec2ad2714d1b4e2e8cfa1ee9c60d.elf

    • Size

      82KB

    • MD5

      ead9d3290c96e6b9dccc57160026c84c

    • SHA1

      0d8c26b3a30afa759e62c16f5251f64f2401d803

    • SHA256

      adf9e44d80c9d77c6ff1e9c3c96eb022ccfbec2ad2714d1b4e2e8cfa1ee9c60d

    • SHA512

      e2673ada3b76c78b1f97881805a0ffadae4179d56c13c65ce31ac6ad5cba5874ee404ba0376bc90fbe11075b799976048e049509a5f26168d68204a934fd8fc9

    • SSDEEP

      1536:opnZ8fsdCalVGTMssjrRZ61SoGYJbMB13hcdVO9lwwi4AfnaBV:sZdCEbseFI1So/bMB13hc7qAfnar

    Score
    9/10
    discovery

    • Contacts a large (75080) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks