617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0

Analysis

max time kernel
149s
max time network
132s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29/06/2024, 01:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
Size

130KB
MD5

3189626ae6ffe72b28d734b4a9312b00
SHA1

47a5d32d1f778d5632bc95410266353c93944edf
SHA256

617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0
SHA512

967190b5c4de5b0865f0fde106553b72c3bbe3bfd6c889641a7a6729963afea7633b6c6360abd5108afdf47f1ac54d81ebb65adb82b2b5a6855e44fc6c899cc5
SSDEEP

1536:zP8g2CSJG5mIOd34M1AL0Y1jAFrZ4V/3ETVORjbaiMtjpChMDzlkHwywVFN+a415:z0FGo1MV1jI45ERORjbCZpCKnXQh

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M "	645	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/750/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/772/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/278/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/704/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/778/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/9/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/14/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/741/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/765/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/28/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/640/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/722/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/766/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/81/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/700/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/316/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/600/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/643/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/648/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/676/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/680/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/26/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/42/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/740/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/660/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/679/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/149/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/642/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/689/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/764/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/658/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/682/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/20/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/656/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/667/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/687/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/776/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/317/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/664/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/708/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/223/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/702/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/779/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/736/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/767/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/714/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/748/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/754/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/5/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/7/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/753/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/761/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/729/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/733/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/712/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/713/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/8/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/709/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/24/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/685/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/768/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/579/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/759/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
File opened for reading	/proc/717/cmdline	617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf

/tmp/617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
/tmp/617f61393e6bdcbb601fda4eff69ee0287584274e97b74d13a634a857eef7ce0.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:645

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads