4ca57989112b0134bcf84869740a7440919e02d418dad98a6cd32b4e55be5ffe

Analysis

max time kernel
149s
max time network
146s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/03/2024, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ca57989112b0134bcf84869740a7440919e02d418dad98a6cd32b4e55be5ffe.elf
Size

126KB
MD5

62be1456ad9f1f25e9d7be7d1320d0b7
SHA1

849b17d4a0b0aeb4222a9cc3e30767a036db8362
SHA256

4ca57989112b0134bcf84869740a7440919e02d418dad98a6cd32b4e55be5ffe
SHA512

ca36957a546953a2a77527ad32777534ae247f54ea85fd64bda0d72999b6708055f4a16393cd85b5951c60fd53b1e2852b1d8a16787e4dc569dd35693d6f7ae7
SSDEEP

1536:Jtv+s43G5bUWk8RAqSh71QAFMxK4VIGUT2y1C1O/T0A46nrtplUuwyw1FrR7bVni:Dv+XQ/RRg71QNE43Uqy1C1O146rOgbE

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	644	4ca57989112b0134bcf84869740a7440919e02d418dad98a6cd32b4e55be5ffe.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/656/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/466/cmdline
File opened for reading	/proc/679/cmdline
File opened for reading	/proc/684/cmdline
File opened for reading	/proc/716/cmdline
File opened for reading	/proc/740/cmdline
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/672/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/737/cmdline
File opened for reading	/proc/748/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/665/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/753/cmdline
File opened for reading	/proc/650/cmdline
File opened for reading	/proc/694/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/749/cmdline
File opened for reading	/proc/281/cmdline
File opened for reading	/proc/652/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/727/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/750/cmdline
File opened for reading	/proc/696/cmdline
File opened for reading	/proc/762/cmdline
File opened for reading	/proc/778/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/259/cmdline
File opened for reading	/proc/654/cmdline
File opened for reading	/proc/682/cmdline
File opened for reading	/proc/703/cmdline
File opened for reading	/proc/760/cmdline
File opened for reading	/proc/640/cmdline
File opened for reading	/proc/663/cmdline
File opened for reading	/proc/741/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/670/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/645/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/744/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/104/cmdline
File opened for reading	/proc/639/cmdline
File opened for reading	/proc/664/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/661/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/598/cmdline
File opened for reading	/proc/701/cmdline
File opened for reading	/proc/751/cmdline
File opened for reading	/proc/676/cmdline

/tmp/4ca57989112b0134bcf84869740a7440919e02d418dad98a6cd32b4e55be5ffe.elf
/tmp/4ca57989112b0134bcf84869740a7440919e02d418dad98a6cd32b4e55be5ffe.elf
1⤵
- Changes its process name
PID:644

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads