349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19

Analysis

max time kernel
150s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
11-12-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
Size

130KB
MD5

3c3ba2f1f3f3b3fc49306df8d584ea90
SHA1

0105e51a0ac6cbbccc02512eb6e009c1513c7983
SHA256

349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19
SHA512

9645703ff649036b5c4744dca8e4c480262ca7a6ecd495e45035ed99cd1963c0dd0ec48acdedd6a02866185d148b7e836ad0af03e11a624dc1b5b9997e0bb272
SSDEEP

3072:AHZ+X3AoTxFOV48wlPhPoRDaPuUcJ6OI9Lfwibd:AHZAAAAV48MPhPOs9zwi5

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	652	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/722/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/742/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/775/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/104/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/330/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/684/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/703/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/745/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/450/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/643/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/675/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/677/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/22/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/131/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/701/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/731/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/782/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/402/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/656/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/680/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/692/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/776/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/12/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/693/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/723/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/757/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/697/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/721/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/43/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/167/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/651/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/654/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/761/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/779/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/3/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/670/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/714/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/750/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/5/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/644/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/752/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/755/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/264/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/736/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/746/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/754/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/759/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/2/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/9/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/15/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/702/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/729/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/265/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/451/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/698/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/699/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/16/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/42/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/647/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/674/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/743/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/767/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/17/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
File opened for reading	/proc/26/cmdline	349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf

/tmp/349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
/tmp/349beb32c88cdd117ebb05ceb17cb1d0ff7efad0dd418e57a3cf334c7eac8d19.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:652

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads