21f1caac3024e9d7424612573dd8523ad3f877c95674e1562f2171a2b5ce21c1

Analysis

max time kernel
149s
max time network
149s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
24-04-2024 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

151ed00aa5c8f9e085930ec982429ff0.elf
Size

180KB
MD5

151ed00aa5c8f9e085930ec982429ff0
SHA1

b74eda584402cf9bc10ed2ae627bc5a183091e53
SHA256

21f1caac3024e9d7424612573dd8523ad3f877c95674e1562f2171a2b5ce21c1
SHA512

178da22a7c97cf608d4543e923a1a463d1188f75e570c6c38b5df1593228e797f0763709a0d914e15f03503ccd12266ca31e691bdaef51f595eb97c7910309a6
SSDEEP

3072:xESFFN/SClK1Tvk3ahn4qfdQGGgQzWo6Yi/YpEoGM/RxMQkunSh:SSHN7lKBM3ahn4qFQ/Koli/yJGM/RxMf

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	650	151ed00aa5c8f9e085930ec982429ff0.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/649/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/660/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/777/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/8/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/16/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/7/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/110/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/1/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/6/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/787/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/677/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/688/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/714/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/738/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/14/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/286/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/647/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/779/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/313/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/669/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/10/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/272/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/776/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/648/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/689/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/730/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/780/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/696/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/728/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/724/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/702/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/703/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/691/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/698/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/11/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/663/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/694/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/5/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/146/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/713/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/27/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/707/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/778/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/12/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/26/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/722/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/770/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/771/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/645/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/680/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/727/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/746/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/719/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/751/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/729/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/734/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/19/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/735/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/661/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/668/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/172/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/318/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/664/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf
File opened for reading	/proc/683/cmdline	151ed00aa5c8f9e085930ec982429ff0.elf

/tmp/151ed00aa5c8f9e085930ec982429ff0.elf
/tmp/151ed00aa5c8f9e085930ec982429ff0.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:650

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads