Analysis
-
max time kernel
140s -
max time network
160s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
-
submitted
20-11-2024 01:46
General
-
Target
dvwkja7.elf
-
Size
178KB
-
MD5
ddf40003ed182c63697acb8769776307
-
SHA1
e47b3349e348df2532798fec9ef5839363b83fa7
-
SHA256
6ba4368af53ef8ddecb7750e60b86495bc9649fdc5370fe5e70bb59e1dd32194
-
SHA512
40d2e6698e86b00d900d28cdf3450b1ca117042a0f21da5b6c0b52dbcef65fc6a9efe93846c505d39d595adb48f40e0b986ff05fcc8027f00fe690ae5720f108
-
SSDEEP
3072:2DR+sU7Kl3IKScPxelSoAauHthDkJjYB71uGhLs5K5h0oXM/Rc9:2DR+Z7KlpScP0woAauHthDkhYHuMLs5w
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/dvwkja7.elf/tmp/dvwkja7.elf1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
-
/bin/shsh -c "ps -e -o pid,args="2⤵
-
/usr/bin/psps -e -o "pid,args="3⤵
- Reads runtime system information
-
-