40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a

Analysis

max time kernel
149s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
25-04-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
Size

134KB
MD5

ee1e42e88091c9a71836464480547a49
SHA1

8ef3c1402cdec529dc85a1de3500bce4c6b8a4fe
SHA256

40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a
SHA512

46ff250554c6560e27884cd412ca1d997cb8a4c6ab710c1a2449481b54dd38e4dbccffec143a9a80fd0c8b66064397af6e4a9d9a5bdbcb9e578e11d7a2784a4c
SSDEEP

1536:reIIcq87ZO8VQzlHaurUAZXlFFAeSz4VAZJsTgVUs/Br22/I/dLl2zUwywmFfbB1:aIIifMrUSVFFM4UiMVUs/Hg/GxyvQS

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

Processes:

40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	671	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf

description	ioc	Process
File opened for reading	/proc/8/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/18/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/699/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/19/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/26/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/697/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/717/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/729/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/730/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/754/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/795/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/7/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/782/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/789/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/804/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/684/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/298/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/716/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/433/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/748/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/768/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/2/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/676/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/733/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/797/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/709/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/742/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/770/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/794/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/739/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/43/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/784/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/791/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/230/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/714/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/720/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/24/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/27/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/756/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/776/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/42/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/114/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/139/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/765/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/666/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/674/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/680/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/762/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/777/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/793/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/151/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/663/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/683/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/722/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/723/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/767/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/769/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/803/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/16/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/686/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/724/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/801/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/29/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
File opened for reading	/proc/349/cmdline	40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf

/tmp/40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
/tmp/40225130e8a42e93e1ff1428829a1af8ccc5c78a9ae57effb3c4fe940cafdc2a.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:671

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads