2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514

Analysis

max time kernel
151s
max time network
138s
platform
debian-9_armhf
resource
debian9-armhf-20230831-en
resource tags

arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
06-10-2023 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514elf_JC.elf
Size

175KB
MD5

57e2b6062192e93646cd64d6c0b774b8
SHA1

7fe6d7c8794a77a162b81bc15f10da7191013f72
SHA256

2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514
SHA512

5d895adbae72827de75143cf301d08fc3c8afd42291823c15aeee91de0e46fd2d5cc72599876ec467233144f34e3733dc00873737072596c2924fb4c5ed91a2a
SSDEEP

3072:nS/NsChjlvbAmfkIaboVSyckpj/HS0Bpxi/hJjogM/RXC/Ht6:nS/7lvlcIaboVS7kVdBHi/XMgM/RXC/0

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	358	NEAS.2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514elf_JC.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/461/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/42/cmdline
File opened for reading	/proc/361/cmdline
File opened for reading	/proc/364/cmdline
File opened for reading	/proc/377/cmdline
File opened for reading	/proc/402/cmdline
File opened for reading	/proc/43/cmdline
File opened for reading	/proc/390/cmdline
File opened for reading	/proc/400/cmdline
File opened for reading	/proc/454/cmdline
File opened for reading	/proc/105/cmdline
File opened for reading	/proc/313/cmdline
File opened for reading	/proc/371/cmdline
File opened for reading	/proc/384/cmdline
File opened for reading	/proc/413/cmdline
File opened for reading	/proc/457/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/143/cmdline
File opened for reading	/proc/381/cmdline
File opened for reading	/proc/408/cmdline
File opened for reading	/proc/430/cmdline
File opened for reading	/proc/399/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/351/cmdline
File opened for reading	/proc/367/cmdline
File opened for reading	/proc/373/cmdline
File opened for reading	/proc/382/cmdline
File opened for reading	/proc/391/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/431/cmdline
File opened for reading	/proc/357/cmdline
File opened for reading	/proc/397/cmdline
File opened for reading	/proc/401/cmdline
File opened for reading	/proc/409/cmdline
File opened for reading	/proc/426/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/135/cmdline
File opened for reading	/proc/385/cmdline
File opened for reading	/proc/432/cmdline
File opened for reading	/proc/444/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/210/cmdline
File opened for reading	/proc/360/cmdline
File opened for reading	/proc/379/cmdline
File opened for reading	/proc/459/cmdline
File opened for reading	/proc/383/cmdline
File opened for reading	/proc/434/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/95/cmdline
File opened for reading	/proc/134/cmdline
File opened for reading	/proc/271/cmdline
File opened for reading	/proc/378/cmdline
File opened for reading	/proc/368/cmdline
File opened for reading	/proc/374/cmdline
File opened for reading	/proc/436/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/387/cmdline
File opened for reading	/proc/406/cmdline
File opened for reading	/proc/420/cmdline
File opened for reading	/proc/437/cmdline

/tmp/NEAS.2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514elf_JC.elf
/tmp/NEAS.2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514elf_JC.elf
1⤵
- Changes its process name
PID:358

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads