29a6737b8892b2fa5ae9515bcf033f5860c143974a275ca420c08afface2555f

Analysis

max time kernel
150s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
10-12-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.arm7.elf
Size

175KB
MD5

120454526962ecb994fb605038be27c4
SHA1

6e8f575a79154a11d6bd02b3a2bf757e99511942
SHA256

29a6737b8892b2fa5ae9515bcf033f5860c143974a275ca420c08afface2555f
SHA512

44bed1758870ce1d777267f392abbc614881d4a60182e4240ccb1b2059ad1c3166422c86e5dfa5f758f7fabeb5d54db359913fe9ae6d210ce039d83719ea9e36
SSDEEP

3072:HK/lc7BbBLHcBCkAabwdyqkkUbH/6EBpbO/hJjogM/RHyfqs:HK/oBLHElAabwdybkQ1BZO/XMgM/RHyz

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	647	bot.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/640/cmdline	bot.arm7.elf
File opened for reading	/proc/656/cmdline	bot.arm7.elf
File opened for reading	/proc/702/cmdline	bot.arm7.elf
File opened for reading	/proc/26/cmdline	bot.arm7.elf
File opened for reading	/proc/41/cmdline	bot.arm7.elf
File opened for reading	/proc/275/cmdline	bot.arm7.elf
File opened for reading	/proc/663/cmdline	bot.arm7.elf
File opened for reading	/proc/668/cmdline	bot.arm7.elf
File opened for reading	/proc/690/cmdline	bot.arm7.elf
File opened for reading	/proc/706/cmdline	bot.arm7.elf
File opened for reading	/proc/748/cmdline	bot.arm7.elf
File opened for reading	/proc/75/cmdline	bot.arm7.elf
File opened for reading	/proc/140/cmdline	bot.arm7.elf
File opened for reading	/proc/300/cmdline	bot.arm7.elf
File opened for reading	/proc/767/cmdline	bot.arm7.elf
File opened for reading	/proc/779/cmdline	bot.arm7.elf
File opened for reading	/proc/8/cmdline	bot.arm7.elf
File opened for reading	/proc/691/cmdline	bot.arm7.elf
File opened for reading	/proc/755/cmdline	bot.arm7.elf
File opened for reading	/proc/12/cmdline	bot.arm7.elf
File opened for reading	/proc/277/cmdline	bot.arm7.elf
File opened for reading	/proc/750/cmdline	bot.arm7.elf
File opened for reading	/proc/664/cmdline	bot.arm7.elf
File opened for reading	/proc/669/cmdline	bot.arm7.elf
File opened for reading	/proc/759/cmdline	bot.arm7.elf
File opened for reading	/proc/715/cmdline	bot.arm7.elf
File opened for reading	/proc/716/cmdline	bot.arm7.elf
File opened for reading	/proc/717/cmdline	bot.arm7.elf
File opened for reading	/proc/727/cmdline	bot.arm7.elf
File opened for reading	/proc/729/cmdline	bot.arm7.elf
File opened for reading	/proc/2/cmdline	bot.arm7.elf
File opened for reading	/proc/20/cmdline	bot.arm7.elf
File opened for reading	/proc/695/cmdline	bot.arm7.elf
File opened for reading	/proc/763/cmdline	bot.arm7.elf
File opened for reading	/proc/769/cmdline	bot.arm7.elf
File opened for reading	/proc/687/cmdline	bot.arm7.elf
File opened for reading	/proc/707/cmdline	bot.arm7.elf
File opened for reading	/proc/749/cmdline	bot.arm7.elf
File opened for reading	/proc/705/cmdline	bot.arm7.elf
File opened for reading	/proc/734/cmdline	bot.arm7.elf
File opened for reading	/proc/746/cmdline	bot.arm7.elf
File opened for reading	/proc/758/cmdline	bot.arm7.elf
File opened for reading	/proc/772/cmdline	bot.arm7.elf
File opened for reading	/proc/14/cmdline	bot.arm7.elf
File opened for reading	/proc/17/cmdline	bot.arm7.elf
File opened for reading	/proc/461/cmdline	bot.arm7.elf
File opened for reading	/proc/689/cmdline	bot.arm7.elf
File opened for reading	/proc/699/cmdline	bot.arm7.elf
File opened for reading	/proc/725/cmdline	bot.arm7.elf
File opened for reading	/proc/730/cmdline	bot.arm7.elf
File opened for reading	/proc/770/cmdline	bot.arm7.elf
File opened for reading	/proc/21/cmdline	bot.arm7.elf
File opened for reading	/proc/415/cmdline	bot.arm7.elf
File opened for reading	/proc/653/cmdline	bot.arm7.elf
File opened for reading	/proc/681/cmdline	bot.arm7.elf
File opened for reading	/proc/684/cmdline	bot.arm7.elf
File opened for reading	/proc/710/cmdline	bot.arm7.elf
File opened for reading	/proc/724/cmdline	bot.arm7.elf
File opened for reading	/proc/737/cmdline	bot.arm7.elf
File opened for reading	/proc/4/cmdline	bot.arm7.elf
File opened for reading	/proc/13/cmdline	bot.arm7.elf
File opened for reading	/proc/138/cmdline	bot.arm7.elf
File opened for reading	/proc/460/cmdline	bot.arm7.elf
File opened for reading	/proc/650/cmdline	bot.arm7.elf

/tmp/bot.arm7.elf
/tmp/bot.arm7.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:647

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads