dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2

Analysis

max time kernel
150s
max time network
154s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
11-12-2024 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
Size

169KB
MD5

6cd6daa1adbaf6f21bed9b92e3b14ee5
SHA1

34bd48400638a5eced59ed3beedeeac227dff673
SHA256

dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2
SHA512

8ae41fb641d406e09af62d2a1e7949f0a5411d374c4de7663d165e6ba46fb8c382a1466e46a55145929f14fe1201a56559cf869d98279f781d504a74f2b9f0a0
SSDEEP

1536:Cl2JvnXPvLFQuchMJdDNsCK9H1R8cA2iQembSM+xV7TfF+hPyO0Hb/zGt/Y:Cgv/JcwZsCK9VRhAX+bShFSP0HbbGlY

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	698	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/750/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/783/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/797/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/17/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/19/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/715/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/727/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/781/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/800/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/805/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/11/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/70/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/723/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/6/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/23/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/732/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/738/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/756/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/803/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/76/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/725/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/768/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/790/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/21/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/746/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/18/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/316/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/321/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/489/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/696/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/731/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/3/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/14/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/767/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/717/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/720/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/13/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/675/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/458/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/703/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/744/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/753/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/799/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/10/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/452/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/758/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/791/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/113/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/394/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/81/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/313/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/385/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/782/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/784/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/789/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/4/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/78/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/804/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/690/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/747/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/752/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/801/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/73/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/147/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf

/tmp/dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
/tmp/dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:698

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads