ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b

Analysis

max time kernel
150s
max time network
164s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
08/12/2024, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
Size

180KB
MD5

6d8f63e62332fde8b4fe4bbfa0c01457
SHA1

e8abd93080e4571d2eeed5fcbc0f15440c54f9e2
SHA256

ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b
SHA512

ae2835f5ecf2f7cc7fb83b1475bd4f6c195812c52e1f2780f5849f07fd0864814a43ec1ff488bb65c52631e295c36a2447e03f2a5ada9a5c2813ef3aa86dfd80
SSDEEP

3072:xsSpRNyuaZWNcTkdaRjUurFEc2IY7Go6lA/YpEoGM/R9BQ3bB3:KS/NcZWeodaRjUuhExyoUA/yJGM/R9BM

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M "	709	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/763/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/26/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/27/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/725/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/5/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/732/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/743/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/4/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/353/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/666/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/715/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/207/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/247/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/711/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/8/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/742/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/760/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/684/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/714/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/730/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/731/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/744/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/21/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/144/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/312/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/746/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/754/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/602/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/688/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/723/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/753/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/221/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/317/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/727/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/17/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/454/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/722/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/74/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/460/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/734/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/733/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/28/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/343/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/685/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/31/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/761/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/14/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/593/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/706/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/724/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/737/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/6/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/30/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/707/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/35/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/47/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/345/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/19/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/25/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/29/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/43/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/45/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/188/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
File opened for reading	/proc/726/cmdline	ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf

/tmp/ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
/tmp/ac178b51b0f1a0a28cbe5676fe1560207599fb185d606299db5747983987a54b.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:709

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads