Analysis
-
max time kernel
137s -
max time network
155s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
11-12-2024 08:57
Behavioral task
behavioral1
Sample
wheiuwa4.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
wheiuwa4.elf
-
Size
158KB
-
MD5
3d9f94b86edde676d3241c1707c965cb
-
SHA1
b7121399cf77d48c48b2a256b8df1f3579603239
-
SHA256
05ce105f8c50cc8ad232fb7e55d253713a438b08c38735bfea18f04fda288924
-
SHA512
021558a83495e651baca0e7874f78886b3dc3e3d20e505f7ec826effad8b21ebdb29a5343bbdb01170eefa32277fbeda801b29f8bf30d6812b4abeea652bc61b
-
SSDEEP
1536:ec8n+sXCFKtDnofa+0uXivAppBCAsmo4Vp7gTCU33qW53O/ly0iVu2L5lmlwywrG:ec8nlDo/0FA7BCV4rgmU33zDnIWvTxs
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 670 wheiuwa4.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 669 wheiuwa4.elf -
description ioc Process File opened for reading /proc/306/cmdline wheiuwa4.elf File opened for reading /proc/24/cmdline wheiuwa4.elf File opened for reading /proc/141/cmdline wheiuwa4.elf File opened for reading /proc/165/cmdline wheiuwa4.elf File opened for reading /proc/23/cmdline wheiuwa4.elf File opened for reading /proc/147/cmdline wheiuwa4.elf File opened for reading /proc/280/cmdline wheiuwa4.elf File opened for reading /proc/108/cmdline wheiuwa4.elf File opened for reading /proc/138/cmdline wheiuwa4.elf File opened for reading /proc/11/cmdline wheiuwa4.elf File opened for reading /proc/14/cmdline wheiuwa4.elf File opened for reading /proc/26/cmdline wheiuwa4.elf File opened for reading /proc/107/cmdline wheiuwa4.elf File opened for reading /proc/2/cmdline wheiuwa4.elf File opened for reading /proc/25/cmdline wheiuwa4.elf File opened for reading /proc/27/cmdline wheiuwa4.elf File opened for reading /proc/97/cmdline wheiuwa4.elf File opened for reading /proc/4/cmdline wheiuwa4.elf File opened for reading /proc/10/cmdline wheiuwa4.elf File opened for reading /proc/17/cmdline wheiuwa4.elf File opened for reading /proc/18/cmdline wheiuwa4.elf File opened for reading /proc/21/cmdline wheiuwa4.elf File opened for reading /proc/43/cmdline wheiuwa4.elf File opened for reading /proc/316/cmdline wheiuwa4.elf File opened for reading /proc/7/cmdline wheiuwa4.elf File opened for reading /proc/42/cmdline wheiuwa4.elf File opened for reading /proc/279/cmdline wheiuwa4.elf File opened for reading /proc/404/cmdline wheiuwa4.elf File opened for reading /proc/8/cmdline wheiuwa4.elf File opened for reading /proc/20/cmdline wheiuwa4.elf File opened for reading /proc/447/cmdline wheiuwa4.elf File opened for reading /proc/287/cmdline wheiuwa4.elf File opened for reading /proc/288/cmdline wheiuwa4.elf File opened for reading /proc/3/cmdline wheiuwa4.elf File opened for reading /proc/9/cmdline wheiuwa4.elf File opened for reading /proc/19/cmdline wheiuwa4.elf File opened for reading /proc/410/cmdline wheiuwa4.elf File opened for reading /proc/15/cmdline wheiuwa4.elf File opened for reading /proc/16/cmdline wheiuwa4.elf File opened for reading /proc/22/cmdline wheiuwa4.elf File opened for reading /proc/29/cmdline wheiuwa4.elf File opened for reading /proc/75/cmdline wheiuwa4.elf File opened for reading /proc/219/cmdline wheiuwa4.elf File opened for reading /proc/308/cmdline wheiuwa4.elf File opened for reading /proc/5/cmdline wheiuwa4.elf File opened for reading /proc/6/cmdline wheiuwa4.elf File opened for reading /proc/28/cmdline wheiuwa4.elf File opened for reading /proc/136/cmdline wheiuwa4.elf File opened for reading /proc/278/cmdline wheiuwa4.elf File opened for reading /proc/337/cmdline wheiuwa4.elf File opened for reading /proc/105/cmdline wheiuwa4.elf File opened for reading /proc/275/cmdline wheiuwa4.elf File opened for reading /proc/12/cmdline wheiuwa4.elf File opened for reading /proc/13/cmdline wheiuwa4.elf File opened for reading /proc/41/cmdline wheiuwa4.elf