c5842095e11088994fd763d13c36f46401055743c91d0cbcca42282f4b4a559b

Analysis

max time kernel
150s
max time network
139s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07/09/2024, 01:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
Size

180KB
MD5

ac57ed25e3b303f8e43682ec3d86ef7a
SHA1

c197ce476293413be0681712c2002ea31503c2e1
SHA256

850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3
SHA512

310505a685c7b1aeb14a5228cd9729a4b119248002aa15a64ee43ec6328a6ba86d25f01a90be3c3736c3de00bb813ee6040ef7f35542a1cd6aab4db5ec8bafad
SSDEEP

3072:8aSOFNgWClO1TvknaBn4qfdQSCcQzWo6z6/YpEoGM/RxP04fjS5:RSKN2lOBMnaBn4qFQ/Oom6/yJGM/RxPc

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	652	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/683/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/686/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/691/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/12/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/41/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/330/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/669/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/673/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/692/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/724/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/735/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/783/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/106/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/265/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/277/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/674/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/758/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/754/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/759/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/3/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/74/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/147/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/676/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/737/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/16/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/649/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/705/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/736/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/749/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/710/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/720/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/740/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/677/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/6/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/8/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/26/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/167/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/402/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/10/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/751/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/785/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/768/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/679/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/681/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/706/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/715/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/742/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/786/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/1/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/14/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/687/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/763/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/770/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/732/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/738/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/765/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/13/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/260/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/290/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/654/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/657/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/773/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/2/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
File opened for reading	/proc/25/cmdline	850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf

/tmp/850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
/tmp/850f2e0c9f7bc93dde97e14ed87cc8cb45eb8f843b695357cce707a4b1673ec3.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:652

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads