Analysis
-
max time kernel
149s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
19/04/2024, 13:44
Behavioral task
behavioral1
Sample
587687b2c2b12f29938092c3870cdde553002a9dd93aa99956f8970b418f641e.elf
Resource
debian9-mipsbe-20240226-en
3 signatures
150 seconds
General
-
Target
587687b2c2b12f29938092c3870cdde553002a9dd93aa99956f8970b418f641e.elf
-
Size
150KB
-
MD5
9f5b50a77e18a5aa70701e3fd0d1cdb4
-
SHA1
750b645806cc58de54fa4aa75ab3b1459e0ebc30
-
SHA256
587687b2c2b12f29938092c3870cdde553002a9dd93aa99956f8970b418f641e
-
SHA512
a53d0d4b1a3f9f1db3091786f2189e50032a4893bd1c4f4ec98ddd6c8aed91145cd4f8cfb92185564b86abe172c2271ec591de7bdea9150e3b2ccb49892b876b
-
SSDEEP
3072:mC1zHgj7BnRNegrUp2yNzPnqKyVixix5Q4h4xF9aFb1lHW4bibg:r1zA/BnRNegrUK/iE4xFUFb1lHW4uU
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself N+N: 697 587687b2c2b12f29938092c3870cdde553002a9dd93aa99956f8970b418f641e.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/77/cmdline File opened for reading /proc/143/cmdline File opened for reading /proc/460/cmdline File opened for reading /proc/768/cmdline File opened for reading /proc/791/cmdline File opened for reading /proc/804/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/700/cmdline File opened for reading /proc/707/cmdline File opened for reading /proc/749/cmdline File opened for reading /proc/759/cmdline File opened for reading /proc/782/cmdline File opened for reading /proc/795/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/741/cmdline File opened for reading /proc/758/cmdline File opened for reading /proc/785/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/322/cmdline File opened for reading /proc/748/cmdline File opened for reading /proc/766/cmdline File opened for reading /proc/767/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/504/cmdline File opened for reading /proc/699/cmdline File opened for reading /proc/763/cmdline File opened for reading /proc/764/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/349/cmdline File opened for reading /proc/703/cmdline File opened for reading /proc/726/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/754/cmdline File opened for reading /proc/75/cmdline File opened for reading /proc/115/cmdline File opened for reading /proc/708/cmdline File opened for reading /proc/709/cmdline File opened for reading /proc/715/cmdline File opened for reading /proc/723/cmdline File opened for reading /proc/788/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/705/cmdline File opened for reading /proc/717/cmdline File opened for reading /proc/786/cmdline File opened for reading /proc/797/cmdline File opened for reading /proc/792/cmdline File opened for reading /proc/104/cmdline File opened for reading /proc/714/cmdline File opened for reading /proc/720/cmdline File opened for reading /proc/724/cmdline File opened for reading /proc/740/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/789/cmdline File opened for reading /proc/802/cmdline File opened for reading /proc/114/cmdline File opened for reading /proc/729/cmdline File opened for reading /proc/712/cmdline File opened for reading /proc/796/cmdline File opened for reading /proc/803/cmdline File opened for reading /proc/706/cmdline File opened for reading /proc/721/cmdline