Analysis
-
max time kernel
151s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20221111-en -
resource tags
arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
26-04-2023 01:19
Static task
static1
Behavioral task
behavioral1
Sample
00413aca07bf97f21c894fe05208a8604508feb48a6b9b049d2a5524d437e1d0.elf
Resource
debian9-armhf-20221111-en
debian-9-armhf
2 signatures
150 seconds
General
-
Target
00413aca07bf97f21c894fe05208a8604508feb48a6b9b049d2a5524d437e1d0.elf
-
Size
97KB
-
MD5
67f65e02f9fdffd2e0e38fe1c53076e9
-
SHA1
515db577339106ad287a2c1c5272e1ca0a8ba26d
-
SHA256
00413aca07bf97f21c894fe05208a8604508feb48a6b9b049d2a5524d437e1d0
-
SHA512
a5557e4d12d3a81abd86398bdef909b1ee1f453d913668b2a354ea7f9627db23f0e745b83cb267b0c07edc18b17b0c87cfb0bd3b92ffac13cd77e97ad0564ef3
-
SSDEEP
3072:g/28W9eYAa0XT2pZqoeFi4XNOlHEMGmsQ0NqKV:/91AaKT2CK4XNOlNGmsQ0kKV
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself sh 373 00413aca07bf97f21c894fe05208a8604508feb48a6b9b049d2a5524d437e1d0.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/284/maps File opened for reading /proc/328/maps File opened for reading /proc/397/maps File opened for reading /proc/507/maps File opened for reading /proc/515/maps File opened for reading /proc/24/maps File opened for reading /proc/434/maps File opened for reading /proc/447/maps File opened for reading /proc/483/maps File opened for reading /proc/503/maps File opened for reading /proc/201/maps File opened for reading /proc/234/maps File opened for reading /proc/241/maps File opened for reading /proc/408/maps File opened for reading /proc/446/maps File opened for reading /proc/27/maps File opened for reading /proc/242/maps File opened for reading /proc/277/maps File opened for reading /proc/409/maps File opened for reading /proc/500/maps File opened for reading /proc/398/maps File opened for reading /proc/471/maps File opened for reading /proc/479/maps File opened for reading /proc/501/maps File opened for reading /proc/105/maps File opened for reading /proc/243/maps File opened for reading /proc/394/maps File opened for reading /proc/474/maps File opened for reading /proc/496/maps File opened for reading /proc/497/maps File opened for reading /proc/513/maps File opened for reading /proc/2/maps File opened for reading /proc/19/maps File opened for reading /proc/369/maps File opened for reading /proc/384/maps File opened for reading /proc/407/maps File opened for reading /proc/412/maps File opened for reading /proc/424/maps File opened for reading /proc/431/maps File opened for reading /proc/473/maps File opened for reading /proc/511/maps File opened for reading /proc/374/maps File opened for reading /proc/134/maps File opened for reading /proc/141/maps File opened for reading /proc/413/maps File opened for reading /proc/437/maps File opened for reading /proc/450/maps File opened for reading /proc/487/maps File opened for reading /proc/382/maps File opened for reading /proc/393/maps File opened for reading /proc/405/maps File opened for reading /proc/461/maps File opened for reading /proc/485/maps File opened for reading /proc/510/maps File opened for reading /proc/162/maps File opened for reading /proc/325/maps File opened for reading /proc/383/maps File opened for reading /proc/402/maps File opened for reading /proc/453/maps File opened for reading /proc/465/maps File opened for reading /proc/482/maps File opened for reading /proc/25/maps File opened for reading /proc/391/maps File opened for reading /proc/489/maps