80a53fe18c15f363ee8526fca147ef931373616a8a083601a420ede27b655785

Analysis

max time kernel
149s
max time network
149s
platform
debian-9_armhf
resource
debian9-armhf-20240221-en
resource tags

arch:armhfimage:debian9-armhf-20240221-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
23/02/2024, 05:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

80a53fe18c15f363ee8526fca147ef931373616a8a083601a420ede27b655785.elf
Size

130KB
MD5

f82b16a7f59c371bc7d853008209e753
SHA1

5e05ad5010dec10d8e8d837efddc1f1e60469304
SHA256

80a53fe18c15f363ee8526fca147ef931373616a8a083601a420ede27b655785
SHA512

7cfd4dddc3559510322381f4f09f3219feeacc37223293a931df333bdeb684d5b5058f2e07ab41c99ebce15d5f07686c8a0f2366bffc4fd7fee0684d64047196
SSDEEP

1536:zP8g2CSJG5mIOd34g1Ac0Y1jAFrZ4V/3ETVO5bTa6MFjpChUDDl0+wywVFN+S4d5:z0FGE1TV1jI45ERO5bTKhpCyevQW

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	661	80a53fe18c15f363ee8526fca147ef931373616a8a083601a420ede27b655785.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/737/cmdline
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/574/cmdline
File opened for reading	/proc/670/cmdline
File opened for reading	/proc/685/cmdline
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/654/cmdline
File opened for reading	/proc/707/cmdline
File opened for reading	/proc/149/cmdline
File opened for reading	/proc/716/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/690/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/41/cmdline
File opened for reading	/proc/308/cmdline
File opened for reading	/proc/765/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/693/cmdline
File opened for reading	/proc/770/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/96/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/742/cmdline
File opened for reading	/proc/274/cmdline
File opened for reading	/proc/704/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/788/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/724/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/755/cmdline
File opened for reading	/proc/756/cmdline
File opened for reading	/proc/141/cmdline
File opened for reading	/proc/306/cmdline
File opened for reading	/proc/787/cmdline
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/779/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/107/cmdline
File opened for reading	/proc/734/cmdline
File opened for reading	/proc/775/cmdline
File opened for reading	/proc/795/cmdline
File opened for reading	/proc/682/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/785/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/108/cmdline
File opened for reading	/proc/663/cmdline
File opened for reading	/proc/753/cmdline
File opened for reading	/proc/767/cmdline
File opened for reading	/proc/782/cmdline
File opened for reading	/proc/796/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/683/cmdline
File opened for reading	/proc/699/cmdline
File opened for reading	/proc/708/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/674/cmdline

/tmp/80a53fe18c15f363ee8526fca147ef931373616a8a083601a420ede27b655785.elf
/tmp/80a53fe18c15f363ee8526fca147ef931373616a8a083601a420ede27b655785.elf
1⤵
- Changes its process name
PID:661

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads