68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9

Analysis

max time kernel
149s
max time network
144s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
10-12-2024 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
Size

214KB
MD5

e543ad9b455dc9aca86d9cada1fd9454
SHA1

fa4a260b769df0888cedbb3d0d5be7e71e93c72f
SHA256

68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9
SHA512

34051c62843aeea37c58199348a58af22f3d669feba0f281b14e9a7e0dbb50c7d193a68c1b05af8107e82ff2e392b0b030f6deaa35b1075496bb42e1232a4ccb
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIDW:R/j3u2aucadoWCZHP9p2xf/uI6

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
662	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	661	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/3333 -/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/88ll�"/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777�6/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�8/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�8/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�9/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/222/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/222�"/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/66665/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777$6/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666?8/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�;/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/111m�"/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777�7/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666j6/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/222l�"/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/66666/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777�6/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�;/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�;/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/111/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�9/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666z5/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666 6/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666I9/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/111c�"/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�5/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/777706/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�6/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/666698/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/3333�,/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666z5/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�5/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777$6/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666k5/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777t7/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666q5/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�4/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�5/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/777717/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777r7/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/1111-/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/444s�"/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666 5/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777l6/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�8/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/222s�"/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/777767/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/666617/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�8/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666C9/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/222/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�5/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666:6/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666?8/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666�9/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/5555E0/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/4444�/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/66665/stat	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666v6/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777�6/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/7777 8/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
File opened for reading	/proc/6666E:/cmdline	68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf

/tmp/68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
/tmp/68edae6398f12d534bacea84fad2126775e9eb4c13d363ae9bb1fcd27e258bd9.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:661

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads