281a1dca497fd207fd192ce0985965bd370a2845d420241af01736a456102e46

Analysis

max time kernel
131s
max time network
144s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
30/06/2024, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fe5004c1f21312c004de00e167cf76c.elf
Size

96KB
MD5

3fe5004c1f21312c004de00e167cf76c
SHA1

6835d8fe90a99d96fb4d3ff10dafffd65d6f2a09
SHA256

281a1dca497fd207fd192ce0985965bd370a2845d420241af01736a456102e46
SHA512

92b8cc1ed608be3a18c0abedd4c62a678d980f87a9cb4a4700c8a894b942efd163e8baca87198d8ed9c15af83de3b205240d5f6e8cd085ecc6cc69d9aa169a3a
SSDEEP

1536:F7EnxX/ZpiIvAuZrOVgpUEW5iIO24eFyZNI4oSiTQ5:KnxX//iwiEWAIO2ok4Io

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid
711

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	709	3fe5004c1f21312c004de00e167cf76c.elf

Reads runtime system information 57 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/3/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/4/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/8/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/337/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/5/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/13/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/80/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/335/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/390/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/37/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/22/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/69/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/71/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/75/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/7/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/15/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/17/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/339/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/668/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/19/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/21/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/140/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/163/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/12/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/18/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/370/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/2/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/23/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/78/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/146/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/231/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/24/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/36/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/104/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/382/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/671/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/76/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/72/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/73/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/151/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/379/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/6/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/77/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/414/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/9/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/70/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/112/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/677/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/10/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/11/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/338/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/343/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/14/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/16/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/20/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/113/cmdline	3fe5004c1f21312c004de00e167cf76c.elf
File opened for reading	/proc/248/cmdline	3fe5004c1f21312c004de00e167cf76c.elf

/tmp/3fe5004c1f21312c004de00e167cf76c.elf
/tmp/3fe5004c1f21312c004de00e167cf76c.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:709

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads