f68b3cb81a8eed7cd485a95e030485b23ec7b62b225bc763a9fd1a61c3a95e08

Analysis

max time kernel
151s
max time network
150s
platform
debian-9_mips
resource
debian9-mipsbe-20231215-en
resource tags

arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
12/02/2024, 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f68b3cb81a8eed7cd485a95e030485b23ec7b62b225bc763a9fd1a61c3a95e08.elf
Size

157KB
MD5

4d964fe844128305d88454fbc8924a70
SHA1

6e2b85f75daaa37f148f2047d88072eabe3d5c2a
SHA256

f68b3cb81a8eed7cd485a95e030485b23ec7b62b225bc763a9fd1a61c3a95e08
SHA512

55c803cbac1f38a35d3aa0e8bb30d71aac38edcd2024dd57d9269e75361e8bacf383b6f8238909ed779ccac5899495b32a20b8fe7aa554470e89b9e854d55a14
SSDEEP

1536:9MHVOdA9edSAZTZtZdNKGd7sUeN8slP1j6TfNYoDF8T7GE9CkK:9MAZhZtvNK+7sR8sTgYo58TKE9CkK

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	705	f68b3cb81a8eed7cd485a95e030485b23ec7b62b225bc763a9fd1a61c3a95e08.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/8/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/753/cmdline
File opened for reading	/proc/776/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/698/cmdline
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/364/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/801/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/748/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/70/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/384/cmdline
File opened for reading	/proc/485/cmdline
File opened for reading	/proc/751/cmdline
File opened for reading	/proc/773/cmdline
File opened for reading	/proc/747/cmdline
File opened for reading	/proc/76/cmdline
File opened for reading	/proc/164/cmdline
File opened for reading	/proc/337/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/731/cmdline
File opened for reading	/proc/746/cmdline
File opened for reading	/proc/762/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/688/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/789/cmdline
File opened for reading	/proc/791/cmdline
File opened for reading	/proc/534/cmdline
File opened for reading	/proc/723/cmdline
File opened for reading	/proc/744/cmdline
File opened for reading	/proc/756/cmdline
File opened for reading	/proc/775/cmdline
File opened for reading	/proc/788/cmdline
File opened for reading	/proc/71/cmdline
File opened for reading	/proc/113/cmdline
File opened for reading	/proc/380/cmdline
File opened for reading	/proc/752/cmdline
File opened for reading	/proc/768/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/795/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/37/cmdline
File opened for reading	/proc/745/cmdline
File opened for reading	/proc/793/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/342/cmdline

/tmp/f68b3cb81a8eed7cd485a95e030485b23ec7b62b225bc763a9fd1a61c3a95e08.elf
/tmp/f68b3cb81a8eed7cd485a95e030485b23ec7b62b225bc763a9fd1a61c3a95e08.elf
1⤵
- Changes its process name
PID:705

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads