1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1

Analysis

max time kernel
149s
max time network
147s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
06/12/2024, 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
Size

180KB
MD5

45b94d33227345f911a9a847d7ed3e59
SHA1

c6e7f413fe21ed81d1fb24632cd32296b18ef8ca
SHA256

1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1
SHA512

bb8fa75a3526f5d1064d0812b268a7ea6053edf5d1915bf92512b438c3ffdd82627f9c8cadeb9d2e57d9ba555a8292941a96f2e23ae0a3a7a43e3dc3c69f7df9
SSDEEP

3072:xESFFNyWClO1TvknaBn4qfdQSCcQzWolfj/YpEoGM/RxA04TjSN:SSHNUlOBMnaBn4qFQ/Oodj/yJGM/RxAM

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	666	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/722/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/758/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/795/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/4/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/17/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/104/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/107/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/137/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/743/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/753/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/761/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/24/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/669/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/714/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/725/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/742/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/762/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/773/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/790/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/793/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/6/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/404/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/687/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/744/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/771/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/22/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/281/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/668/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/676/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/42/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/696/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/711/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/717/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/721/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/19/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/25/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/700/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/765/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/768/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/779/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/800/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/280/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/282/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/683/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/695/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/723/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/709/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/710/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/716/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/27/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/106/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/674/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/686/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/693/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/752/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/788/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/708/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/772/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/774/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/688/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/702/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/736/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/802/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
File opened for reading	/proc/11/cmdline	1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf

/tmp/1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
/tmp/1bb5160a12ab797d639a356acd6dccbfa37186364d3efcbe116fd831126a86c1.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:666

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads