04aa56c7807096e0de05f37329fec62e5a3c4a67dabdf9e06db8c77321757011 | Triage

Analysis

max time kernel
142s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
20-12-2023 09:16

Sharing

Report Analysis Logs

General

Target

9af208ef74a5db6df7ea029504bdcb6e
Size

37KB
MD5

9af208ef74a5db6df7ea029504bdcb6e
SHA1

900d51c854cdcb7de87107d5e25160e1ec941e4f
SHA256

04aa56c7807096e0de05f37329fec62e5a3c4a67dabdf9e06db8c77321757011
SHA512

7029596ad61db5421e7012bee3ff5c00100336ee8f9a113eb6c94299a27b2e55eceda12033ace8c1f338898149a4f52ebbce7459aead483ab7dcc6ccef2a7d17
SSDEEP

768:Wd7gl++vfTmksZfwbz8vJ1oBZr0pX1G3UvxKsGNswuJL4R:w7glhvbmkKK6J1o7szxs

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

9af208ef74a5db6df7ea029504bdcb6e

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	664	9af208ef74a5db6df7ea029504bdcb6e

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

Processes:

9af208ef74a5db6df7ea029504bdcb6e

description	ioc	Process
File opened for reading	/proc/self/exe	9af208ef74a5db6df7ea029504bdcb6e

/tmp/9af208ef74a5db6df7ea029504bdcb6e
/tmp/9af208ef74a5db6df7ea029504bdcb6e
1⤵
- Changes its process name
- Reads runtime system information
PID:664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/664-1-0x00008000-0x00026f48-memory.dmp

Download