ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526

Analysis

max time kernel
148s
max time network
150s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
20/04/2024, 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
Size

181KB
MD5

d082cd0dacb719dd321be6a8fe3cab86
SHA1

67dfa3d06060bc17d96ae176677ba5d1b80be5e4
SHA256

ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526
SHA512

2fc74d48d32ceb9a92823a4edf39e244b7cb14582fddb97660a58400e004489acb64132ff1d0c4cdd891ad1dfc5b34fa6402748b021fc39e7f02fa0559c437bc
SSDEEP

3072:XFqn4sD+EYNOgDk+iCcGfT93wsNcDxce4C:XFqfyHN3ksco9gKqZ

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	710	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/800/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/711/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/759/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/760/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/768/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/769/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/16/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/729/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/740/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/743/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/713/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/726/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/5/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/74/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/250/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/337/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/674/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/779/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/789/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/780/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/783/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/796/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/682/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/706/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/764/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/775/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/10/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/18/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/21/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/747/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/778/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/788/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/801/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/11/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/83/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/432/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/723/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/73/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/84/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/720/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/781/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/127/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/387/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/772/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/773/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/774/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/803/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/14/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/75/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/111/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/721/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/155/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/722/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/725/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/792/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/795/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/798/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/736/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/757/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/771/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/777/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/813/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/7/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
File opened for reading	/proc/338/cmdline	ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf

/tmp/ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
/tmp/ad104380d20126b1151728f43c5738407c142e39703e4854034f97f8734ae526.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:710

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads