d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c

Analysis

max time kernel
149s
max time network
144s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
25-04-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
Size

130KB
MD5

366ec6fb0576ace99292b9b0b7dcb6c2
SHA1

ea4214e8013193800e9365db1dc45b0e03246725
SHA256

d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c
SHA512

0e7e0efda131ad71e41c0ff92fc0f38669de85927faf37f0cc4c9226ba1c47a8420b5df226f6bfb94de9627fe48f738dd10b7ee3e66e2e052cff9ba710ff9475
SSDEEP

1536:zP8g2CSJG5mIOd34g1AS0Y1jAFrZ4V/3ETVO5bTa6MFjpChUDDl0+wywVFN+S4da:z0FGE1xV1jI45ERO5bTKhpCyevQJ

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	658	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/739/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/752/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/764/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/43/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/723/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/730/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/734/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/757/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/772/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/656/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/705/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/743/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/758/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/710/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/713/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/745/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/696/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/721/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/731/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/25/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/408/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/681/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/307/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/720/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/756/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/746/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/16/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/665/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/685/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/672/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/704/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/654/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/671/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/771/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/717/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/761/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/694/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/767/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/113/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/171/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/659/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/673/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/679/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/709/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/769/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/10/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/15/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/660/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/751/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/785/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/41/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/675/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/729/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/787/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/790/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/3/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/727/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/728/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/21/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/748/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/760/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/27/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/766/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
File opened for reading	/proc/789/cmdline	d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf

/tmp/d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
/tmp/d19894ba8b77661bec202354065ebd6b09b8f91db3f4bf3d44b844fca6793f9c.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:658

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads