68994ff47179cc155337f70017c92afcb9c1d9d4ee0a4c1926bf0f83df301e19

Analysis

max time kernel
102s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20231221-en
resource tags

arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
05-01-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3b86b018dd2ab1f24426797cf4cb4cf0adbabc57e1f359b46233176dc590938.elf
Size

140KB
MD5

862df4a9cf9fae415ca95bbc6a94579c
SHA1

013e10f62ed455bd33bfab7a949e0846849bdc3b
SHA256

e3b86b018dd2ab1f24426797cf4cb4cf0adbabc57e1f359b46233176dc590938
SHA512

75d1a224353a8248f6d533fead0cde0f785321af47da8098d24088f562c0100894b42f9e0268a8c5ad8e7bf1bb9e37d9a66a7ca47c6e0ec830a56e01468b76d5
SSDEEP

3072:LfFD++4GqtaYNpTtmivhu/UUbqnhnadzuPnM/9uy/E:LfFD+ykaYNpTtmso/WhadzuvM/9C

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself		666	e3b86b018dd2ab1f24426797cf4cb4cf0adbabc57e1f359b46233176dc590938.elf

Deletes itself 1 IoCs

pid	Process
666	e3b86b018dd2ab1f24426797cf4cb4cf0adbabc57e1f359b46233176dc590938.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/695/cmdline
File opened for reading	/proc/740/cmdline
File opened for reading	/proc/594/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/716/cmdline
File opened for reading	/proc/718/cmdline
File opened for reading	/proc/749/cmdline
File opened for reading	/proc/648/cmdline
File opened for reading	/proc/667/cmdline
File opened for reading	/proc/713/cmdline
File opened for reading	/proc/727/cmdline
File opened for reading	/proc/744/cmdline
File opened for reading	/proc/316/cmdline
File opened for reading	/proc/581/cmdline
File opened for reading	/proc/683/cmdline
File opened for reading	/proc/701/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/726/cmdline
File opened for reading	/proc/76/cmdline
File opened for reading	/proc/698/cmdline
File opened for reading	/proc/734/cmdline
File opened for reading	/proc/745/cmdline
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/645/cmdline
File opened for reading	/proc/671/cmdline
File opened for reading	/proc/742/cmdline
File opened for reading	/proc/746/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/42/cmdline
File opened for reading	/proc/105/cmdline
File opened for reading	/proc/271/cmdline
File opened for reading	/proc/723/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/770/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/318/cmdline
File opened for reading	/proc/600/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/644/cmdline
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/138/cmdline
File opened for reading	/proc/162/cmdline
File opened for reading	/proc/327/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/705/cmdline
File opened for reading	/proc/707/cmdline
File opened for reading	/proc/766/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/599/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/755/cmdline
File opened for reading	/proc/107/cmdline
File opened for reading	/proc/676/cmdline
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/752/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/669/cmdline

/tmp/e3b86b018dd2ab1f24426797cf4cb4cf0adbabc57e1f359b46233176dc590938.elf
/tmp/e3b86b018dd2ab1f24426797cf4cb4cf0adbabc57e1f359b46233176dc590938.elf
1⤵
- Changes its process name
- Deletes itself
PID:666

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads