adceea0e6e846f2b7d0633b1fc64f62301ab20f8921bb77c1613e2de58939c2d

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
12-03-2024 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adceea0e6e846f2b7d0633b1fc64f62301ab20f8921bb77c1613e2de58939c2d.elf
Size

61KB
MD5

d588c5a95c74bcee8b39e205121805c0
SHA1

7388e3e52254ca75e9266051850455eb3f12b07c
SHA256

adceea0e6e846f2b7d0633b1fc64f62301ab20f8921bb77c1613e2de58939c2d
SHA512

3bbc6ed6a13046e942db8dc10b4fe5c8e98e72f0dca4d0194c11628e3473112e05c88cf9214d34833e4a4701dd9b7cf4cf133598fdd9777945ecdb3ef30c4db9
SSDEEP

1536:y7s0x7T4Ulds1bD8l5uFKgisX/uteQgHDF:y7s0VK1OkFKgis2Rgp

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	telnetd	653	adceea0e6e846f2b7d0633b1fc64f62301ab20f8921bb77c1613e2de58939c2d.elf

Deletes itself 1 IoCs

pid	Process
653	adceea0e6e846f2b7d0633b1fc64f62301ab20f8921bb77c1613e2de58939c2d.elf

Unexpected DNS network traffic destination 38 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	5.161.109.23
Destination IP	88.198.92.222
Destination IP	88.198.92.222
Destination IP	5.161.109.23
Destination IP	88.198.92.222
Destination IP	5.161.109.23
Destination IP	168.235.111.72
Destination IP	168.235.111.72
Destination IP	64.176.6.48
Destination IP	35.211.96.150
Destination IP	5.161.109.23
Destination IP	88.198.92.222
Destination IP	88.198.92.222
Destination IP	88.198.92.222
Destination IP	35.211.96.150
Destination IP	35.211.96.150
Destination IP	5.161.109.23
Destination IP	88.198.92.222
Destination IP	5.161.109.23
Destination IP	35.211.96.150
Destination IP	54.36.111.116
Destination IP	54.36.111.116
Destination IP	168.235.111.72
Destination IP	88.198.92.222
Destination IP	5.161.109.23
Destination IP	88.198.92.222
Destination IP	54.36.111.116
Destination IP	5.161.109.23
Destination IP	54.36.111.116
Destination IP	54.36.111.116
Destination IP	5.161.109.23
Destination IP	54.36.111.116
Destination IP	54.36.111.116
Destination IP	5.161.109.23
Destination IP	88.198.92.222
Destination IP	35.211.96.150
Destination IP	168.235.111.72
Destination IP	168.235.111.72

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/738/cmdline
File opened for reading	/proc/749/cmdline
File opened for reading	/proc/208/cmdline
File opened for reading	/proc/649/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/108/cmdline
File opened for reading	/proc/679/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/751/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/25/cmdline
File opened for reading	/proc/106/cmdline
File opened for reading	/proc/301/cmdline
File opened for reading	/proc/731/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/783/cmdline
File opened for reading	/proc/753/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/767/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/140/cmdline
File opened for reading	/proc/778/cmdline
File opened for reading	/proc/787/cmdline
File opened for reading	/proc/142/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/782/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/43/cmdline
File opened for reading	/proc/656/cmdline
File opened for reading	/proc/603/cmdline
File opened for reading	/proc/609/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/671/cmdline
File opened for reading	/proc/774/cmdline
File opened for reading	/proc/786/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/752/cmdline
File opened for reading	/proc/784/cmdline
File opened for reading	/proc/148/cmdline
File opened for reading	/proc/665/cmdline
File opened for reading	/proc/662/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/168/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/702/cmdline
File opened for reading	/proc/735/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/694/cmdline
File opened for reading	/proc/675/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/284/cmdline
File opened for reading	/proc/651/cmdline
File opened for reading	/proc/690/cmdline

/tmp/adceea0e6e846f2b7d0633b1fc64f62301ab20f8921bb77c1613e2de58939c2d.elf
/tmp/adceea0e6e846f2b7d0633b1fc64f62301ab20f8921bb77c1613e2de58939c2d.elf
1⤵
- Changes its process name
- Deletes itself
PID:653

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads