Analysis
-
max time kernel
149s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
19/04/2024, 08:44
Behavioral task
behavioral1
Sample
bc9cb0dcda2adca9ef70d10f78198b4e.elf
Resource
debian9-mipsbe-20240226-en
3 signatures
150 seconds
General
-
Target
bc9cb0dcda2adca9ef70d10f78198b4e.elf
-
Size
177KB
-
MD5
bc9cb0dcda2adca9ef70d10f78198b4e
-
SHA1
918a9f4c3a791d22cb77461a1000926d98883521
-
SHA256
7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd
-
SHA512
f4680fea5c4c3033ff2d64871c8f727c5ba0980b7d7f88894202b103ee16f20382a77a7c7d3a8bf0a8a049cd43b2cb743bded145fd4f1e9fc0194c5ecf342dad
-
SSDEEP
3072:49rNi/XEmhIjG/SMn5aYzv02q1Y6+c13oBtn7G:49rNuXDfhdMLYg1wtn7G
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself MC 714 bc9cb0dcda2adca9ef70d10f78198b4e.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/348/cmdline File opened for reading /proc/734/cmdline File opened for reading /proc/748/cmdline File opened for reading /proc/794/cmdline File opened for reading /proc/819/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/344/cmdline File opened for reading /proc/387/cmdline File opened for reading /proc/739/cmdline File opened for reading /proc/674/cmdline File opened for reading /proc/767/cmdline File opened for reading /proc/787/cmdline File opened for reading /proc/752/cmdline File opened for reading /proc/753/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/813/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/736/cmdline File opened for reading /proc/749/cmdline File opened for reading /proc/814/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/75/cmdline File opened for reading /proc/706/cmdline File opened for reading /proc/728/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/793/cmdline File opened for reading /proc/806/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/383/cmdline File opened for reading /proc/677/cmdline File opened for reading /proc/722/cmdline File opened for reading /proc/782/cmdline File opened for reading /proc/788/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/745/cmdline File opened for reading /proc/811/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/72/cmdline File opened for reading /proc/784/cmdline File opened for reading /proc/817/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/384/cmdline File opened for reading /proc/676/cmdline File opened for reading /proc/746/cmdline File opened for reading /proc/755/cmdline File opened for reading /proc/774/cmdline File opened for reading /proc/810/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/37/cmdline File opened for reading /proc/693/cmdline File opened for reading /proc/741/cmdline File opened for reading /proc/76/cmdline File opened for reading /proc/725/cmdline File opened for reading /proc/756/cmdline File opened for reading /proc/803/cmdline File opened for reading /proc/160/cmdline File opened for reading /proc/340/cmdline File opened for reading /proc/798/cmdline File opened for reading /proc/789/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/121/cmdline