Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
19/04/2024, 01:59
Behavioral task
behavioral1
Sample
d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf
Resource
debian9-mipsel-20240226-en
3 signatures
150 seconds
General
-
Target
d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf
-
Size
142KB
-
MD5
ad718a5b8f961137491eb40c879e7371
-
SHA1
01f0c1cb98e1ebb8e0cc84c528b78eb01dc4fe2b
-
SHA256
d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae
-
SHA512
62e7b33585a466bcd2630c17792bc4fee701a0ad7197eb906eae68aad59f0ef6a1bb9a19de3a2bbb8c4cfebddf9a27bf3a7637c6af8a8f0c1aa032735f5c0c3d
-
SSDEEP
1536:6V2Ut39z3lvqL3bkxbOYbDrL6EkuLxx8VDxqMElj+/zsrQ1:6AwdlK3b8bLxxobbEg
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself N+N: 712 d1621315b91c23f25e341c24f99696a988844ac2a1a38c0b37fe1da2b37b89ae.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/801/cmdline File opened for reading /proc/677/cmdline File opened for reading /proc/787/cmdline File opened for reading /proc/77/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/728/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/782/cmdline File opened for reading /proc/805/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/708/cmdline File opened for reading /proc/729/cmdline File opened for reading /proc/748/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/770/cmdline File opened for reading /proc/794/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/705/cmdline File opened for reading /proc/798/cmdline File opened for reading /proc/817/cmdline File opened for reading /proc/727/cmdline File opened for reading /proc/796/cmdline File opened for reading /proc/806/cmdline File opened for reading /proc/71/cmdline File opened for reading /proc/719/cmdline File opened for reading /proc/73/cmdline File opened for reading /proc/724/cmdline File opened for reading /proc/732/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/726/cmdline File opened for reading /proc/76/cmdline File opened for reading /proc/161/cmdline File opened for reading /proc/382/cmdline File opened for reading /proc/679/cmdline File opened for reading /proc/749/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/36/cmdline File opened for reading /proc/777/cmdline File opened for reading /proc/788/cmdline File opened for reading /proc/747/cmdline File opened for reading /proc/760/cmdline File opened for reading /proc/814/cmdline File opened for reading /proc/710/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/797/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/772/cmdline File opened for reading /proc/126/cmdline File opened for reading /proc/155/cmdline File opened for reading /proc/738/cmdline File opened for reading /proc/741/cmdline File opened for reading /proc/762/cmdline File opened for reading /proc/768/cmdline File opened for reading /proc/774/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/734/cmdline File opened for reading /proc/752/cmdline File opened for reading /proc/784/cmdline File opened for reading /proc/793/cmdline