95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b

Analysis

max time kernel
149s
max time network
162s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
09/12/2024, 02:41

Target

95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b.elf
Size

130KB
MD5

b824f2da79cf9b3974f43e5a7ca952ee
SHA1

3463cb97b12fbb27c4e1aa244b8947e0ac0e1549
SHA256

95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b
SHA512

4647c89ef3c136d5def593f35446ed61a5066f99f28224f51dd55beac0c8077ac074c547bd8f258365c19c98c72e53ec0668be589863ccd69c3dd0d67de3ccd8
SSDEEP

1536:QKdzElm18uZJNb4AXFa8eAZHk4VB7fzTTnf5mgYivCyeqZ/Z20lCmwyw6RNPUTuN:QKp50oU8e947L3f5mziPtRZ55ZKO

Score

7^/10

Deletes itself 1 IoCs

pid	Process
662	95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b.elf

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
662	95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b.elf
664	95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	662	95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b.elf	95870e8883a9c1a5bc34efb09e5cda7a8f94a3cafe52cdae423f2aa3eaa6c28b.elf