df4646e1bf9615d94a8304f3b20a9fb828ff489b16e5d6dc4673d24fa6a98f5c

Analysis

max time kernel
150s
max time network
138s
platform
debian-9_armhf
resource
debian9-armhf-20231130-en
resource tags

arch:armhfimage:debian9-armhf-20231130-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
10-12-2023 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm7-20231210-2348.elf
Size

141KB
MD5

403048bef1410a4c7914cacd42e10b3f
SHA1

a6de4802a9955842293c986d57ca325b8b07db7a
SHA256

df4646e1bf9615d94a8304f3b20a9fb828ff489b16e5d6dc4673d24fa6a98f5c
SHA512

59d196b4278a38b2313c8f76d0caf13c4d8a3c97a905d4425d39cecb90e516a5e368730234158660e5ed29e19a83fb1ddbb451f65dec2e062cc48fd67e97cd79
SSDEEP

3072:gdteXaZkbl2S+NzBuwLXHVzBBPywL7QaM/9iZAs0I:TXaZkbl2hNzHX1zB8wL75M/9iCg

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	5a6ceeu3bo6dip61nviwtffo0phg	653

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/3333,-/cmdline
File opened for reading	/proc/5555/cmdline
File opened for reading	/proc/6666)4/cmdline
File opened for reading	/proc/6666�4/cmdline
File opened for reading	/proc/7777/exe
File opened for reading	/proc/77/stat
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/111/cmdline
File opened for reading	/proc/77775/cmdline
File opened for reading	/proc/666611/cmdline
File opened for reading	/proc/6666E4/cmdline
File opened for reading	/proc/88/stat
File opened for reading	/proc/111c�"/cmdline
File opened for reading	/proc/1111A)/cmdline
File opened for reading	/proc/111�"/cmdline
File opened for reading	/proc/777722v�"/cmdline
File opened for reading	/proc/6666�3/cmdline
File opened for reading	/proc/66666/cmdline
File opened for reading	/proc/6666[4/cmdline
File opened for reading	/proc/222s�"/cmdline
File opened for reading	/proc/6666�3/cmdline
File opened for reading	/proc/77775/cmdline
File opened for reading	/proc/5555�/cmdline
File opened for reading	/proc/7777�6/cmdline
File opened for reading	/proc/22/stat
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/2222�3/cmdline
File opened for reading	/proc/77/cmdline
File opened for reading	/proc/6666*4/cmdline
File opened for reading	/proc/7777/stat
File opened for reading	/proc/6666�4/cmdline
File opened for reading	/proc/444s�"/cmdline
File opened for reading	/proc/7777/cmdline
File opened for reading	/proc/11/stat
File opened for reading	/proc/1111/stat
File opened for reading	/proc/3333/stat
File opened for reading	/proc/6666x4/cmdline
File opened for reading	/proc/6666�4/cmdline
File opened for reading	/proc/99/cmdline
File opened for reading	/proc/6666�3/cmdline
File opened for reading	/proc/6666+4/cmdline
File opened for reading	/proc/44/cmdline
File opened for reading	/proc/55553/cmdline
File opened for reading	/proc/77775/cmdline
File opened for reading	/proc/6666g4/cmdline
File opened for reading	/proc/33/stat
File opened for reading	/proc/222i�"/cmdline
File opened for reading	/proc/6666/exe
File opened for reading	/proc/111/stat
File opened for reading	/proc/1111�"/cmdline
File opened for reading	/proc/6666�4/cmdline
File opened for reading	/proc/7777�4/cmdline
File opened for reading	/proc/88ll�"/cmdline
File opened for reading	/proc/1111�3/cmdline
File opened for reading	/proc/6666�3/cmdline
File opened for reading	/proc/1111�%/cmdline
File opened for reading	/proc/2222H+/cmdline
File opened for reading	/proc/2222\|+/cmdline
File opened for reading	/proc/55550/cmdline
File opened for reading	/proc/777722�"/cmdline
File opened for reading	/proc/33/cmdline
File opened for reading	/proc/111m�"/cmdline
File opened for reading	/proc/222�"/cmdline
File opened for reading	/proc/5555�2/cmdline

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads