88322bc6ae9c303b870aa541be367a6a07c4a7ba767a2fd4ef036d961e35cd87

Analysis

max time kernel
149s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
06/12/2024, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.arm.elf
Size

134KB
MD5

a36863081682027d35925604dafae9cf
SHA1

19eb91162ddcbddc0028a3c22d29714fb0c1ac87
SHA256

88322bc6ae9c303b870aa541be367a6a07c4a7ba767a2fd4ef036d961e35cd87
SHA512

ace6a2dacfb3c07b34dcfc869af9e208dbda1e6a34aebeaac47c353ad93d4c86475f37fc350e6e2b478c90bddde227abe4d8c6ea6e9b0e45114fcb9ada3d5b82
SSDEEP

1536:LeIIcq87ZO8VQzlHauyUAGDvlFFAeSv4VAZJsTgVsU8BD+2/oXd7lOrMwywmFfbj:6IIifcyURDtFFQ4UiMVsU8XAXGRqvQK

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M "	663	bot.arm.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/24/cmdline	bot.arm.elf
File opened for reading	/proc/464/cmdline	bot.arm.elf
File opened for reading	/proc/724/cmdline	bot.arm.elf
File opened for reading	/proc/662/cmdline	bot.arm.elf
File opened for reading	/proc/710/cmdline	bot.arm.elf
File opened for reading	/proc/757/cmdline	bot.arm.elf
File opened for reading	/proc/758/cmdline	bot.arm.elf
File opened for reading	/proc/781/cmdline	bot.arm.elf
File opened for reading	/proc/3/cmdline	bot.arm.elf
File opened for reading	/proc/13/cmdline	bot.arm.elf
File opened for reading	/proc/655/cmdline	bot.arm.elf
File opened for reading	/proc/795/cmdline	bot.arm.elf
File opened for reading	/proc/29/cmdline	bot.arm.elf
File opened for reading	/proc/275/cmdline	bot.arm.elf
File opened for reading	/proc/660/cmdline	bot.arm.elf
File opened for reading	/proc/680/cmdline	bot.arm.elf
File opened for reading	/proc/690/cmdline	bot.arm.elf
File opened for reading	/proc/8/cmdline	bot.arm.elf
File opened for reading	/proc/15/cmdline	bot.arm.elf
File opened for reading	/proc/25/cmdline	bot.arm.elf
File opened for reading	/proc/714/cmdline	bot.arm.elf
File opened for reading	/proc/784/cmdline	bot.arm.elf
File opened for reading	/proc/688/cmdline	bot.arm.elf
File opened for reading	/proc/696/cmdline	bot.arm.elf
File opened for reading	/proc/775/cmdline	bot.arm.elf
File opened for reading	/proc/656/cmdline	bot.arm.elf
File opened for reading	/proc/705/cmdline	bot.arm.elf
File opened for reading	/proc/722/cmdline	bot.arm.elf
File opened for reading	/proc/728/cmdline	bot.arm.elf
File opened for reading	/proc/734/cmdline	bot.arm.elf
File opened for reading	/proc/1/cmdline	bot.arm.elf
File opened for reading	/proc/9/cmdline	bot.arm.elf
File opened for reading	/proc/17/cmdline	bot.arm.elf
File opened for reading	/proc/786/cmdline	bot.arm.elf
File opened for reading	/proc/785/cmdline	bot.arm.elf
File opened for reading	/proc/793/cmdline	bot.arm.elf
File opened for reading	/proc/10/cmdline	bot.arm.elf
File opened for reading	/proc/305/cmdline	bot.arm.elf
File opened for reading	/proc/764/cmdline	bot.arm.elf
File opened for reading	/proc/97/cmdline	bot.arm.elf
File opened for reading	/proc/276/cmdline	bot.arm.elf
File opened for reading	/proc/682/cmdline	bot.arm.elf
File opened for reading	/proc/708/cmdline	bot.arm.elf
File opened for reading	/proc/721/cmdline	bot.arm.elf
File opened for reading	/proc/729/cmdline	bot.arm.elf
File opened for reading	/proc/735/cmdline	bot.arm.elf
File opened for reading	/proc/746/cmdline	bot.arm.elf
File opened for reading	/proc/22/cmdline	bot.arm.elf
File opened for reading	/proc/141/cmdline	bot.arm.elf
File opened for reading	/proc/687/cmdline	bot.arm.elf
File opened for reading	/proc/774/cmdline	bot.arm.elf
File opened for reading	/proc/689/cmdline	bot.arm.elf
File opened for reading	/proc/730/cmdline	bot.arm.elf
File opened for reading	/proc/108/cmdline	bot.arm.elf
File opened for reading	/proc/413/cmdline	bot.arm.elf
File opened for reading	/proc/683/cmdline	bot.arm.elf
File opened for reading	/proc/41/cmdline	bot.arm.elf
File opened for reading	/proc/667/cmdline	bot.arm.elf
File opened for reading	/proc/713/cmdline	bot.arm.elf
File opened for reading	/proc/716/cmdline	bot.arm.elf
File opened for reading	/proc/720/cmdline	bot.arm.elf
File opened for reading	/proc/2/cmdline	bot.arm.elf
File opened for reading	/proc/5/cmdline	bot.arm.elf
File opened for reading	/proc/21/cmdline	bot.arm.elf

/tmp/bot.arm.elf
/tmp/bot.arm.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:663

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads