75604cb1c0ba832bf192d19220dfdca21687a5819846e9faf48fa9b10d92ea34

Analysis

max time kernel
151s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20230831-en
resource tags

arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
03-10-2023 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75604cb1c0ba832bf192d19220dfdca21687a5819846e9faf48fa9b10d92ea34_JC.elf
Size

175KB
MD5

2bc629a2de6f77085ddeba4fd7aa14a4
SHA1

5cfd36f16323c901627953fbb3613cc66333b1b3
SHA256

75604cb1c0ba832bf192d19220dfdca21687a5819846e9faf48fa9b10d92ea34
SHA512

7244a98fbd40681da06cd87affd4b52c430acae06772c4b3e32433c614923ac6a4b355144f1988940f183273d1ee0d85761583cb816c7bc6307548a0c674265c
SSDEEP

3072:kbjrvNbBLbcBCkoajwdyqkkovT/6EBpWK/1Jso0M/Rq9G:qjpBLbEloajwdybkQRBQK/jx0M/RqM

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	376	75604cb1c0ba832bf192d19220dfdca21687a5819846e9faf48fa9b10d92ea34_JC.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/420/cmdline
File opened for reading	/proc/439/cmdline
File opened for reading	/proc/472/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/413/cmdline
File opened for reading	/proc/415/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/427/cmdline
File opened for reading	/proc/430/cmdline
File opened for reading	/proc/454/cmdline
File opened for reading	/proc/471/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/403/cmdline
File opened for reading	/proc/417/cmdline
File opened for reading	/proc/378/cmdline
File opened for reading	/proc/386/cmdline
File opened for reading	/proc/437/cmdline
File opened for reading	/proc/470/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/25/cmdline
File opened for reading	/proc/113/cmdline
File opened for reading	/proc/459/cmdline
File opened for reading	/proc/406/cmdline
File opened for reading	/proc/412/cmdline
File opened for reading	/proc/424/cmdline
File opened for reading	/proc/458/cmdline
File opened for reading	/proc/469/cmdline
File opened for reading	/proc/110/cmdline
File opened for reading	/proc/387/cmdline
File opened for reading	/proc/423/cmdline
File opened for reading	/proc/80/cmdline
File opened for reading	/proc/440/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/446/cmdline
File opened for reading	/proc/237/cmdline
File opened for reading	/proc/285/cmdline
File opened for reading	/proc/396/cmdline
File opened for reading	/proc/445/cmdline
File opened for reading	/proc/460/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/152/cmdline
File opened for reading	/proc/467/cmdline
File opened for reading	/proc/404/cmdline
File opened for reading	/proc/410/cmdline
File opened for reading	/proc/453/cmdline
File opened for reading	/proc/461/cmdline
File opened for reading	/proc/473/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/142/cmdline
File opened for reading	/proc/324/cmdline
File opened for reading	/proc/328/cmdline
File opened for reading	/proc/392/cmdline
File opened for reading	/proc/457/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/282/cmdline
File opened for reading	/proc/293/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/432/cmdline
File opened for reading	/proc/389/cmdline
File opened for reading	/proc/434/cmdline
File opened for reading	/proc/450/cmdline

/tmp/75604cb1c0ba832bf192d19220dfdca21687a5819846e9faf48fa9b10d92ea34_JC.elf
/tmp/75604cb1c0ba832bf192d19220dfdca21687a5819846e9faf48fa9b10d92ea34_JC.elf
1⤵
- Changes its process name
PID:376

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads