Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
12-03-2024 02:52
Behavioral task
behavioral1
Sample
83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf
Resource
debian9-armhf-20240226-en
debian-9-armhf
5 signatures
150 seconds
General
-
Target
83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf
-
Size
63KB
-
MD5
6ad22a06b06ea861f73cf07c3e5ae88d
-
SHA1
ee67abd91a64eeca616d04e16c3bac1f1255f91f
-
SHA256
83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a
-
SHA512
597a3f8a79668d13449699fa76a9ac3e571a68b4e0f4e79e1d21dcd6103cf197b9f6b1a4e768e98b91314dff7b545ce9b1519a5e003ed3e0fd5f5f8ddc00e9b2
-
SSDEEP
1536:af2JIv7Dc/4a9sRjchE7Ebz/UI+eeIeWNvb:af2JIeFsn7Ebz/mIb
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself telnetd 663 83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf -
Deletes itself 1 IoCs
pid Process 663 83f452bf5080dc0f68fe760742099fe012240c0743bc52bedbd4f8311ca1db0a.elf -
Unexpected DNS network traffic destination 63 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 195.10.195.195 Destination IP 185.181.61.24 Destination IP 185.232.68.212 Destination IP 185.232.68.212 Destination IP 134.195.4.2 Destination IP 185.181.61.24 Destination IP 185.232.68.212 Destination IP 63.231.92.27 Destination IP 70.34.254.19 Destination IP 185.232.68.212 Destination IP 130.61.64.122 Destination IP 185.181.61.24 Destination IP 178.254.22.166 Destination IP 130.61.64.122 Destination IP 63.231.92.27 Destination IP 185.84.81.194 Destination IP 130.61.64.122 Destination IP 185.84.81.194 Destination IP 217.160.70.42 Destination IP 185.181.61.24 Destination IP 134.195.4.2 Destination IP 185.84.81.194 Destination IP 134.195.4.2 Destination IP 134.195.4.2 Destination IP 185.181.61.24 Destination IP 130.61.64.122 Destination IP 195.10.195.195 Destination IP 185.181.61.24 Destination IP 178.254.22.166 Destination IP 185.232.68.212 Destination IP 217.160.70.42 Destination IP 195.10.195.195 Destination IP 195.10.195.195 Destination IP 185.181.61.24 Destination IP 168.138.8.38 Destination IP 38.103.195.4 Destination IP 178.254.22.166 Destination IP 178.254.22.166 Destination IP 168.138.8.38 Destination IP 185.232.68.212 Destination IP 134.195.4.2 Destination IP 168.138.8.38 Destination IP 168.138.8.38 Destination IP 63.231.92.27 Destination IP 63.231.92.27 Destination IP 185.181.61.24 Destination IP 134.195.4.2 Destination IP 185.232.68.212 Destination IP 130.61.64.122 Destination IP 217.160.70.42 Destination IP 185.84.81.194 Destination IP 168.138.8.38 Destination IP 63.231.92.27 Destination IP 185.84.81.194 Destination IP 217.160.70.42 Destination IP 217.160.70.42 Destination IP 185.232.68.212 Destination IP 178.254.22.166 Destination IP 195.10.195.195 Destination IP 185.181.61.24 Destination IP 185.181.61.24 Destination IP 185.232.68.212 Destination IP 185.232.68.212 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/42/cmdline File opened for reading /proc/658/cmdline File opened for reading /proc/724/cmdline File opened for reading /proc/755/cmdline File opened for reading /proc/756/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/678/cmdline File opened for reading /proc/732/cmdline File opened for reading /proc/743/cmdline File opened for reading /proc/779/cmdline File opened for reading /proc/790/cmdline File opened for reading /proc/671/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/754/cmdline File opened for reading /proc/735/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/690/cmdline File opened for reading /proc/700/cmdline File opened for reading /proc/704/cmdline File opened for reading /proc/795/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/109/cmdline File opened for reading /proc/142/cmdline File opened for reading /proc/514/cmdline File opened for reading /proc/526/cmdline File opened for reading /proc/659/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/720/cmdline File opened for reading /proc/761/cmdline File opened for reading /proc/664/cmdline File opened for reading /proc/694/cmdline File opened for reading /proc/712/cmdline File opened for reading /proc/686/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/723/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/158/cmdline File opened for reading /proc/279/cmdline File opened for reading /proc/689/cmdline File opened for reading /proc/717/cmdline File opened for reading /proc/739/cmdline File opened for reading /proc/762/cmdline File opened for reading /proc/776/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/785/cmdline File opened for reading /proc/787/cmdline File opened for reading /proc/782/cmdline File opened for reading /proc/276/cmdline File opened for reading /proc/300/cmdline File opened for reading /proc/303/cmdline File opened for reading /proc/693/cmdline File opened for reading /proc/730/cmdline File opened for reading /proc/772/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/657/cmdline File opened for reading /proc/691/cmdline File opened for reading /proc/713/cmdline File opened for reading /proc/727/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/112/cmdline File opened for reading /proc/683/cmdline