f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f

Analysis

max time kernel
150s
max time network
166s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
20-11-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
Size

180KB
MD5

4f75798ae497479aa06e8f8423372ab7
SHA1

e26460b0311856c519c2452f2a9a00e7ddea7c65
SHA256

f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f
SHA512

e9c7c1b73275da95621166de248592b03d6654ff949417a7f9da39cdb7b8e8d37a9628dbcccc7e481afd928fa96a4248cc1d6800c62d569e460adda299914e80
SSDEEP

3072:xESFFNZSClK1Tvk3ahn4qfdQGGgQzWo6Qi/jdGLrUxMQkunSh:SSHNBlKBM3ahn4qFQ/KoJi/jdGLrUxMf

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	652	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/776/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/41/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/656/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/664/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/719/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/733/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/751/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/273/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/653/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/672/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/718/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/732/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/747/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/771/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/1/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/113/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/271/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/720/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/727/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/645/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/684/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/691/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/742/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/780/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/116/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/278/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/654/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/717/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/162/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/647/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/688/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/731/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/745/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/752/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/758/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/777/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/5/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/20/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/716/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/779/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/601/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/649/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/655/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/690/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/697/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/2/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/148/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/274/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/687/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/692/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/708/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/734/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/760/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/21/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/149/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/666/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/711/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/737/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/783/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/26/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/29/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/322/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/781/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
File opened for reading	/proc/703/cmdline	f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf

/tmp/f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
/tmp/f1638c7aef09c041b574ed60370c4dd6a9c9f94e7b661c6ac7bf3a37b521459f.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:652

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads