ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee

Analysis

max time kernel
151s
max time network
152s
platform
debian-9_armhf
resource
debian9-armhf-20231222-en
resource tags

arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
12/02/2024, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee.elf
Size

130KB
MD5

82d2cc55806b3d9bcfa6c16c391b6f6e
SHA1

3e183cf532cfb09f96c564f07b34098cbb19e7e5
SHA256

ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee
SHA512

f13074f8bac195fb3c8041dee07158f3a8cadaef7ed6429dc253011723e2e3bc6a3e9d0d117948f7ea92bf145f2fddc78970dde676f5bb034940a721acfd202c
SSDEEP

3072:gHL+mYo4xFOV48wlPNbMRfaPuk84GOV9LHni3E:gHLeXAV48MPNbXt9Tni0

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M}!	698	ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/8/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/161/cmdline
File opened for reading	/proc/292/cmdline
File opened for reading	/proc/635/cmdline
File opened for reading	/proc/668/cmdline
File opened for reading	/proc/700/cmdline
File opened for reading	/proc/795/cmdline
File opened for reading	/proc/796/cmdline
File opened for reading	/proc/277/cmdline
File opened for reading	/proc/707/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/765/cmdline
File opened for reading	/proc/768/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/107/cmdline
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/743/cmdline
File opened for reading	/proc/778/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/709/cmdline
File opened for reading	/proc/773/cmdline
File opened for reading	/proc/806/cmdline
File opened for reading	/proc/582/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/763/cmdline
File opened for reading	/proc/767/cmdline
File opened for reading	/proc/793/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/289/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/747/cmdline
File opened for reading	/proc/758/cmdline
File opened for reading	/proc/785/cmdline
File opened for reading	/proc/780/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/740/cmdline
File opened for reading	/proc/760/cmdline
File opened for reading	/proc/770/cmdline
File opened for reading	/proc/321/cmdline
File opened for reading	/proc/745/cmdline
File opened for reading	/proc/748/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/25/cmdline
File opened for reading	/proc/106/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/799/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/41/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/674/cmdline
File opened for reading	/proc/788/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/42/cmdline

/tmp/ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee.elf
/tmp/ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee.elf
1⤵
- Changes its process name
PID:698

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads