7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c

Analysis

max time kernel
149s
max time network
155s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
10/07/2024, 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
Size

70KB
MD5

f0b3c25ed6c5aeff6f3aba1fed629a30
SHA1

6d299def68f2736b428750563dfc6b49d8de8fc4
SHA256

7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c
SHA512

e1f7cf96a257e5fb09b616d0647f775844626055f4c83edea10a3d7965b4d48a9150e0bf811db7804c500b125cd0be1a765f58afc5d8ef9632f5c3cd74de2cd0
SSDEEP

768:bPWek0n4CjdGQKKWxmg0EhFkFkeYA+Qo6FXyApGqFDjOZ2uyyQ5NeNTP4wnRIZ:bj/hSmmjAo6dym2Uu6eBPZnRq

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
697	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	bash	698
Changes the process name, possibly in an attempt to hide itself	nginx	699
Changes the process name, possibly in an attempt to hide itself	inetd	700
Changes the process name, possibly in an attempt to hide itself	sshd	701

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/140/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/385/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/805/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/1/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/5/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/17/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/20/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/316/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/675/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/6/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/10/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/11/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/19/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/24/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/104/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/373/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/701/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/81/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/458/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/7/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/8/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/15/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/72/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/70/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/164/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/694/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/37/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/74/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/78/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/757/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/313/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/700/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/736/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/13/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/23/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/147/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/224/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/68/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/225/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/314/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/691/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/4/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/12/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/14/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/16/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/693/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/703/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/724/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/769/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/76/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/319/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/695/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/704/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/3/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/21/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/22/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/321/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/352/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/372/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/394/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/18/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/67/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/73/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
File opened for reading	/proc/689/cmdline	7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf

/tmp/7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
/tmp/7e6af789789a4547fc9cf01fb4f58c585f53ce97a1dc046783f5768a74a0e26c.elf
1⤵
- Deletes itself
- Reads runtime system information
PID:697

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads