7237ce139be1d569db17ae0937c9391caf941313768f0f68f0053080abd10086

Analysis

max time kernel
149s
max time network
152s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07-12-2024 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.arm5.elf
Size

130KB
MD5

06e031e63b6d903308f18a4b96ddd7c9
SHA1

4a1b49367df21da1482d604895fc098eb7fa3a18
SHA256

7237ce139be1d569db17ae0937c9391caf941313768f0f68f0053080abd10086
SHA512

9f5020171d8c95601ed43fb2945b18e05dbd3dede6f72b14899d8490c30a18b0ce36f38db8fc1d2332ba0aff5243d7684a25bc595864d83bf725d1c2c0015d66
SSDEEP

1536:zP8g2CSJG5mIOd34h1ASMY1DAFjl4V/3ETVORjbaiMtjpChMDzlkHwywVFN+a41q:z0FG91Vd1Dk45ERORjbCZpCKnXQU

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M "	667	bot.arm5.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/686/cmdline	bot.arm5.elf
File opened for reading	/proc/729/cmdline	bot.arm5.elf
File opened for reading	/proc/737/cmdline	bot.arm5.elf
File opened for reading	/proc/14/cmdline	bot.arm5.elf
File opened for reading	/proc/700/cmdline	bot.arm5.elf
File opened for reading	/proc/275/cmdline	bot.arm5.elf
File opened for reading	/proc/730/cmdline	bot.arm5.elf
File opened for reading	/proc/736/cmdline	bot.arm5.elf
File opened for reading	/proc/695/cmdline	bot.arm5.elf
File opened for reading	/proc/712/cmdline	bot.arm5.elf
File opened for reading	/proc/720/cmdline	bot.arm5.elf
File opened for reading	/proc/141/cmdline	bot.arm5.elf
File opened for reading	/proc/704/cmdline	bot.arm5.elf
File opened for reading	/proc/719/cmdline	bot.arm5.elf
File opened for reading	/proc/769/cmdline	bot.arm5.elf
File opened for reading	/proc/792/cmdline	bot.arm5.elf
File opened for reading	/proc/42/cmdline	bot.arm5.elf
File opened for reading	/proc/138/cmdline	bot.arm5.elf
File opened for reading	/proc/306/cmdline	bot.arm5.elf
File opened for reading	/proc/448/cmdline	bot.arm5.elf
File opened for reading	/proc/665/cmdline	bot.arm5.elf
File opened for reading	/proc/676/cmdline	bot.arm5.elf
File opened for reading	/proc/771/cmdline	bot.arm5.elf
File opened for reading	/proc/774/cmdline	bot.arm5.elf
File opened for reading	/proc/136/cmdline	bot.arm5.elf
File opened for reading	/proc/404/cmdline	bot.arm5.elf
File opened for reading	/proc/679/cmdline	bot.arm5.elf
File opened for reading	/proc/681/cmdline	bot.arm5.elf
File opened for reading	/proc/711/cmdline	bot.arm5.elf
File opened for reading	/proc/742/cmdline	bot.arm5.elf
File opened for reading	/proc/776/cmdline	bot.arm5.elf
File opened for reading	/proc/43/cmdline	bot.arm5.elf
File opened for reading	/proc/666/cmdline	bot.arm5.elf
File opened for reading	/proc/693/cmdline	bot.arm5.elf
File opened for reading	/proc/765/cmdline	bot.arm5.elf
File opened for reading	/proc/775/cmdline	bot.arm5.elf
File opened for reading	/proc/782/cmdline	bot.arm5.elf
File opened for reading	/proc/770/cmdline	bot.arm5.elf
File opened for reading	/proc/794/cmdline	bot.arm5.elf
File opened for reading	/proc/278/cmdline	bot.arm5.elf
File opened for reading	/proc/337/cmdline	bot.arm5.elf
File opened for reading	/proc/664/cmdline	bot.arm5.elf
File opened for reading	/proc/701/cmdline	bot.arm5.elf
File opened for reading	/proc/718/cmdline	bot.arm5.elf
File opened for reading	/proc/738/cmdline	bot.arm5.elf
File opened for reading	/proc/24/cmdline	bot.arm5.elf
File opened for reading	/proc/108/cmdline	bot.arm5.elf
File opened for reading	/proc/745/cmdline	bot.arm5.elf
File opened for reading	/proc/750/cmdline	bot.arm5.elf
File opened for reading	/proc/753/cmdline	bot.arm5.elf
File opened for reading	/proc/15/cmdline	bot.arm5.elf
File opened for reading	/proc/23/cmdline	bot.arm5.elf
File opened for reading	/proc/25/cmdline	bot.arm5.elf
File opened for reading	/proc/678/cmdline	bot.arm5.elf
File opened for reading	/proc/699/cmdline	bot.arm5.elf
File opened for reading	/proc/734/cmdline	bot.arm5.elf
File opened for reading	/proc/797/cmdline	bot.arm5.elf
File opened for reading	/proc/790/cmdline	bot.arm5.elf
File opened for reading	/proc/684/cmdline	bot.arm5.elf
File opened for reading	/proc/688/cmdline	bot.arm5.elf
File opened for reading	/proc/694/cmdline	bot.arm5.elf
File opened for reading	/proc/715/cmdline	bot.arm5.elf
File opened for reading	/proc/732/cmdline	bot.arm5.elf
File opened for reading	/proc/787/cmdline	bot.arm5.elf

/tmp/bot.arm5.elf
/tmp/bot.arm5.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:667

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads