02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e

Analysis

max time kernel
27s
max time network
55s
platform
debian-12_mipsel
resource
debian12-mipsel-20240418-en
resource tags

arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
18-08-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
Size

173KB
MD5

31d6a09621d510f09ce143b7b60ff9c9
SHA1

c3db40e7722f367ff8b33301a93f1ae1f3d30ee1
SHA256

02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e
SHA512

f7d1498d39ea6dedeb44a30b118828128b5c321dffce651cd2c11288065c55962397ebc2876d2d0a12692e57aa554887b616b2a20ab2071f07f6235d58260498
SSDEEP

3072:ueEksFM+wX5OTaVR8H3NaMZOTTMJxt9U+7fKbZE:ueEnO+wXfVWdaMATwJHy+ut

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

Processes:

02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	741	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf

description	ioc	Process
File opened for reading	/proc/736/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/764/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/6/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/733/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/780/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/759/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/18/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/114/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/777/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/137/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/209/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/772/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/180/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/747/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/21/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/419/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/20/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/45/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/25/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/415/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/754/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/756/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/334/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/718/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/117/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/348/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/744/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/768/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/769/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/717/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/732/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/721/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/23/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/745/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/8/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/17/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/396/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/112/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/113/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/10/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/385/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/35/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/53/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/111/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/692/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/9/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/28/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/762/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/26/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/33/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/22/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/675/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/12/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/15/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/664/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/749/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/30/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/58/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/770/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/118/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/773/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/775/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/14/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
File opened for reading	/proc/42/cmdline	02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf

/tmp/02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
/tmp/02940ae0ab776f9f885856e52b66394b6f1ed80e370bc1b19bd7a435eb43950e.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:741

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads