ee863dea004ae412cb903c84ac9affb22273d3e3f6d62c4ff03189cf09e7e1fa

Analysis

max time kernel
150s
max time network
147s
platform
debian-9_mipsel
resource
debian9-mipsel-20231222-en
resource tags

arch:mipselimage:debian9-mipsel-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
18/02/2024, 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee863dea004ae412cb903c84ac9affb22273d3e3f6d62c4ff03189cf09e7e1fa.elf
Size

181KB
MD5

4f7f6c4ab5b55db2ebbfe407aacf888b
SHA1

1c36aa08d0dd20af097dfc840c40cad6c75d964e
SHA256

ee863dea004ae412cb903c84ac9affb22273d3e3f6d62c4ff03189cf09e7e1fa
SHA512

65422a75d9de8856bee342401b94788d7e7eaef2d6f5bb086803f64458dfa7bfc3a496c6538f2459f2cd5f5fe5fd085e7af58f3014dffec184018e11b1b397c2
SSDEEP

3072:YJPmnsApE2klal9W0TPNTiLoUJY+JVv0J:YosApZkl6W0LNOL/ygR0

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	745	ee863dea004ae412cb903c84ac9affb22273d3e3f6d62c4ff03189cf09e7e1fa.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/126/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/773/cmdline
File opened for reading	/proc/775/cmdline
File opened for reading	/proc/683/cmdline
File opened for reading	/proc/767/cmdline
File opened for reading	/proc/779/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/176/cmdline
File opened for reading	/proc/392/cmdline
File opened for reading	/proc/787/cmdline
File opened for reading	/proc/804/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/160/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/742/cmdline
File opened for reading	/proc/815/cmdline
File opened for reading	/proc/157/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/782/cmdline
File opened for reading	/proc/791/cmdline
File opened for reading	/proc/807/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/834/cmdline
File opened for reading	/proc/838/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/82/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/748/cmdline
File opened for reading	/proc/793/cmdline
File opened for reading	/proc/810/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/75/cmdline
File opened for reading	/proc/348/cmdline
File opened for reading	/proc/446/cmdline
File opened for reading	/proc/688/cmdline
File opened for reading	/proc/749/cmdline
File opened for reading	/proc/797/cmdline
File opened for reading	/proc/747/cmdline
File opened for reading	/proc/812/cmdline
File opened for reading	/proc/817/cmdline
File opened for reading	/proc/840/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/795/cmdline
File opened for reading	/proc/828/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/125/cmdline
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/762/cmdline
File opened for reading	/proc/774/cmdline
File opened for reading	/proc/802/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/792/cmdline
File opened for reading	/proc/830/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/77/cmdline

/tmp/ee863dea004ae412cb903c84ac9affb22273d3e3f6d62c4ff03189cf09e7e1fa.elf
/tmp/ee863dea004ae412cb903c84ac9affb22273d3e3f6d62c4ff03189cf09e7e1fa.elf
1⤵
- Changes its process name
PID:745

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads