Analysis
-
max time kernel
135s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20231026-en -
resource tags
arch:armhfimage:debian9-armhf-20231026-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
11-11-2023 11:24
Behavioral task
behavioral1
Sample
NEAS.c77837054882d9b965303272cb8bce18a79ce8c77c8f4067631cfbfbc079b072.elf
Resource
debian9-armhf-20231026-en
debian-9-armhf
3 signatures
150 seconds
General
-
Target
NEAS.c77837054882d9b965303272cb8bce18a79ce8c77c8f4067631cfbfbc079b072.elf
-
Size
117KB
-
MD5
c5ec38ff10cbda10d061486f94bedc8f
-
SHA1
7fd63b59d1c56f522b4b051692e5afb46164a8a1
-
SHA256
c77837054882d9b965303272cb8bce18a79ce8c77c8f4067631cfbfbc079b072
-
SHA512
2fd7fea5da03461d8df252d73c00eef941f1371c581b5bf268466a90177643add9c5e80b7d248e7a3fa734ca7ab09cecdc22c6a21553c6bcc60e5b34ec3d2ea6
-
SSDEEP
3072:AQO3WqA3OKMoMuPGYlqqiao5+EuNM/9cE:AQO3kXMoMuPzQqY5+E4M/9cE
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 655 NEAS.c77837054882d9b965303272cb8bce18a79ce8c77c8f4067631cfbfbc079b072.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/7/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/41/cmdline File opened for reading /proc/735/cmdline File opened for reading /proc/762/cmdline File opened for reading /proc/764/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/770/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/175/cmdline File opened for reading /proc/277/cmdline File opened for reading /proc/308/cmdline File opened for reading /proc/657/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/316/cmdline File opened for reading /proc/320/cmdline File opened for reading /proc/774/cmdline File opened for reading /proc/776/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/43/cmdline File opened for reading /proc/778/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/288/cmdline File opened for reading /proc/583/cmdline File opened for reading /proc/587/cmdline File opened for reading /proc/648/cmdline File opened for reading /proc/734/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/646/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/42/cmdline File opened for reading /proc/115/cmdline File opened for reading /proc/116/cmdline File opened for reading /proc/603/cmdline File opened for reading /proc/681/cmdline File opened for reading /proc/758/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/289/cmdline File opened for reading /proc/644/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/28/cmdline File opened for reading /proc/217/cmdline File opened for reading /proc/590/cmdline File opened for reading /proc/665/cmdline File opened for reading /proc/780/cmdline File opened for reading /proc/150/cmdline File opened for reading /proc/772/cmdline File opened for reading /proc/784/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/273/cmdline File opened for reading /proc/274/cmdline File opened for reading /proc/782/cmdline File opened for reading /proc/4/cmdline