056fedcd36dfcfe849e56bf64e4af575e5959b63d5f707a49acbab5202904bbf

Analysis

max time kernel
134s
max time network
139s
platform
debian-9_armhf
resource
debian9-armhf-20231222-en
resource tags

arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
25/12/2023, 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d58e42f98f69b8b1f74b7c639a1cce00.elf
Size

134KB
MD5

d58e42f98f69b8b1f74b7c639a1cce00
SHA1

7ede3706e3ba8a713e1bad1c19c9a8080ea63c33
SHA256

056fedcd36dfcfe849e56bf64e4af575e5959b63d5f707a49acbab5202904bbf
SHA512

55e3b272afb07a8df461bb1535aaea0ba0bad40604f3f917e9d09e88c1673ba3771391ff3805a08c27a72bc740d33a267c2c11f23af9c5d3b2c5bd65db19917a
SSDEEP

1536:reIIcq87ZO8VQzlHaurUA4XlFFAeSz4VAZJsTgVUs/Br22/I/dLl2zUwywmFfbBq:aIIifMrUzVFFM4UiMVUs/Hg/GxyvQV

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	658	d58e42f98f69b8b1f74b7c639a1cce00.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/695/cmdline
File opened for reading	/proc/746/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/726/cmdline
File opened for reading	/proc/741/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/42/cmdline
File opened for reading	/proc/659/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/693/cmdline
File opened for reading	/proc/747/cmdline
File opened for reading	/proc/770/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/270/cmdline
File opened for reading	/proc/324/cmdline
File opened for reading	/proc/628/cmdline
File opened for reading	/proc/761/cmdline
File opened for reading	/proc/696/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/748/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/164/cmdline
File opened for reading	/proc/301/cmdline
File opened for reading	/proc/677/cmdline
File opened for reading	/proc/755/cmdline
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/718/cmdline
File opened for reading	/proc/735/cmdline
File opened for reading	/proc/751/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/96/cmdline
File opened for reading	/proc/676/cmdline
File opened for reading	/proc/682/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/742/cmdline
File opened for reading	/proc/756/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/297/cmdline
File opened for reading	/proc/663/cmdline
File opened for reading	/proc/667/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/299/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/763/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/662/cmdline
File opened for reading	/proc/709/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/680/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/758/cmdline
File opened for reading	/proc/106/cmdline
File opened for reading	/proc/575/cmdline
File opened for reading	/proc/634/cmdline
File opened for reading	/proc/669/cmdline
File opened for reading	/proc/681/cmdline
File opened for reading	/proc/144/cmdline
File opened for reading	/proc/643/cmdline

/tmp/d58e42f98f69b8b1f74b7c639a1cce00.elf
/tmp/d58e42f98f69b8b1f74b7c639a1cce00.elf
1⤵
- Changes its process name
PID:658

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads