a4c4ebbb60f4845f7874476d561ebf5b2af8bac675b8b8fc86eeb21c0914a36c

Analysis

max time kernel
149s
max time network
145s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
06-04-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bef51270a53b6222f20060506e5672b8932decd39bfe2fc9c86f10ad419a101b.elf
Size

73KB
MD5

85a22fb779a2fdffba885dbe3fec7b47
SHA1

894d618a30761215cb0ea69a543c69eb5bdbff31
SHA256

bef51270a53b6222f20060506e5672b8932decd39bfe2fc9c86f10ad419a101b
SHA512

91ec85ab83eb52732216d5d3e27018a79ed6cfd4f931816bea8f2c76469da21a4c460292db819113fc93b9543dd020a52deb9ea355393f23ce2ca3dd039fb0b8
SSDEEP

1536:iUNvwhaMgRk3jAaKC/MGGvagAkhVWdZrLgiyTMOQr:iUcvz46MG8agzhVslxOC

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

bef51270a53b6222f20060506e5672b8932decd39bfe2fc9c86f10ad419a101b.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	650	bef51270a53b6222f20060506e5672b8932decd39bfe2fc9c86f10ad419a101b.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/274/cmdline
File opened for reading	/proc/651/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/287/cmdline
File opened for reading	/proc/109/cmdline
File opened for reading	/proc/108/cmdline
File opened for reading	/proc/646/cmdline
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/708/cmdline
File opened for reading	/proc/310/cmdline
File opened for reading	/proc/680/cmdline
File opened for reading	/proc/685/cmdline
File opened for reading	/proc/76/cmdline
File opened for reading	/proc/319/cmdline
File opened for reading	/proc/636/cmdline
File opened for reading	/proc/673/cmdline
File opened for reading	/proc/3/maps
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/98/cmdline
File opened for reading	/proc/662/cmdline
File opened for reading	/proc/670/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/144/cmdline
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/272/cmdline
File opened for reading	/proc/275/cmdline
File opened for reading	/proc/657/cmdline
File opened for reading	/proc/666/cmdline
File opened for reading	/proc/683/cmdline
File opened for reading	/proc/707/cmdline
File opened for reading	/proc/581/cmdline
File opened for reading	/proc/654/cmdline
File opened for reading	/proc/139/cmdline
File opened for reading	/proc/603/cmdline
File opened for reading	/proc/668/cmdline
File opened for reading	/proc/675/cmdline
File opened for reading	/proc/694/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/703/cmdline
File opened for reading	/proc/705/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/711/cmdline
File opened for reading	/proc/642/cmdline
File opened for reading	/proc/643/cmdline
File opened for reading	/proc/648/cmdline
File opened for reading	/proc/719/cmdline
File opened for reading	/proc/304/cmdline
File opened for reading	/proc/677/cmdline
File opened for reading	/proc/701/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/106/cmdline
File opened for reading	/proc/220/cmdline
File opened for reading	/proc/655/cmdline
File opened for reading	/proc/709/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/681/cmdline
File opened for reading	/proc/698/cmdline
File opened for reading	/proc/688/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/8/cmdline

/tmp/bef51270a53b6222f20060506e5672b8932decd39bfe2fc9c86f10ad419a101b.elf
/tmp/bef51270a53b6222f20060506e5672b8932decd39bfe2fc9c86f10ad419a101b.elf
1⤵
- Changes its process name
PID:650

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads