65add85c100983e7b27c361676161f45a64c7a476b53ae0a38e82d1e459952ad

Analysis

max time kernel
69s
max time network
154s
platform
debian-9_mips
resource
debian9-mipsbe-20231026-en
resource tags

arch:mipsimage:debian9-mipsbe-20231026-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
13/11/2023, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aebc3575e176f365b5d2c2e6a5649f75e9d93ec49f8dbbc6854878333fe0d0f.elf
Size

179KB
MD5

27c0fcd08dca619806e080327122692b
SHA1

ca763cd0f836be005ab44cddce23a7190732716c
SHA256

0aebc3575e176f365b5d2c2e6a5649f75e9d93ec49f8dbbc6854878333fe0d0f
SHA512

1d120e1161b2ef7d03d16f29c78603b3d767131c773328503a5fcb1c3d1d8eb67438de36fcc8d73c88370767134e587291ecd870005cf179903fa11aada0b800
SSDEEP

3072:N7UDV7oyeMKKtTLLEK4f6ec8zmTz7BBTBiDqZ0G:N7UDV7oLMKmTLSXhmDBlBiq3

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M1&" $7	702	0aebc3575e176f365b5d2c2e6a5649f75e9d93ec49f8dbbc6854878333fe0d0f.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/69/cmdline
File opened for reading	/proc/390/cmdline
File opened for reading	/proc/104/cmdline
File opened for reading	/proc/699/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/696/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/349/cmdline
File opened for reading	/proc/351/cmdline
File opened for reading	/proc/693/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/37/cmdline
File opened for reading	/proc/77/cmdline
File opened for reading	/proc/703/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/141/cmdline
File opened for reading	/proc/749/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/460/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/765/cmdline
File opened for reading	/proc/149/cmdline
File opened for reading	/proc/467/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/750/cmdline
File opened for reading	/proc/761/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/166/cmdline
File opened for reading	/proc/726/cmdline
File opened for reading	/proc/746/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/731/cmdline
File opened for reading	/proc/727/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/504/cmdline
File opened for reading	/proc/708/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/355/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/73/cmdline
File opened for reading	/proc/114/cmdline
File opened for reading	/proc/388/cmdline
File opened for reading	/proc/704/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/770/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/376/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/716/cmdline
File opened for reading	/proc/78/cmdline
File opened for reading	/proc/733/cmdline
File opened for reading	/proc/740/cmdline
File opened for reading	/proc/741/cmdline
File opened for reading	/proc/748/cmdline
File opened for reading	/proc/769/cmdline

/tmp/0aebc3575e176f365b5d2c2e6a5649f75e9d93ec49f8dbbc6854878333fe0d0f.elf
/tmp/0aebc3575e176f365b5d2c2e6a5649f75e9d93ec49f8dbbc6854878333fe0d0f.elf
1⤵
- Changes its process name
PID:702

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads