dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2

Analysis

max time kernel
176s
max time network
178s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
11-12-2024 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
Size

169KB
MD5

6cd6daa1adbaf6f21bed9b92e3b14ee5
SHA1

34bd48400638a5eced59ed3beedeeac227dff673
SHA256

dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2
SHA512

8ae41fb641d406e09af62d2a1e7949f0a5411d374c4de7663d165e6ba46fb8c382a1466e46a55145929f14fe1201a56559cf869d98279f781d504a74f2b9f0a0
SSDEEP

1536:Cl2JvnXPvLFQuchMJdDNsCK9H1R8cA2iQembSM+xV7TfF+hPyO0Hb/zGt/Y:Cgv/JcwZsCK9VRhAX+bShFSP0HbbGlY

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	714	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/20/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/733/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/740/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/717/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/778/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/804/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/806/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/23/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/726/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/759/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/1/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/72/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/81/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/718/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/724/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/746/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/775/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/789/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/800/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/814/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/819/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/4/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/5/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/683/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/725/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/731/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/21/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/716/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/730/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/764/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/810/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/8/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/144/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/335/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/722/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/749/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/750/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/752/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/760/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/796/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/797/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/679/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/712/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/734/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/770/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/813/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/727/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/753/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/771/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/773/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/781/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/782/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/812/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/75/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/692/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/715/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/729/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/79/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/431/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/737/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/777/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/793/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/809/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
File opened for reading	/proc/820/cmdline	dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf

/tmp/dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
/tmp/dd5d4010e9c993fd7f9261940157b31b4dc36530e7cbd9bbdcd57517a6e1d8e2.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:714

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads