ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee

Analysis

max time kernel
141s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20231221-en
resource tags

arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
12/02/2024, 05:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee.elf
Size

130KB
MD5

82d2cc55806b3d9bcfa6c16c391b6f6e
SHA1

3e183cf532cfb09f96c564f07b34098cbb19e7e5
SHA256

ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee
SHA512

f13074f8bac195fb3c8041dee07158f3a8cadaef7ed6429dc253011723e2e3bc6a3e9d0d117948f7ea92bf145f2fddc78970dde676f5bb034940a721acfd202c
SSDEEP

3072:gHL+mYo4xFOV48wlPNbMRfaPuk84GOV9LHni3E:gHLeXAV48MPNbXt9Tni0

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M}!	660	ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/699/cmdline
File opened for reading	/proc/761/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/209/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/702/cmdline
File opened for reading	/proc/713/cmdline
File opened for reading	/proc/747/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/724/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/43/cmdline
File opened for reading	/proc/105/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/635/cmdline
File opened for reading	/proc/768/cmdline
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/774/cmdline
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/708/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/166/cmdline
File opened for reading	/proc/664/cmdline
File opened for reading	/proc/696/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/738/cmdline
File opened for reading	/proc/763/cmdline
File opened for reading	/proc/767/cmdline
File opened for reading	/proc/136/cmdline
File opened for reading	/proc/672/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/726/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/645/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/668/cmdline
File opened for reading	/proc/698/cmdline
File opened for reading	/proc/765/cmdline
File opened for reading	/proc/41/cmdline
File opened for reading	/proc/141/cmdline
File opened for reading	/proc/641/cmdline
File opened for reading	/proc/75/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/773/cmdline
File opened for reading	/proc/576/cmdline
File opened for reading	/proc/695/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/677/cmdline
File opened for reading	/proc/680/cmdline
File opened for reading	/proc/685/cmdline

/tmp/ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee.elf
/tmp/ab328e1db4437651dc5647032a54a947beda7d9e321ee8a88c4efbbea793ffee.elf
1⤵
- Changes its process name
PID:660

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads