Analysis
-
max time kernel
151s -
max time network
144s -
platform
debian-9_armhf -
resource
debian9-armhf-20231026-en -
resource tags
arch:armhfimage:debian9-armhf-20231026-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
27/11/2023, 01:09
Behavioral task
behavioral1
Sample
77b56a46e5d02bff3af9d22923dec480c013905fb0a6201af167c7772d790431.elf
Resource
debian9-armhf-20231026-en
debian-9-armhf
3 signatures
150 seconds
General
-
Target
77b56a46e5d02bff3af9d22923dec480c013905fb0a6201af167c7772d790431.elf
-
Size
117KB
-
MD5
14cd8a2c759ae38a04ce07c0f6227565
-
SHA1
0793e09d6d33e3306a485cfc55689ad3705910de
-
SHA256
77b56a46e5d02bff3af9d22923dec480c013905fb0a6201af167c7772d790431
-
SHA512
80bd96b0519fc598d44afa27dc65f0e09f1d227b9bdf355cbfdbf44f6eae7b77b63edf87b54418a2d8ccd852d4f9325111f9c28de2c277078fa44ad4102ba016
-
SSDEEP
3072:AQO3WqA6OKMoMuPGYlqqiaoH+EuNM/9cE:AQO3hXMoMuPzQqYH+E4M/9cE
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 659 77b56a46e5d02bff3af9d22923dec480c013905fb0a6201af167c7772d790431.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/18/cmdline File opened for reading /proc/103/cmdline File opened for reading /proc/582/cmdline File opened for reading /proc/642/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/261/cmdline File opened for reading /proc/267/cmdline File opened for reading /proc/311/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/568/cmdline File opened for reading /proc/704/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/25/cmdline File opened for reading /proc/161/cmdline File opened for reading /proc/664/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/42/cmdline File opened for reading /proc/638/cmdline File opened for reading /proc/43/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/628/cmdline File opened for reading /proc/752/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/41/cmdline File opened for reading /proc/658/cmdline File opened for reading /proc/748/cmdline File opened for reading /proc/767/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/131/cmdline File opened for reading /proc/575/cmdline File opened for reading /proc/645/cmdline File opened for reading /proc/701/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/268/cmdline File opened for reading /proc/641/cmdline File opened for reading /proc/710/cmdline File opened for reading /proc/300/cmdline File opened for reading /proc/636/cmdline File opened for reading /proc/144/cmdline File opened for reading /proc/209/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/106/cmdline File opened for reading /proc/137/cmdline File opened for reading /proc/306/cmdline File opened for reading /proc/708/cmdline File opened for reading /proc/759/cmdline File opened for reading /proc/763/cmdline