83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a

Analysis

max time kernel
149s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
12-03-2024 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf
Size

63KB
MD5

6ad22a06b06ea861f73cf07c3e5ae88d
SHA1

ee67abd91a64eeca616d04e16c3bac1f1255f91f
SHA256

83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a
SHA512

597a3f8a79668d13449699fa76a9ac3e571a68b4e0f4e79e1d21dcd6103cf197b9f6b1a4e768e98b91314dff7b545ce9b1519a5e003ed3e0fd5f5f8ddc00e9b2
SSDEEP

1536:af2JIv7Dc/4a9sRjchE7Ebz/UI+eeIeWNvb:af2JIeFsn7Ebz/mIb

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	telnetd	663	83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf

Deletes itself 1 IoCs

Processes:

83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf

pid process

663 83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf

pid	process
663	83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf

Unexpected DNS network traffic destination 63 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	195.10.195.195
Destination IP	185.181.61.24
Destination IP	185.232.68.212
Destination IP	185.232.68.212
Destination IP	134.195.4.2
Destination IP	185.181.61.24
Destination IP	185.232.68.212
Destination IP	63.231.92.27
Destination IP	70.34.254.19
Destination IP	185.232.68.212
Destination IP	130.61.64.122
Destination IP	185.181.61.24
Destination IP	178.254.22.166
Destination IP	130.61.64.122
Destination IP	63.231.92.27
Destination IP	185.84.81.194
Destination IP	130.61.64.122
Destination IP	185.84.81.194
Destination IP	217.160.70.42
Destination IP	185.181.61.24
Destination IP	134.195.4.2
Destination IP	185.84.81.194
Destination IP	134.195.4.2
Destination IP	134.195.4.2
Destination IP	185.181.61.24
Destination IP	130.61.64.122
Destination IP	195.10.195.195
Destination IP	185.181.61.24
Destination IP	178.254.22.166
Destination IP	185.232.68.212
Destination IP	217.160.70.42
Destination IP	195.10.195.195
Destination IP	195.10.195.195
Destination IP	185.181.61.24
Destination IP	168.138.8.38
Destination IP	38.103.195.4
Destination IP	178.254.22.166
Destination IP	178.254.22.166
Destination IP	168.138.8.38
Destination IP	185.232.68.212
Destination IP	134.195.4.2
Destination IP	168.138.8.38
Destination IP	168.138.8.38
Destination IP	63.231.92.27
Destination IP	63.231.92.27
Destination IP	185.181.61.24
Destination IP	134.195.4.2
Destination IP	185.232.68.212
Destination IP	130.61.64.122
Destination IP	217.160.70.42
Destination IP	185.84.81.194
Destination IP	168.138.8.38
Destination IP	63.231.92.27
Destination IP	185.84.81.194
Destination IP	217.160.70.42
Destination IP	217.160.70.42
Destination IP	185.232.68.212
Destination IP	178.254.22.166
Destination IP	195.10.195.195
Destination IP	185.181.61.24
Destination IP	185.181.61.24
Destination IP	185.232.68.212
Destination IP	185.232.68.212

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/42/cmdline
File opened for reading	/proc/658/cmdline
File opened for reading	/proc/724/cmdline
File opened for reading	/proc/755/cmdline
File opened for reading	/proc/756/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/743/cmdline
File opened for reading	/proc/779/cmdline
File opened for reading	/proc/790/cmdline
File opened for reading	/proc/671/cmdline
File opened for reading	/proc/781/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/735/cmdline
File opened for reading	/proc/775/cmdline
File opened for reading	/proc/690/cmdline
File opened for reading	/proc/700/cmdline
File opened for reading	/proc/704/cmdline
File opened for reading	/proc/795/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/109/cmdline
File opened for reading	/proc/142/cmdline
File opened for reading	/proc/514/cmdline
File opened for reading	/proc/526/cmdline
File opened for reading	/proc/659/cmdline
File opened for reading	/proc/8/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/761/cmdline
File opened for reading	/proc/664/cmdline
File opened for reading	/proc/694/cmdline
File opened for reading	/proc/712/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/723/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/158/cmdline
File opened for reading	/proc/279/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/762/cmdline
File opened for reading	/proc/776/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/785/cmdline
File opened for reading	/proc/787/cmdline
File opened for reading	/proc/782/cmdline
File opened for reading	/proc/276/cmdline
File opened for reading	/proc/300/cmdline
File opened for reading	/proc/303/cmdline
File opened for reading	/proc/693/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/13/cmdline
File opened for reading	/proc/657/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/713/cmdline
File opened for reading	/proc/727/cmdline
File opened for reading	/proc/783/cmdline
File opened for reading	/proc/112/cmdline
File opened for reading	/proc/683/cmdline

/tmp/83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf
/tmp/83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf
1⤵
- Changes its process name
- Deletes itself
PID:663

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads