51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73

Analysis

max time kernel
151s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20231221-en
resource tags

arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
17-02-2024 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elf
Size

138KB
MD5

668364ed33c09d7c252568344c4b413e
SHA1

4996307c7e1b70d3ae4124f7265b1a15561a6bde
SHA256

51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73
SHA512

6ebe3fefb7622ad19b1d1e6699dd6848e4ecd0c30587ca72b01f0f7b3fded70d47348229fce9943b23bfce45955c1ec14c9d2c6c467e74449c2096144f9698b6
SSDEEP

1536:o6sYiS5hDkW3wUjrk9tAT2Qt6aGFfA8ML44VsNk+TnzB3k1BwAWOtR7l9sGwywL6:o60WW/PhFfl485rzB3kdtthKlbVtg

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a- M"!	659	51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/639/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/763/cmdline
File opened for reading	/proc/743/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/293/cmdline
File opened for reading	/proc/674/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/750/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/311/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/635/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/704/cmdline
File opened for reading	/proc/676/cmdline
File opened for reading	/proc/688/cmdline
File opened for reading	/proc/708/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/113/cmdline
File opened for reading	/proc/141/cmdline
File opened for reading	/proc/660/cmdline
File opened for reading	/proc/741/cmdline
File opened for reading	/proc/675/cmdline
File opened for reading	/proc/709/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/43/cmdline
File opened for reading	/proc/628/cmdline
File opened for reading	/proc/701/cmdline
File opened for reading	/proc/724/cmdline
File opened for reading	/proc/110/cmdline
File opened for reading	/proc/112/cmdline
File opened for reading	/proc/670/cmdline
File opened for reading	/proc/700/cmdline
File opened for reading	/proc/664/cmdline
File opened for reading	/proc/685/cmdline
File opened for reading	/proc/712/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/209/cmdline
File opened for reading	/proc/662/cmdline
File opened for reading	/proc/745/cmdline
File opened for reading	/proc/776/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/665/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/746/cmdline
File opened for reading	/proc/770/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/644/cmdline

/tmp/51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elf
/tmp/51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elf
1⤵
- Changes its process name
PID:659

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads