Analysis
-
max time kernel
26s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
19/04/2024, 10:07
Behavioral task
behavioral1
Sample
7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf
Resource
debian9-mipsbe-20240226-en
3 signatures
30 seconds
General
-
Target
7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf
-
Size
177KB
-
MD5
bc9cb0dcda2adca9ef70d10f78198b4e
-
SHA1
918a9f4c3a791d22cb77461a1000926d98883521
-
SHA256
7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd
-
SHA512
f4680fea5c4c3033ff2d64871c8f727c5ba0980b7d7f88894202b103ee16f20382a77a7c7d3a8bf0a8a049cd43b2cb743bded145fd4f1e9fc0194c5ecf342dad
-
SSDEEP
3072:49rNi/XEmhIjG/SMn5aYzv02q1Y6+c13oBtn7G:49rNuXDfhdMLYg1wtn7G
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself MC 711 7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/17/cmdline File opened for reading /proc/37/cmdline File opened for reading /proc/77/cmdline File opened for reading /proc/714/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/75/cmdline File opened for reading /proc/736/cmdline File opened for reading /proc/759/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/71/cmdline File opened for reading /proc/727/cmdline File opened for reading /proc/728/cmdline File opened for reading /proc/749/cmdline File opened for reading /proc/751/cmdline File opened for reading /proc/758/cmdline File opened for reading /proc/774/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/733/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/361/cmdline File opened for reading /proc/706/cmdline File opened for reading /proc/707/cmdline File opened for reading /proc/734/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/718/cmdline File opened for reading /proc/737/cmdline File opened for reading /proc/679/cmdline File opened for reading /proc/748/cmdline File opened for reading /proc/755/cmdline File opened for reading /proc/757/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/703/cmdline File opened for reading /proc/722/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/770/cmdline File opened for reading /proc/680/cmdline File opened for reading /proc/729/cmdline File opened for reading /proc/72/cmdline File opened for reading /proc/36/cmdline File opened for reading /proc/110/cmdline File opened for reading /proc/332/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/676/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/773/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/422/cmdline File opened for reading /proc/704/cmdline File opened for reading /proc/713/cmdline File opened for reading /proc/721/cmdline File opened for reading /proc/750/cmdline File opened for reading /proc/761/cmdline File opened for reading /proc/762/cmdline File opened for reading /proc/359/cmdline File opened for reading /proc/740/cmdline File opened for reading /proc/76/cmdline File opened for reading /proc/709/cmdline File opened for reading /proc/739/cmdline File opened for reading /proc/7/cmdline