027370da50c693b5231fa4a91634c3bc7239b127c601a65ebcc3575adab5063a

Analysis

max time kernel
150s
max time network
151s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
14/03/2024, 02:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

027370da50c693b5231fa4a91634c3bc7239b127c601a65ebcc3575adab5063a.elf
Size

173KB
MD5

54eab02f7a333e6a527141888a292c6d
SHA1

ec232e220e4bd925e8115b5563ed8b27fdbf61b1
SHA256

027370da50c693b5231fa4a91634c3bc7239b127c601a65ebcc3575adab5063a
SHA512

a25803318d82130e16e676ddf9b6479495454dae2eb99c940539c4c7665534b871b16f08d4d22b23d350ae36745fc1c1c1d2eb0276168965d3a22eda1fc6c6b4
SSDEEP

3072:ueEksFM+wX5O8aVR8H3NaMZOTTMJxt9U+7fKbWE:ueEnO+wXoVWdaMATwJHy+u6

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	708	027370da50c693b5231fa4a91634c3bc7239b127c601a65ebcc3575adab5063a.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/125/cmdline
File opened for reading	/proc/732/cmdline
File opened for reading	/proc/798/cmdline
File opened for reading	/proc/810/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/758/cmdline
File opened for reading	/proc/779/cmdline
File opened for reading	/proc/775/cmdline
File opened for reading	/proc/776/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/437/cmdline
File opened for reading	/proc/750/cmdline
File opened for reading	/proc/765/cmdline
File opened for reading	/proc/735/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/738/cmdline
File opened for reading	/proc/744/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/78/cmdline
File opened for reading	/proc/248/cmdline
File opened for reading	/proc/703/cmdline
File opened for reading	/proc/784/cmdline
File opened for reading	/proc/793/cmdline
File opened for reading	/proc/800/cmdline
File opened for reading	/proc/685/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/743/cmdline
File opened for reading	/proc/73/cmdline
File opened for reading	/proc/731/cmdline
File opened for reading	/proc/781/cmdline
File opened for reading	/proc/809/cmdline
File opened for reading	/proc/766/cmdline
File opened for reading	/proc/780/cmdline
File opened for reading	/proc/805/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/76/cmdline
File opened for reading	/proc/684/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/760/cmdline
File opened for reading	/proc/812/cmdline
File opened for reading	/proc/764/cmdline
File opened for reading	/proc/770/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/75/cmdline
File opened for reading	/proc/340/cmdline
File opened for reading	/proc/704/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/788/cmdline
File opened for reading	/proc/789/cmdline
File opened for reading	/proc/801/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/786/cmdline
File opened for reading	/proc/790/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/24/cmdline

/tmp/027370da50c693b5231fa4a91634c3bc7239b127c601a65ebcc3575adab5063a.elf
/tmp/027370da50c693b5231fa4a91634c3bc7239b127c601a65ebcc3575adab5063a.elf
1⤵
- Changes its process name
PID:708

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads