71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2

Analysis

max time kernel
150s
max time network
164s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
07/12/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
Size

216KB
MD5

a838a51cfee62f7282043699912f0d02
SHA1

94b755819285a51b28b7a0b130ccf75407bd78fb
SHA256

71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2
SHA512

b695ef3034130188b68a70bdc4101d25a80338beaf96324774c30618f0d2327c00d2b9d44dec8ca55fa11d70f989ab6995da3f314b802fc9186c8c38b504631b
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIDN:R/j3u2aucadoWCZHP9p2xf/uIB

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
708	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	705	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/444d�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/111cx/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/444s�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/555s�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/222�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777j;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/3333�4/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/6666!;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/222c\|/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/222l�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/1111`;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/555s�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/3333P5/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/33335/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/6666g;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/111up/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/444d�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/44/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/222m�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/222294/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/4444/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/444d�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333s�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/777/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/6666�:/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/222m�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333c�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/222/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/444/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777p;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/3333�6/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/3333�4/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/6666f;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/33/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/88/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/3333�4/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/555k�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333�/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/11/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/1111�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/66/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/777k�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/333�/cmdline	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/4444�6/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
File opened for reading	/proc/7777�;/stat	71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf

/tmp/71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
/tmp/71e95046d72811647a5be9ccf43db086b588bbc94a3ce920a6b271b01263ace2.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:705

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads