ca584057e4bf81823ae1e97562dbca2dcdbbd813244a68de3fad80a187debe31

Analysis

max time kernel
150s
max time network
143s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
11-04-2024 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5688a5e3eb1e6d99315a793253e6af8.elf
Size

175KB
MD5

c5688a5e3eb1e6d99315a793253e6af8
SHA1

2e2580eb71010566bf7de18557d387475a92a811
SHA256

ca584057e4bf81823ae1e97562dbca2dcdbbd813244a68de3fad80a187debe31
SHA512

e1eaa0ce9528bd5c1761a293cc0c3e9a2d845ce1a6d0938afdbcfeeb3f5089b2e81c69a5390f2c0f4e6befa20c4823eb940f7835629f021ee6017948d4d8a0a3
SSDEEP

3072:uk/uc6NbBLbcBCkoajwdyqkk4/T/6EBp0u/hJjogM/RkWT+M:uk/2BLbEloajwdybkwRBKu/XMgM/RkWL

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	652	c5688a5e3eb1e6d99315a793253e6af8.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/760/cmdline
File opened for reading	/proc/766/cmdline
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/679/cmdline
File opened for reading	/proc/743/cmdline
File opened for reading	/proc/305/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/750/cmdline
File opened for reading	/proc/790/cmdline
File opened for reading	/proc/733/cmdline
File opened for reading	/proc/648/cmdline
File opened for reading	/proc/672/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/783/cmdline
File opened for reading	/proc/144/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/781/cmdline
File opened for reading	/proc/41/cmdline
File opened for reading	/proc/660/cmdline
File opened for reading	/proc/666/cmdline
File opened for reading	/proc/704/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/730/cmdline
File opened for reading	/proc/759/cmdline
File opened for reading	/proc/788/cmdline
File opened for reading	/proc/106/cmdline
File opened for reading	/proc/789/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/665/cmdline
File opened for reading	/proc/769/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/737/cmdline
File opened for reading	/proc/763/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/747/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/281/cmdline
File opened for reading	/proc/322/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/761/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/261/cmdline
File opened for reading	/proc/657/cmdline
File opened for reading	/proc/667/cmdline
File opened for reading	/proc/726/cmdline
File opened for reading	/proc/741/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/661/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/762/cmdline
File opened for reading	/proc/74/cmdline
File opened for reading	/proc/754/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/651/cmdline
File opened for reading	/proc/689/cmdline
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/734/cmdline
File opened for reading	/proc/295/cmdline
File opened for reading	/proc/260/cmdline
File opened for reading	/proc/777/cmdline

/tmp/c5688a5e3eb1e6d99315a793253e6af8.elf
/tmp/c5688a5e3eb1e6d99315a793253e6af8.elf
1⤵
- Changes its process name
PID:652

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads