Analysis
-
max time kernel
150s -
max time network
139s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
01-12-2024 02:19
Behavioral task
behavioral1
Sample
32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
3 signatures
150 seconds
General
-
Target
32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf
-
Size
130KB
-
MD5
35e26c103bfe7271da13ba1b34c8c427
-
SHA1
5e6f5e52565ef44c28e83648edd6baa2e36a894f
-
SHA256
32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822
-
SHA512
08d7545f93c062f965f248aea4e8c2f631a7249c2bd9166f6c52488a8206f822128ea55d6ddae18c0d7b064db37d1ba7568e4987dec70010c54481d4635ee252
-
SSDEEP
1536:zP8g2CSJG5mIOd34M1Ae0Y1jAFrZ4V/3ETVORjbaiMtjpChMDzlkHwywVFN+a41z:z0FGo1ZV1jI45ERORjbCZpCKnXQL
Score
6/10
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a- M " 666 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf -
description ioc Process File opened for reading /proc/12/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/27/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/667/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/707/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/766/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/758/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/11/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/17/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/26/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/97/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/278/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/736/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/756/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/4/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/659/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/664/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/669/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/709/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/762/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/769/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/6/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/7/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/343/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/725/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/789/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/20/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/692/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/787/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/8/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/307/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/690/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/753/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/767/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/759/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/15/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/16/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/306/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/468/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/676/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/704/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/728/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/793/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/794/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/797/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/109/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/684/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/696/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/757/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/1/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/25/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/41/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/75/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/407/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/701/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/702/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/780/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/29/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/275/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/668/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/711/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/718/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/791/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/665/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf File opened for reading /proc/694/cmdline 32e6d50e2c57e27849f3fcd3f723801bebade853d33fe24981b563de3cd09822.elf