19e20910c5b4daf752d3f07df71bf95312b857ad5f4ee00c1f6a383c3413e099

Analysis

max time kernel
142s
max time network
153s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
11-12-2024 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qkehusl.elf
Size

209KB
MD5

901565495bd736c186e19bcf63f9d6d0
SHA1

0156d815e43459f529a8e1cb131f33b35c2bc389
SHA256

19e20910c5b4daf752d3f07df71bf95312b857ad5f4ee00c1f6a383c3413e099
SHA512

e148d65c398fb792449734ef9da6813dfa4062f24f4e1ff504094012684fa094012021ab613946e169062c107d6605d191a161925f1583fc8673ed61b6fef77c
SSDEEP

3072:TuabGSb8OZ9gcnf3CiTC7QvBXeDiisqoVpDGC:TuSrb8O0cP+MvoDii8DG

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
739	qkehusl.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	737	qkehusl.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/4/cmdline	qkehusl.elf
File opened for reading	/proc/12/cmdline	qkehusl.elf
File opened for reading	/proc/13/cmdline	qkehusl.elf
File opened for reading	/proc/344/cmdline	qkehusl.elf
File opened for reading	/proc/2/cmdline	qkehusl.elf
File opened for reading	/proc/24/cmdline	qkehusl.elf
File opened for reading	/proc/28/cmdline	qkehusl.elf
File opened for reading	/proc/47/cmdline	qkehusl.elf
File opened for reading	/proc/136/cmdline	qkehusl.elf
File opened for reading	/proc/362/cmdline	qkehusl.elf
File opened for reading	/proc/407/cmdline	qkehusl.elf
File opened for reading	/proc/15/cmdline	qkehusl.elf
File opened for reading	/proc/18/cmdline	qkehusl.elf
File opened for reading	/proc/19/cmdline	qkehusl.elf
File opened for reading	/proc/114/cmdline	qkehusl.elf
File opened for reading	/proc/180/cmdline	qkehusl.elf
File opened for reading	/proc/8/cmdline	qkehusl.elf
File opened for reading	/proc/27/cmdline	qkehusl.elf
File opened for reading	/proc/42/cmdline	qkehusl.elf
File opened for reading	/proc/45/cmdline	qkehusl.elf
File opened for reading	/proc/48/cmdline	qkehusl.elf
File opened for reading	/proc/404/cmdline	qkehusl.elf
File opened for reading	/proc/690/cmdline	qkehusl.elf
File opened for reading	/proc/11/cmdline	qkehusl.elf
File opened for reading	/proc/21/cmdline	qkehusl.elf
File opened for reading	/proc/53/cmdline	qkehusl.elf
File opened for reading	/proc/137/cmdline	qkehusl.elf
File opened for reading	/proc/9/cmdline	qkehusl.elf
File opened for reading	/proc/113/cmdline	qkehusl.elf
File opened for reading	/proc/692/cmdline	qkehusl.elf
File opened for reading	/proc/10/cmdline	qkehusl.elf
File opened for reading	/proc/35/cmdline	qkehusl.elf
File opened for reading	/proc/37/cmdline	qkehusl.elf
File opened for reading	/proc/397/cmdline	qkehusl.elf
File opened for reading	/proc/631/cmdline	qkehusl.elf
File opened for reading	/proc/30/cmdline	qkehusl.elf
File opened for reading	/proc/33/cmdline	qkehusl.elf
File opened for reading	/proc/31/cmdline	qkehusl.elf
File opened for reading	/proc/5/cmdline	qkehusl.elf
File opened for reading	/proc/20/cmdline	qkehusl.elf
File opened for reading	/proc/23/cmdline	qkehusl.elf
File opened for reading	/proc/25/cmdline	qkehusl.elf
File opened for reading	/proc/32/cmdline	qkehusl.elf
File opened for reading	/proc/34/cmdline	qkehusl.elf
File opened for reading	/proc/112/cmdline	qkehusl.elf
File opened for reading	/proc/394/cmdline	qkehusl.elf
File opened for reading	/proc/6/cmdline	qkehusl.elf
File opened for reading	/proc/635/cmdline	qkehusl.elf
File opened for reading	/proc/396/cmdline	qkehusl.elf
File opened for reading	/proc/7/cmdline	qkehusl.elf
File opened for reading	/proc/16/cmdline	qkehusl.elf
File opened for reading	/proc/29/cmdline	qkehusl.elf
File opened for reading	/proc/3/cmdline	qkehusl.elf
File opened for reading	/proc/58/cmdline	qkehusl.elf
File opened for reading	/proc/411/cmdline	qkehusl.elf
File opened for reading	/proc/14/cmdline	qkehusl.elf
File opened for reading	/proc/202/cmdline	qkehusl.elf
File opened for reading	/proc/111/cmdline	qkehusl.elf
File opened for reading	/proc/118/cmdline	qkehusl.elf
File opened for reading	/proc/410/cmdline	qkehusl.elf
File opened for reading	/proc/421/cmdline	qkehusl.elf
File opened for reading	/proc/22/cmdline	qkehusl.elf
File opened for reading	/proc/26/cmdline	qkehusl.elf
File opened for reading	/proc/59/cmdline	qkehusl.elf

/tmp/qkehusl.elf
/tmp/qkehusl.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:737

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads