018c328fe9ab44210bfe68be0dd66cadd66da79c4c8d11f7f4348f4196c402cd

Analysis

max time kernel
150s
max time network
151s
platform
debian-9_mips
resource
debian9-mipsbe-20240226-en
resource tags

arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
28-03-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

018c328fe9ab44210bfe68be0dd66cadd66da79c4c8d11f7f4348f4196c402cd.elf
Size

177KB
MD5

89ed7151f70bb0fceb90c38fbffa0bb8
SHA1

ea47e3a2ff075febc1c6cfd35a9c79cb069bb293
SHA256

018c328fe9ab44210bfe68be0dd66cadd66da79c4c8d11f7f4348f4196c402cd
SHA512

c19b8dd4b0d430a6758d0501bece498e4b9b149fe3d1e23be0db8aed03bf1fce0d56250a250945a4175418295a5e5b30680576c776442d2ca2e281aa1d485438
SSDEEP

3072:f6uSXvJnzjP0jCxzpyi579Yxy52tIen9A6qewZQGhaMh:f6uSXvJnvP0OxzYigAEnfqnZ5haa

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	690	018c328fe9ab44210bfe68be0dd66cadd66da79c4c8d11f7f4348f4196c402cd.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/796/cmdline
File opened for reading	/proc/723/cmdline
File opened for reading	/proc/755/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/774/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/748/cmdline
File opened for reading	/proc/780/cmdline
File opened for reading	/proc/787/cmdline
File opened for reading	/proc/707/cmdline
File opened for reading	/proc/708/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/746/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/778/cmdline
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/704/cmdline
File opened for reading	/proc/709/cmdline
File opened for reading	/proc/69/cmdline
File opened for reading	/proc/72/cmdline
File opened for reading	/proc/327/cmdline
File opened for reading	/proc/760/cmdline
File opened for reading	/proc/733/cmdline
File opened for reading	/proc/752/cmdline
File opened for reading	/proc/756/cmdline
File opened for reading	/proc/764/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/334/cmdline
File opened for reading	/proc/669/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/391/cmdline
File opened for reading	/proc/694/cmdline
File opened for reading	/proc/385/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/761/cmdline
File opened for reading	/proc/762/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/115/cmdline
File opened for reading	/proc/151/cmdline
File opened for reading	/proc/362/cmdline
File opened for reading	/proc/788/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/653/cmdline
File opened for reading	/proc/702/cmdline
File opened for reading	/proc/763/cmdline
File opened for reading	/proc/37/cmdline
File opened for reading	/proc/685/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/740/cmdline
File opened for reading	/proc/782/cmdline
File opened for reading	/proc/791/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/77/cmdline
File opened for reading	/proc/683/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/769/cmdline
File opened for reading	/proc/783/cmdline
File opened for reading	/proc/742/cmdline

/tmp/018c328fe9ab44210bfe68be0dd66cadd66da79c4c8d11f7f4348f4196c402cd.elf
/tmp/018c328fe9ab44210bfe68be0dd66cadd66da79c4c8d11f7f4348f4196c402cd.elf
1⤵
- Changes its process name
PID:690

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads