5ab1799f88ef9e58b4077c20bfea8711fe38691cc3b9470b7f99e7d21830573f

Analysis

max time kernel
152s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
04-01-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ab1799f88ef9e58b4077c20bfea8711fe38691cc3b9470b7f99e7d21830573f.elf
Size

65KB
MD5

4f04293cb1ea3db3de14e5856f8d24ca
SHA1

64e3c593172c6d8563d5a55e92f3d4cc81cecc08
SHA256

5ab1799f88ef9e58b4077c20bfea8711fe38691cc3b9470b7f99e7d21830573f
SHA512

d80e5d4cb9fef270f0b2384e05bd19857b4d8f9eb6f8f7d7aa50f3764806396cc2a46908d537da15c65460cfe8f24cdb25f6278137b41289bf6cf0b2426e500e
SSDEEP

1536:r6uroOLqNXzd+fJMJZJUFVgyouYmV3Z3QeoLvvFeY:r6MkdQTHgyocJJQvFe

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself		649	5ab1799f88ef9e58b4077c20bfea8711fe38691cc3b9470b7f99e7d21830573f.elf

Deletes itself 1 IoCs

pid	Process
649	5ab1799f88ef9e58b4077c20bfea8711fe38691cc3b9470b7f99e7d21830573f.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/272/cmdline
File opened for reading	/proc/666/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/762/cmdline
File opened for reading	/proc/764/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/162/cmdline
File opened for reading	/proc/687/cmdline
File opened for reading	/proc/761/cmdline
File opened for reading	/proc/142/cmdline
File opened for reading	/proc/274/cmdline
File opened for reading	/proc/750/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/270/cmdline
File opened for reading	/proc/584/cmdline
File opened for reading	/proc/629/cmdline
File opened for reading	/proc/675/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/766/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/145/cmdline
File opened for reading	/proc/267/cmdline
File opened for reading	/proc/574/cmdline
File opened for reading	/proc/579/cmdline
File opened for reading	/proc/662/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/106/cmdline
File opened for reading	/proc/211/cmdline
File opened for reading	/proc/755/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/724/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/758/cmdline
File opened for reading	/proc/136/cmdline
File opened for reading	/proc/313/cmdline
File opened for reading	/proc/653/cmdline
File opened for reading	/proc/672/cmdline
File opened for reading	/proc/733/cmdline
File opened for reading	/proc/765/cmdline
File opened for reading	/proc/768/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/651/cmdline
File opened for reading	/proc/718/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/75/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/43/cmdline
File opened for reading	/proc/269/cmdline
File opened for reading	/proc/670/cmdline
File opened for reading	/proc/740/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/680/cmdline
File opened for reading	/proc/635/cmdline
File opened for reading	/proc/682/cmdline
File opened for reading	/proc/738/cmdline
File opened for reading	/proc/756/cmdline

/tmp/5ab1799f88ef9e58b4077c20bfea8711fe38691cc3b9470b7f99e7d21830573f.elf
/tmp/5ab1799f88ef9e58b4077c20bfea8711fe38691cc3b9470b7f99e7d21830573f.elf
1⤵
- Changes its process name
- Deletes itself
PID:649

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads