cf7fea66c48a4272a31649f487016269cd177c257970b74d4d4471794df895ec

Analysis

max time kernel
85s
max time network
86s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
15-04-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm
Size

68KB
MD5

1024cbce9f404f01734e6443de486923
SHA1

876ca75e72bdacbd5f04baba9fe94cecd0d6158c
SHA256

cf7fea66c48a4272a31649f487016269cd177c257970b74d4d4471794df895ec
SHA512

e76d10e176d129a718075156e4c2364459a69a6a231568b545052abe397bd857f067fef60b9e0bef5f5f59bde18069195e045cb3b40c18c07ae3f0372b5a712d
SSDEEP

1536:y7IPfx2qY4PyiLHJvjsZUZaK7FzKdgLFOeBWV++vO:YqnPy6HJvyep7FzK+LFOeBWrO

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/tmp/condi	639	arm

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/12/status	Process not Found
File opened for reading	/proc/753/status	Process not Found
File opened for reading	/proc/762/status	Process not Found
File opened for reading	/proc/29/status	Process not Found
File opened for reading	/proc/264/status	Process not Found
File opened for reading	/proc/309/status	Process not Found
File opened for reading	/proc/637/status	Process not Found
File opened for reading	/proc/2/status	Process not Found
File opened for reading	/proc/4/status	Process not Found
File opened for reading	/proc/26/status	Process not Found
File opened for reading	/proc/76/status	Process not Found
File opened for reading	/proc/138/status	Process not Found
File opened for reading	/proc/300/status	Process not Found
File opened for reading	/proc/650/status	Process not Found
File opened for reading	/proc/786/status	Process not Found
File opened for reading	/proc/10/status	Process not Found
File opened for reading	/proc/21/status	Process not Found
File opened for reading	/proc/42/status	Process not Found
File opened for reading	/proc/635/status	Process not Found
File opened for reading	/proc/823/status	Process not Found
File opened for reading	/proc/98/status	Process not Found
File opened for reading	/proc/186/status	Process not Found
File opened for reading	/proc/573/status	Process not Found
File opened for reading	/proc/645/status	Process not Found
File opened for reading	/proc/654/status	Process not Found
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/140/status	Process not Found
File opened for reading	/proc/152/status	Process not Found
File opened for reading	/proc/297/status	Process not Found
File opened for reading	/proc/652/status	Process not Found
File opened for reading	/proc/18/status	Process not Found
File opened for reading	/proc/169/status	Process not Found
File opened for reading	/proc/214/status	Process not Found
File opened for reading	/proc/22/status	Process not Found
File opened for reading	/proc/25/status	Process not Found
File opened for reading	/proc/106/status	Process not Found
File opened for reading	/proc/593/status	Process not Found
File opened for reading	/proc/19/status	Process not Found
File opened for reading	/proc/41/status	Process not Found
File opened for reading	/proc/320/status	Process not Found
File opened for reading	/proc/783/status	Process not Found
File opened for reading	/proc/24/status	Process not Found
File opened for reading	/proc/273/status	Process not Found
File opened for reading	/proc/754/status	Process not Found
File opened for reading	/proc/8/status	Process not Found
File opened for reading	/proc/14/status	Process not Found
File opened for reading	/proc/27/status	Process not Found
File opened for reading	/proc/43/status	Process not Found
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/9/status	Process not Found
File opened for reading	/proc/23/status	Process not Found
File opened for reading	/proc/17/status	Process not Found
File opened for reading	/proc/28/status	Process not Found
File opened for reading	/proc/109/status	Process not Found
File opened for reading	/proc/278/status	Process not Found
File opened for reading	/proc/594/status	Process not Found
File opened for reading	/proc/1/status	Process not Found
File opened for reading	/proc/3/status	Process not Found
File opened for reading	/proc/13/status	Process not Found
File opened for reading	/proc/632/status	Process not Found
File opened for reading	/proc/653/status	Process not Found
File opened for reading	/proc/655/status	Process not Found
File opened for reading	/proc/631/status	Process not Found
File opened for reading	/proc/822/status	Process not Found

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/tmp/condi	sh

/tmp/arm
/tmp/arm
1⤵
- Changes its process name
PID:639
- /bin/sh
  sh -c "rm -rf tmp/condi && mkdir tmp; >tmp/condi && mv /tmp/arm tmp/condi; chmod 777 tmp/condi"
  2⤵
  - Writes file to tmp directory
  PID:640
- - /bin/rm
    rm -rf tmp/condi
    3⤵
    PID:641
- - /bin/mkdir
    mkdir tmp
    3⤵
    - Reads runtime system information
    PID:642
- - /bin/mv
    mv /tmp/arm tmp/condi
    3⤵
    - Reads runtime system information
    PID:644
- - /bin/chmod
    chmod 777 tmp/condi
    3⤵
    PID:649

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads