a8ca7a3cb311be4871298a87dc2fded49d00484778651d20a16f963d2d4f46b3

Analysis

max time kernel
150s
max time network
151s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
22/07/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a03f4a1a18f8b3f3c87f9f9ad623c869.elf
Size

180KB
MD5

a03f4a1a18f8b3f3c87f9f9ad623c869
SHA1

e4253e94bc8c18c815dd8638b84859b950bd7215
SHA256

a8ca7a3cb311be4871298a87dc2fded49d00484778651d20a16f963d2d4f46b3
SHA512

756cc4434f61408fc985ea10000de9eb3d7ac78f4ab7505bf99fd95cbf9e479c9deb356624577fddd08c4a86d6622cbb4404c52f16cccc6913d1cc5661d5358a
SSDEEP

3072:8e/J5zDK1itDXkvaRvgKn1gd54oLGo6kK/EIpUoAM/RVU0h:8eh5S1iZ0vaRvgK1g7CopK/EiZAM/RVR

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M "	704	a03f4a1a18f8b3f3c87f9f9ad623c869.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/343/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/728/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/755/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/17/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/26/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/33/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/679/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/717/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/720/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/736/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/741/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/4/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/43/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/344/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/599/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/725/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/9/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/18/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/32/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/29/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/143/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/253/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/354/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/747/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/20/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/23/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/27/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/47/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/444/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/721/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/326/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/212/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/735/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/739/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/25/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/665/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/718/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/5/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/8/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/35/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/719/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/1/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/34/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/309/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/709/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/737/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/701/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/708/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/24/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/680/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/723/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/743/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/3/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/683/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/727/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/11/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/21/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/36/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/74/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/733/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/758/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/12/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/14/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf
File opened for reading	/proc/28/cmdline	a03f4a1a18f8b3f3c87f9f9ad623c869.elf

/tmp/a03f4a1a18f8b3f3c87f9f9ad623c869.elf
/tmp/a03f4a1a18f8b3f3c87f9f9ad623c869.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:704

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads