e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58

Analysis

max time kernel
152s
max time network
159s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
11-12-2024 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
Size

173KB
MD5

caf8a2447c982a62066426529a565438
SHA1

b3646144543085afe1aae92527bded161edec499
SHA256

e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58
SHA512

555939ddc0463be6815e696b6c0d0c1b8625ed27dd37554363c5adc7d7a792e4662dc1a35b4cb94014bf187efdf46326acb341b1a7540848dc6517747258e890
SSDEEP

3072:ueEksFM+wX5O9aVR8H3NaMZOTTMJxt9U+7fKbuE:ueEnO+wXRVWdaMATwJHy+uy

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	743	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/778/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/9/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/396/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/712/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/775/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/782/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/6/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/16/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/31/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/137/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/3/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/781/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/779/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/2/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/21/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/746/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/771/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/24/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/25/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/35/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/48/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/760/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/47/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/136/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/397/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/745/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/8/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/32/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/407/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/711/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/694/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/756/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/758/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/404/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/411/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/692/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/759/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/766/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/772/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/33/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/111/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/394/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/749/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/722/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/762/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/785/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/1/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/34/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/421/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/635/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/631/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/736/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/776/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/5/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/733/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/777/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/714/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/732/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/780/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/14/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/15/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/18/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/23/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
File opened for reading	/proc/11/cmdline	e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf

/tmp/e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
/tmp/e46436fad477bc6c722acc59f9a246cabc332a4d6400e69a56edac55c58c5c58.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:743

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads