6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4

Analysis

max time kernel
150s
max time network
160s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
11-12-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
Size

126KB
MD5

bba762f7f56527c4e560a9bf4931eff0
SHA1

d5e48887c3ce5900a5f290d7811da548fde563b6
SHA256

6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4
SHA512

34468ed0ba53eadccf57f5ce731ba1a8fb182747466f513714914fccff2b1e824ba3a288f9b8c0f9b6939516b6213537c593b970acf2d9180eb9b4dfa6a8e9ac
SSDEEP

1536:Jtv+s43G5bUWk8RAhSh71QAFMxK4VIGUT2y1C1O/T0A46nrtplUuwyw1FrR7bVnn:Dv+XQ/Rag71QNE43Uqy1C1O146rOgb1

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	654	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/782/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/14/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/24/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/95/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/668/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/774/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/678/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/721/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/765/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/767/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/777/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/781/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/11/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/26/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/141/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/671/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/745/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/715/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/747/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/760/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/682/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/687/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/689/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/713/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/714/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/131/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/139/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/261/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/697/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/748/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/733/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/763/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/776/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/4/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/104/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/300/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/646/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/699/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/718/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/744/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/752/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/41/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/768/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/772/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/106/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/409/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/693/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/720/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/764/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/742/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/778/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/725/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/738/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/167/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/640/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/680/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/683/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/694/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/6/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/739/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/779/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/787/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/755/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
File opened for reading	/proc/786/cmdline	6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf

/tmp/6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
/tmp/6c8093adde2c50e62dcd476f481097c5fba3935dbd470f65a455ac1184a8ecf4.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:654

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads