Analysis
-
max time kernel
149s -
max time network
155s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
29-06-2024 01:21
Behavioral task
behavioral1
Sample
61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
3 signatures
150 seconds
General
-
Target
61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf
-
Size
153KB
-
MD5
a542b07e5a587db4a8d3a4d843ecfac1
-
SHA1
bf6a26fe29871bcbb5d7aad58591797035c182b5
-
SHA256
61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2
-
SHA512
a723fa0b0f4bc26e20691be76996856cd7540f1d8ebd5826f5cdc1da6115e83db59ef384df5c4749e083d70fa5e745f53d8c89f83de36ae93ca1a64579f95337
-
SSDEEP
3072:30MUdi18VNT8aSmiuM1Z9665rhWycqsci/mCGM/9HODF9z+:30MUQ1ad8aSmiuM1/6MWxRci/mrM/9qK
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
pid 656 -
Changes its process name 1 IoCs
Processes:
61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself httpd 655 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elfdescription ioc process File opened for reading /proc/88ll�"/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/444/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�0/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�5/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/77776/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/7777�6/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/77777/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/3333N-/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/77772/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/222/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66665/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666w5/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66666/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66666/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/7777j7/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666 :/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/1111J-/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/11118#/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/222l�"/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66665/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/7777+7/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/111c�"/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/5555/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/11/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666w5/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�5/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66666/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/22/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66666/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/7777>7/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666P:/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�4/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66664/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/111c�"/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/2222*/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�7/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/1111�"/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/222v�"/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�5/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/77776/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/222i�"/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/7777�6/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/2222;,/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/111�"/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�5/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�:/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/222�"/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/11110(/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66665/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666i5/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�5/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/77774/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/77777/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/222�"/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66665/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66664/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/7777�6/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/777757/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/111m�"/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/66665/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/6666�5/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/7777�6/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/33335/cmdline 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf File opened for reading /proc/7777�6/stat 61d81c2f32da1ac3033e9132b61926b8342310c6ba2e899773a8d6f078d229f2.elf