3fed42e3e87434331b18a6011be0ed64763a15e4d0ba22c9e4f8693306ad1ad7

Analysis

max time kernel
149s
max time network
169s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
28/06/2024, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5cc4f37b348d7810cdd1248c81fc77d.elf
Size

180KB
MD5

d5cc4f37b348d7810cdd1248c81fc77d
SHA1

76e8bb9651e9c70fde1c86ff7dcee1ad1d00f910
SHA256

3fed42e3e87434331b18a6011be0ed64763a15e4d0ba22c9e4f8693306ad1ad7
SHA512

b7b03c0b4d326117e962aee19ac081cbb0ebe7b476168578f162dcb633355a5ac8f0dd3ac5ab028a09bc5ad5954e6fccee174127098ef7afed1c53b7bdb49ab3
SSDEEP

3072:fmcRhjDma1W9YHk9ah/QqXFggKkY7mo6lL/2p0o9M/RT7C7dT6:fmgh31W6E9ah/Qq1gB2oYL/U59M/RT7N

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	661	d5cc4f37b348d7810cdd1248c81fc77d.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/22/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/782/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/295/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/696/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/26/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/43/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/697/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/759/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/229/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/676/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/680/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/686/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/732/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/767/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/648/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/664/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/681/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/683/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/746/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/716/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/760/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/3/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/25/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/723/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/727/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/786/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/5/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/721/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/791/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/1/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/731/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/734/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/748/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/775/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/7/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/110/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/743/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/793/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/342/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/655/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/679/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/706/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/24/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/711/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/769/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/725/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/752/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/794/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/12/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/15/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/113/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/155/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/314/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/673/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/765/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/777/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/663/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/718/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/730/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/795/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/603/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/656/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/693/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf
File opened for reading	/proc/27/cmdline	d5cc4f37b348d7810cdd1248c81fc77d.elf

/tmp/d5cc4f37b348d7810cdd1248c81fc77d.elf
/tmp/d5cc4f37b348d7810cdd1248c81fc77d.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:661

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads