6645f8f93e65b8af0101e717a3c3baa6a2d20c43f6d618b02e1abc27fa7780eb

Analysis

max time kernel
149s
max time network
148s
platform
debian-12_armhf
resource
debian12-armhf-20240729-en
resource tags

arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
21-11-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
Size

180KB
MD5

2d944d27cdf592a1b9bd0fda481cf2fe
SHA1

4bdfb81c3308763f3141734a87688b2990dcc58a
SHA256

1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e
SHA512

00649d161a54e1d441809970c9c8a6dddf33ac8db7709cdfca996d5b4e0ae26d7d67e259af118f0ac98701f393193d86135bacdc175bb8ed6acbfbcb66c3a0e2
SSDEEP

3072:xESFFNFSClK1Tvk3ahn4qfdQGGgQzWo6li/YpEoGM/RxMQkunSh:SSHNNlKBM3ahn4qFQ/Kowi/yJGM/RxMf

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	706	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/45/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/326/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/631/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/716/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/27/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/42/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/708/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/719/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/20/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/44/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/758/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/28/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/713/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/683/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/9/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/664/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/16/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/18/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/36/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/680/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/729/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/753/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/2/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/5/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/25/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/740/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/752/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/4/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/7/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/323/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/710/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/698/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/702/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/19/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/23/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/742/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/1/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/11/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/737/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/745/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/57/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/727/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/270/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/720/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/746/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/56/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/264/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/749/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/757/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/725/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/730/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/143/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/704/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/709/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/13/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/14/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/46/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/73/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/348/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/12/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/17/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/32/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/666/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
File opened for reading	/proc/726/cmdline	1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf

/tmp/1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
/tmp/1cdaf1eca20accfbba7a63e7f0322e71616766fd38a0bd35cc094a22e8df9d2e.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:706

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads