5b547e3c2e27333dfdaa0af3ff0387a2c6ba621f0ae848244157691e365580c4

Analysis

max time kernel
151s
max time network
155s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
22/07/2024, 03:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e85bfa1152c35ec58202761ff146ab69.elf
Size

71KB
MD5

e85bfa1152c35ec58202761ff146ab69
SHA1

dc32e9c72864b09b411ce5664ff2f08fca51bacf
SHA256

5b547e3c2e27333dfdaa0af3ff0387a2c6ba621f0ae848244157691e365580c4
SHA512

3d6edba09d95e5819d14aead7116cb00d6fc2df46c4c977ad8b176fabb4b29f2c60a96746e1710c716e7765e38fa471e5f2af94caf2c43f0cc892273ff5b750a
SSDEEP

1536:iFgYATFOJ6AmxjvTL2ZJaOLuV4kWL/ex:iFgYCOWTL2a43L/e

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
741	e85bfa1152c35ec58202761ff146ab69.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	nginx	744
Changes the process name, possibly in an attempt to hide itself	bash	743
Changes the process name, possibly in an attempt to hide itself	inetd	745
Changes the process name, possibly in an attempt to hide itself	sshd	746

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/12/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/33/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/711/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/3/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/10/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/26/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/408/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/4/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/30/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/45/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/755/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/391/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/679/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/680/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/731/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/8/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/22/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/35/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/111/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/747/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/734/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/5/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/116/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/356/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/424/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/113/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/138/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/745/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/2/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/9/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/377/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/667/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/17/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/28/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/32/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/379/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/21/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/23/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/11/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/15/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/19/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/20/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/6/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/25/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/42/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/746/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/119/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/180/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/14/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/27/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/53/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/114/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/716/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/31/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/58/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/59/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/396/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/29/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/48/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/409/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/710/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/1/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/7/cmdline	e85bfa1152c35ec58202761ff146ab69.elf
File opened for reading	/proc/16/cmdline	e85bfa1152c35ec58202761ff146ab69.elf

/tmp/e85bfa1152c35ec58202761ff146ab69.elf
/tmp/e85bfa1152c35ec58202761ff146ab69.elf
1⤵
- Deletes itself
- Reads runtime system information
PID:741

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads