cec9f84d60aebab65aca6192ec63d9450eef9228151ec03105d707612017ffb4

Analysis

max time kernel
117s
max time network
100s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29/09/2024, 20:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bot.arm7
Size

175KB
MD5

52476120503016d971d4508774b68670
SHA1

65ab350628f6b63df1bde0f18385e5a5fe64d93e
SHA256

cec9f84d60aebab65aca6192ec63d9450eef9228151ec03105d707612017ffb4
SHA512

e5371b2744abb9acc1a8bd83d298f30b8a71139bb8a1bfd22f628f5c7f13645fb8e4afccc857fba5a2fca9d5d596f8887b20a98e0430c85022473a8c4063ecdd
SSDEEP

3072:jr/dsLezlTERakAajYFyisk5ybXCUBp14/hJjogM/RIyOGd:jr/jlT89AajYFybkAZBv4/XMgM/RIyOy

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	647	bot.arm7

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/2/cmdline	bot.arm7
File opened for reading	/proc/601/cmdline	bot.arm7
File opened for reading	/proc/650/cmdline	bot.arm7
File opened for reading	/proc/704/cmdline	bot.arm7
File opened for reading	/proc/725/cmdline	bot.arm7
File opened for reading	/proc/767/cmdline	bot.arm7
File opened for reading	/proc/29/cmdline	bot.arm7
File opened for reading	/proc/599/cmdline	bot.arm7
File opened for reading	/proc/659/cmdline	bot.arm7
File opened for reading	/proc/664/cmdline	bot.arm7
File opened for reading	/proc/706/cmdline	bot.arm7
File opened for reading	/proc/709/cmdline	bot.arm7
File opened for reading	/proc/710/cmdline	bot.arm7
File opened for reading	/proc/22/cmdline	bot.arm7
File opened for reading	/proc/24/cmdline	bot.arm7
File opened for reading	/proc/279/cmdline	bot.arm7
File opened for reading	/proc/688/cmdline	bot.arm7
File opened for reading	/proc/729/cmdline	bot.arm7
File opened for reading	/proc/741/cmdline	bot.arm7
File opened for reading	/proc/1/cmdline	bot.arm7
File opened for reading	/proc/324/cmdline	bot.arm7
File opened for reading	/proc/652/cmdline	bot.arm7
File opened for reading	/proc/684/cmdline	bot.arm7
File opened for reading	/proc/738/cmdline	bot.arm7
File opened for reading	/proc/742/cmdline	bot.arm7
File opened for reading	/proc/745/cmdline	bot.arm7
File opened for reading	/proc/756/cmdline	bot.arm7
File opened for reading	/proc/3/cmdline	bot.arm7
File opened for reading	/proc/7/cmdline	bot.arm7
File opened for reading	/proc/11/cmdline	bot.arm7
File opened for reading	/proc/18/cmdline	bot.arm7
File opened for reading	/proc/28/cmdline	bot.arm7
File opened for reading	/proc/165/cmdline	bot.arm7
File opened for reading	/proc/658/cmdline	bot.arm7
File opened for reading	/proc/681/cmdline	bot.arm7
File opened for reading	/proc/765/cmdline	bot.arm7
File opened for reading	/proc/19/cmdline	bot.arm7
File opened for reading	/proc/21/cmdline	bot.arm7
File opened for reading	/proc/104/cmdline	bot.arm7
File opened for reading	/proc/671/cmdline	bot.arm7
File opened for reading	/proc/693/cmdline	bot.arm7
File opened for reading	/proc/721/cmdline	bot.arm7
File opened for reading	/proc/739/cmdline	bot.arm7
File opened for reading	/proc/763/cmdline	bot.arm7
File opened for reading	/proc/772/cmdline	bot.arm7
File opened for reading	/proc/665/cmdline	bot.arm7
File opened for reading	/proc/674/cmdline	bot.arm7
File opened for reading	/proc/675/cmdline	bot.arm7
File opened for reading	/proc/764/cmdline	bot.arm7
File opened for reading	/proc/13/cmdline	bot.arm7
File opened for reading	/proc/639/cmdline	bot.arm7
File opened for reading	/proc/17/cmdline	bot.arm7
File opened for reading	/proc/107/cmdline	bot.arm7
File opened for reading	/proc/277/cmdline	bot.arm7
File opened for reading	/proc/278/cmdline	bot.arm7
File opened for reading	/proc/703/cmdline	bot.arm7
File opened for reading	/proc/751/cmdline	bot.arm7
File opened for reading	/proc/762/cmdline	bot.arm7
File opened for reading	/proc/770/cmdline	bot.arm7
File opened for reading	/proc/602/cmdline	bot.arm7
File opened for reading	/proc/728/cmdline	bot.arm7
File opened for reading	/proc/748/cmdline	bot.arm7
File opened for reading	/proc/25/cmdline	bot.arm7
File opened for reading	/proc/640/cmdline	bot.arm7

/tmp/bot.arm7
/tmp/bot.arm7
1⤵
- Changes its process name
- Reads runtime system information
PID:647

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads