dce5434e660c66954f7859390e33d969f0a493a77cc84f1e42df7b17ab9bfa53

Analysis

max time kernel
149s
max time network
144s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
02-04-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dce5434e660c66954f7859390e33d969f0a493a77cc84f1e42df7b17ab9bfa53.elf
Size

70KB
MD5

69db855b30d7cb79faa3d0b93d7d1fe9
SHA1

4bda43094e51a33e9d63fed97eb59551c46f5a7f
SHA256

dce5434e660c66954f7859390e33d969f0a493a77cc84f1e42df7b17ab9bfa53
SHA512

436d6b928cdc459d59bf8437fd822ed022a47fded62a618fdb4f498aa578ecbebffe62368daa909de55c206cd0d97a3a25cc3d2dcc9095410b9571e8339f96d0
SSDEEP

1536:Lb4wvsHDy8lAOfOPW8gusRc9P/ymWuY8Ah+dFKxOQX:Lb+qqcgusRc9PamWphEwOO

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

dce5434e660c66954f7859390e33d969f0a493a77cc84f1e42df7b17ab9bfa53.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	668	dce5434e660c66954f7859390e33d969f0a493a77cc84f1e42df7b17ab9bfa53.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/661/cmdline
File opened for reading	/proc/703/cmdline
File opened for reading	/proc/651/cmdline
File opened for reading	/proc/685/cmdline
File opened for reading	/proc/688/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/297/cmdline
File opened for reading	/proc/146/cmdline
File opened for reading	/proc/595/cmdline
File opened for reading	/proc/672/cmdline
File opened for reading	/proc/683/cmdline
File opened for reading	/proc/731/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/690/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/296/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/664/cmdline
File opened for reading	/proc/235/cmdline
File opened for reading	/proc/330/cmdline
File opened for reading	/proc/598/cmdline
File opened for reading	/proc/599/cmdline
File opened for reading	/proc/705/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/317/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/698/cmdline
File opened for reading	/proc/291/cmdline
File opened for reading	/proc/681/cmdline
File opened for reading	/proc/669/cmdline
File opened for reading	/proc/680/cmdline
File opened for reading	/proc/702/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/104/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/618/cmdline
File opened for reading	/proc/676/cmdline
File opened for reading	/proc/701/cmdline
File opened for reading	/proc/1/maps
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/283/cmdline
File opened for reading	/proc/294/cmdline
File opened for reading	/proc/684/cmdline
File opened for reading	/proc/735/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/153/cmdline
File opened for reading	/proc/693/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/720/cmdline
File opened for reading	/proc/723/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/144/cmdline
File opened for reading	/proc/593/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/41/cmdline

/tmp/dce5434e660c66954f7859390e33d969f0a493a77cc84f1e42df7b17ab9bfa53.elf
/tmp/dce5434e660c66954f7859390e33d969f0a493a77cc84f1e42df7b17ab9bfa53.elf
1⤵
- Changes its process name
PID:668

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads