ca584057e4bf81823ae1e97562dbca2dcdbbd813244a68de3fad80a187debe31

Analysis

max time kernel
149s
max time network
152s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
12-04-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca584057e4bf81823ae1e97562dbca2dcdbbd813244a68de3fad80a187debe31.elf
Size

175KB
MD5

c5688a5e3eb1e6d99315a793253e6af8
SHA1

2e2580eb71010566bf7de18557d387475a92a811
SHA256

ca584057e4bf81823ae1e97562dbca2dcdbbd813244a68de3fad80a187debe31
SHA512

e1eaa0ce9528bd5c1761a293cc0c3e9a2d845ce1a6d0938afdbcfeeb3f5089b2e81c69a5390f2c0f4e6befa20c4823eb940f7835629f021ee6017948d4d8a0a3
SSDEEP

3072:uk/uc6NbBLbcBCkoajwdyqkk4/T/6EBp0u/hJjogM/RkWT+M:uk/2BLbEloajwdybkwRBKu/XMgM/RkWL

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	651	ca584057e4bf81823ae1e97562dbca2dcdbbd813244a68de3fad80a187debe31.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/723/cmdline
File opened for reading	/proc/724/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/650/cmdline
File opened for reading	/proc/652/cmdline
File opened for reading	/proc/705/cmdline
File opened for reading	/proc/664/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/670/cmdline
File opened for reading	/proc/764/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/643/cmdline
File opened for reading	/proc/771/cmdline
File opened for reading	/proc/23/cmdline
File opened for reading	/proc/108/cmdline
File opened for reading	/proc/695/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/25/cmdline
File opened for reading	/proc/728/cmdline
File opened for reading	/proc/701/cmdline
File opened for reading	/proc/717/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/436/cmdline
File opened for reading	/proc/669/cmdline
File opened for reading	/proc/694/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/765/cmdline
File opened for reading	/proc/691/cmdline
File opened for reading	/proc/756/cmdline
File opened for reading	/proc/742/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/27/cmdline
File opened for reading	/proc/667/cmdline
File opened for reading	/proc/766/cmdline
File opened for reading	/proc/782/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/757/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/644/cmdline
File opened for reading	/proc/713/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/660/cmdline
File opened for reading	/proc/775/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/749/cmdline
File opened for reading	/proc/773/cmdline
File opened for reading	/proc/291/cmdline
File opened for reading	/proc/648/cmdline
File opened for reading	/proc/693/cmdline
File opened for reading	/proc/696/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/707/cmdline
File opened for reading	/proc/778/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/655/cmdline
File opened for reading	/proc/727/cmdline
File opened for reading	/proc/754/cmdline

/tmp/ca584057e4bf81823ae1e97562dbca2dcdbbd813244a68de3fad80a187debe31.elf
/tmp/ca584057e4bf81823ae1e97562dbca2dcdbbd813244a68de3fad80a187debe31.elf
1⤵
- Changes its process name
PID:651

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads