3a284d9834f9ed19c151744ea77e27871ebcaa37ccc25f4bcde74d0e1bc089d2

Analysis

max time kernel
151s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20230831-en
resource tags

arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07/10/2023, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514.elf
Size

175KB
MD5

57e2b6062192e93646cd64d6c0b774b8
SHA1

7fe6d7c8794a77a162b81bc15f10da7191013f72
SHA256

2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514
SHA512

5d895adbae72827de75143cf301d08fc3c8afd42291823c15aeee91de0e46fd2d5cc72599876ec467233144f34e3733dc00873737072596c2924fb4c5ed91a2a
SSDEEP

3072:nS/NsChjlvbAmfkIaboVSyckpj/HS0Bpxi/hJjogM/RXC/Ht6:nS/7lvlcIaboVS7kVdBHi/XMgM/RXC/0

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	367	2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/408/cmdline
File opened for reading	/proc/436/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/390/cmdline
File opened for reading	/proc/407/cmdline
File opened for reading	/proc/426/cmdline
File opened for reading	/proc/451/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/108/cmdline
File opened for reading	/proc/366/cmdline
File opened for reading	/proc/420/cmdline
File opened for reading	/proc/425/cmdline
File opened for reading	/proc/447/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/269/cmdline
File opened for reading	/proc/271/cmdline
File opened for reading	/proc/449/cmdline
File opened for reading	/proc/476/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/141/cmdline
File opened for reading	/proc/287/cmdline
File opened for reading	/proc/368/cmdline
File opened for reading	/proc/361/cmdline
File opened for reading	/proc/401/cmdline
File opened for reading	/proc/442/cmdline
File opened for reading	/proc/464/cmdline
File opened for reading	/proc/137/cmdline
File opened for reading	/proc/362/cmdline
File opened for reading	/proc/395/cmdline
File opened for reading	/proc/427/cmdline
File opened for reading	/proc/460/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/375/cmdline
File opened for reading	/proc/450/cmdline
File opened for reading	/proc/485/cmdline
File opened for reading	/proc/279/cmdline
File opened for reading	/proc/315/cmdline
File opened for reading	/proc/468/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/148/cmdline
File opened for reading	/proc/392/cmdline
File opened for reading	/proc/417/cmdline
File opened for reading	/proc/431/cmdline
File opened for reading	/proc/445/cmdline
File opened for reading	/proc/224/cmdline
File opened for reading	/proc/377/cmdline
File opened for reading	/proc/453/cmdline
File opened for reading	/proc/477/cmdline
File opened for reading	/proc/481/cmdline
File opened for reading	/proc/378/cmdline
File opened for reading	/proc/387/cmdline
File opened for reading	/proc/410/cmdline
File opened for reading	/proc/432/cmdline
File opened for reading	/proc/439/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/466/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/323/cmdline
File opened for reading	/proc/374/cmdline

/tmp/2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514.elf
/tmp/2bf8619215e2c564cee9a7aafab6694cd1f23911b0852285dbf35874091ed514.elf
1⤵
- Changes its process name
PID:367

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads