dacf4addefbd6676b70a084553b240a72f6d76d22d9dd41fb2850d85c9604817

Analysis

max time kernel
150s
max time network
149s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
04/07/2024, 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
Size

177KB
MD5

a7e0fafdde5f846255531926ce14524b
SHA1

3fea406c062505d37b533d138514d10aafe590c3
SHA256

6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b
SHA512

11c50bda99adb54975b69cfc40d52a6fa8643faf6357c63493ac4ce8d2af0576e22c40570e3c031dc3a0bf164872a4301cdd3d1fe007cf83851ff5a4eacc3b22
SSDEEP

3072:Mwoe3spPZt9nQiX/GpO1SMRpp6NWJdWQ0i:MnSshZDQiX/2ObRWoDWj

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M "	697	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/17/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/763/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/689/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/720/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/770/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/13/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/73/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/20/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/737/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/795/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/2/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/8/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/743/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/776/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/709/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/735/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/780/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/5/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/7/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/734/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/755/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/767/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/779/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/781/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/16/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/19/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/337/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/511/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/749/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/792/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/796/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/12/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/22/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/75/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/708/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/717/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/753/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/782/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/9/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/71/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/81/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/783/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/789/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/21/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/36/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/756/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/784/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/788/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/339/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/729/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/710/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/748/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/750/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/335/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/693/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/701/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/733/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/765/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/785/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/798/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/165/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/385/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/762/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
File opened for reading	/proc/791/cmdline	6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf

/tmp/6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
/tmp/6140dc4f4a0896076354c9851f742152155ebe27c85083fb2cb0e31fcb277c4b.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:697

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads