3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5

Analysis

max time kernel
74s
max time network
149s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01/07/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
Size

146KB
MD5

e5ce02a63d8b339226c7bc443632eeb4
SHA1

cc72003bb9cb185c827c3bdc2e6f6d9a178f23cd
SHA256

3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5
SHA512

0dd155de557c4a0b5fa09797ddbb67cbccc9ac63ababcc6dfbf1f9e319410b79058b5fa3c09efbb6480da64972c70ba2a8e03422a173c93cd3f8920736cc1999
SSDEEP

3072:v04Ad2ACy/FQV1r4K4bP/uztbLburYUux4bDH:v04AdtAB4K4b3uztaEUuxs

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	645	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/108/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/698/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/730/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/746/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/17/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/169/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/599/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/657/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/684/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/707/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/750/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/10/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/649/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/660/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/673/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/681/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/712/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/714/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/19/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/43/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/664/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/685/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/716/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/737/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/76/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/146/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/696/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/704/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/723/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/741/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/759/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/29/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/674/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/691/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/705/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/26/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/710/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/713/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/764/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/728/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/11/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/16/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/670/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/671/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/678/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/702/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/709/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/592/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/638/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/642/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/646/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/661/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/752/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/754/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/12/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/277/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/579/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/762/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/272/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/703/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/721/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/760/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/2/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
File opened for reading	/proc/132/cmdline	3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf

/tmp/3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
/tmp/3a5c9fb1672dc49736c7ea4ca1d9163de3c15c4a73d1b1435b089e5989732ed5.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:645

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads