64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea

Analysis

max time kernel
150s
max time network
161s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
21/09/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
Size

271KB
MD5

252a62dc31ee440bc3858fed5458eae1
SHA1

40185752c54b2fb487e297e9671a35c7dc05c0ff
SHA256

64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea
SHA512

34dad31ff2017ccc057c522e004fff4eec5902bd9ecc4fe65f48437430cdb90519a555cfe77734b728c329d942734584a983f9307698456af6226eb70245714a
SSDEEP

3072:RDMiDdSmrjVqsn0SPbUMno05Z9w/Oe1yirNRcDOqPRSm:/Tl0ST3o05Zm/OegQzcDOqPRV

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/620/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/713/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/22/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/32/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/59/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/111/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/118/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/180/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/12/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/15/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/20/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/30/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/618/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/8/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/28/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/29/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/58/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/187/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/410/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/742/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/743/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/1/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/11/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/19/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/48/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/342/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/693/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/23/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/53/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/6/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/7/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/35/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/25/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/37/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/110/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/4/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/5/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/9/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/17/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/710/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/717/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/16/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/33/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/384/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/3/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/13/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/21/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/109/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/417/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/731/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/self/maps	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/2/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/10/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/24/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/26/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/698/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/34/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/45/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/47/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/413/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/721/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/736/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/14/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
File opened for reading	/proc/18/cmdline	64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf

/tmp/64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
/tmp/64b0ba905e7dac1320a7849bb6e420bb5751b8033bf70d31346c8196cf3239ea.elf
1⤵
- Reads runtime system information
PID:742
- /bin/sh
  sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
  2⤵
  PID:748
- /bin/sh
  sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
  2⤵
  PID:751
- - /bin/busybox
    /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
    3⤵
    PID:753
- /bin/sh
  sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
  2⤵
  PID:757
- - /bin/iptables
    /bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
    3⤵
    PID:759
- /bin/sh
  sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
  2⤵
  PID:760
- - /usr/bin/iptables
    /usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
    3⤵
    PID:764
- /bin/sh
  sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
  2⤵
  PID:765
- - /usr/bin/busybox
    busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
    3⤵
    PID:767

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads