Analysis
-
max time kernel
146s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20230831-en -
resource tags
arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
04/10/2023, 18:10
General
-
Target
91699fe260cfe3d8b306b1f1cdc2ff61c43f2b9b91f63b23f38d72b24154be6e_JC.elf
-
Size
41KB
-
MD5
b030a1ce84923325c78d24d1d3f25cb5
-
SHA1
88e3541f5a47f4e778007cf7489e31ff5e62771a
-
SHA256
91699fe260cfe3d8b306b1f1cdc2ff61c43f2b9b91f63b23f38d72b24154be6e
-
SHA512
443186499d60d83935633eb20a6bed2f2583390f37c4c5724c4b47371ebbd7edb858aa2c1ccfadc9b63c848431c878e497737f4509f9d5f7f0d7f5de94e25546
-
SSDEEP
768:LAETdTUjhTVFzBOoVELmB9PjDFIrhq3UIdql1+YO2AHlTQYDL48y8VosSv:cETdTAPhImBBDFa1KD/4JnsSv
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 371 91699fe260cfe3d8b306b1f1cdc2ff61c43f2b9b91f63b23f38d72b24154be6e_JC.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/163/cmdline File opened for reading /proc/387/cmdline File opened for reading /proc/391/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/106/cmdline File opened for reading /proc/108/cmdline File opened for reading /proc/397/cmdline File opened for reading /proc/474/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/284/cmdline File opened for reading /proc/136/cmdline File opened for reading /proc/146/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/368/cmdline File opened for reading /proc/403/cmdline File opened for reading /proc/236/cmdline File opened for reading /proc/282/cmdline File opened for reading /proc/374/cmdline File opened for reading /proc/395/cmdline File opened for reading /proc/462/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/43/cmdline File opened for reading /proc/141/cmdline File opened for reading /proc/250/cmdline File opened for reading /proc/367/cmdline File opened for reading /proc/109/cmdline File opened for reading /proc/364/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/41/cmdline File opened for reading /proc/42/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/370/cmdline File opened for reading /proc/393/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/25/cmdline File opened for reading /proc/247/cmdline File opened for reading /proc/296/cmdline File opened for reading /proc/382/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/320/cmdline File opened for reading /proc/401/cmdline File opened for reading /proc/508/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/365/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/291/cmdline File opened for reading /proc/325/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/380/cmdline File opened for reading /proc/466/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/96/cmdline File opened for reading /proc/399/cmdline File opened for reading /proc/430/cmdline