Analysis
-
max time kernel
151s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20231221-en -
resource tags
arch:armhfimage:debian9-armhf-20231221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
17-02-2024 04:27
Behavioral task
behavioral1
Sample
51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elf
Resource
debian9-armhf-20231221-en
General
-
Target
51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elf
-
Size
138KB
-
MD5
668364ed33c09d7c252568344c4b413e
-
SHA1
4996307c7e1b70d3ae4124f7265b1a15561a6bde
-
SHA256
51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73
-
SHA512
6ebe3fefb7622ad19b1d1e6699dd6848e4ecd0c30587ca72b01f0f7b3fded70d47348229fce9943b23bfce45955c1ec14c9d2c6c467e74449c2096144f9698b6
-
SSDEEP
1536:o6sYiS5hDkW3wUjrk9tAT2Qt6aGFfA8ML44VsNk+TnzB3k1BwAWOtR7l9sGwywL6:o60WW/PhFfl485rzB3kdtthKlbVtg
Malware Config
Signatures
-
Changes its process name 1 IoCs
Processes:
51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself a- M"! 659 51dd0aac50ac26998594dcec830da6a4f3b017c7a04b1b4c1dcfc3d15f9d6c73.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/7/cmdline File opened for reading /proc/729/cmdline File opened for reading /proc/639/cmdline File opened for reading /proc/691/cmdline File opened for reading /proc/692/cmdline File opened for reading /proc/763/cmdline File opened for reading /proc/743/cmdline File opened for reading /proc/759/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/293/cmdline File opened for reading /proc/674/cmdline File opened for reading /proc/722/cmdline File opened for reading /proc/750/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/311/cmdline File opened for reading /proc/721/cmdline File opened for reading /proc/714/cmdline File opened for reading /proc/28/cmdline File opened for reading /proc/635/cmdline File opened for reading /proc/689/cmdline File opened for reading /proc/704/cmdline File opened for reading /proc/676/cmdline File opened for reading /proc/688/cmdline File opened for reading /proc/708/cmdline File opened for reading /proc/725/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/113/cmdline File opened for reading /proc/141/cmdline File opened for reading /proc/660/cmdline File opened for reading /proc/741/cmdline File opened for reading /proc/675/cmdline File opened for reading /proc/709/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/43/cmdline File opened for reading /proc/628/cmdline File opened for reading /proc/701/cmdline File opened for reading /proc/724/cmdline File opened for reading /proc/110/cmdline File opened for reading /proc/112/cmdline File opened for reading /proc/670/cmdline File opened for reading /proc/700/cmdline File opened for reading /proc/664/cmdline File opened for reading /proc/685/cmdline File opened for reading /proc/712/cmdline File opened for reading /proc/739/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/209/cmdline File opened for reading /proc/662/cmdline File opened for reading /proc/745/cmdline File opened for reading /proc/776/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/665/cmdline File opened for reading /proc/719/cmdline File opened for reading /proc/720/cmdline File opened for reading /proc/746/cmdline File opened for reading /proc/770/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/644/cmdline