3a284d9834f9ed19c151744ea77e27871ebcaa37ccc25f4bcde74d0e1bc089d2

Analysis

max time kernel
151s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20230831-en
resource tags

arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07/10/2023, 12:01 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514.elf
Size

175KB
MD5

57e2b6062192e93646cd64d6c0b774b8
SHA1

7fe6d7c8794a77a162b81bc15f10da7191013f72
SHA256

2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514
SHA512

5d895adbae72827de75143cf301d08fc3c8afd42291823c15aeee91de0e46fd2d5cc72599876ec467233144f34e3733dc00873737072596c2924fb4c5ed91a2a
SSDEEP

3072:nS/NsChjlvbAmfkIaboVSyckpj/HS0Bpxi/hJjogM/RXC/Ht6:nS/7lvlcIaboVS7kVdBHi/XMgM/RXC/0

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	367	2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/408/cmdline
File opened for reading	/proc/436/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/390/cmdline
File opened for reading	/proc/407/cmdline
File opened for reading	/proc/426/cmdline
File opened for reading	/proc/451/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/108/cmdline
File opened for reading	/proc/366/cmdline
File opened for reading	/proc/420/cmdline
File opened for reading	/proc/425/cmdline
File opened for reading	/proc/447/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/269/cmdline
File opened for reading	/proc/271/cmdline
File opened for reading	/proc/449/cmdline
File opened for reading	/proc/476/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/141/cmdline
File opened for reading	/proc/287/cmdline
File opened for reading	/proc/368/cmdline
File opened for reading	/proc/361/cmdline
File opened for reading	/proc/401/cmdline
File opened for reading	/proc/442/cmdline
File opened for reading	/proc/464/cmdline
File opened for reading	/proc/137/cmdline
File opened for reading	/proc/362/cmdline
File opened for reading	/proc/395/cmdline
File opened for reading	/proc/427/cmdline
File opened for reading	/proc/460/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/375/cmdline
File opened for reading	/proc/450/cmdline
File opened for reading	/proc/485/cmdline
File opened for reading	/proc/279/cmdline
File opened for reading	/proc/315/cmdline
File opened for reading	/proc/468/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/148/cmdline
File opened for reading	/proc/392/cmdline
File opened for reading	/proc/417/cmdline
File opened for reading	/proc/431/cmdline
File opened for reading	/proc/445/cmdline
File opened for reading	/proc/224/cmdline
File opened for reading	/proc/377/cmdline
File opened for reading	/proc/453/cmdline
File opened for reading	/proc/477/cmdline
File opened for reading	/proc/481/cmdline
File opened for reading	/proc/378/cmdline
File opened for reading	/proc/387/cmdline
File opened for reading	/proc/410/cmdline
File opened for reading	/proc/432/cmdline
File opened for reading	/proc/439/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/466/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/323/cmdline
File opened for reading	/proc/374/cmdline

/tmp/2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514.elf
/tmp/2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514.elf
1⤵
- Changes its process name
PID:367

Network

DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107
DNS

bot.ddosvps.cc

Remote address:

8.8.8.8:53

Request

bot.ddosvps.cc

IN A

Response

bot.ddosvps.cc

IN A

107.174.93.107

107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1
107.174.93.107:43957

bot.ddosvps.cc

60 B
1

8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107
8.8.8.8:53

bot.ddosvps.cc

dns

60 B
76 B
1
1

DNS Request

bot.ddosvps.cc

DNS Response

107.174.93.107

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.