5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
13-12-2024 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm.elf
Size

134KB
MD5

71f6090d6161a8491d576cafa0ceb896
SHA1

663ba2a31818333e7aeff4d800be1686089d329b
SHA256

5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72
SHA512

20f781909def449a7fdd81d8bb9a01394441eb86aaec529987b137f90b2584ddc07651b62e1adedaabb22f5036f9e70c3cdb492b2596dc1dac51af9874fa3e12
SSDEEP

1536:zeIIcq87ZO8VQzlHaqDUAxXlFFAeSz4VAZJsTgVAwLBvy2/QjdjlqnQwywmFfbNZ:SIIifYDUuVFFM4UiMVAwLX4jypuv/d

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	637	arm.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/710/cmdline	arm.elf
File opened for reading	/proc/765/cmdline	arm.elf
File opened for reading	/proc/695/cmdline	arm.elf
File opened for reading	/proc/732/cmdline	arm.elf
File opened for reading	/proc/12/cmdline	arm.elf
File opened for reading	/proc/659/cmdline	arm.elf
File opened for reading	/proc/657/cmdline	arm.elf
File opened for reading	/proc/766/cmdline	arm.elf
File opened for reading	/proc/643/cmdline	arm.elf
File opened for reading	/proc/686/cmdline	arm.elf
File opened for reading	/proc/727/cmdline	arm.elf
File opened for reading	/proc/143/cmdline	arm.elf
File opened for reading	/proc/149/cmdline	arm.elf
File opened for reading	/proc/639/cmdline	arm.elf
File opened for reading	/proc/702/cmdline	arm.elf
File opened for reading	/proc/703/cmdline	arm.elf
File opened for reading	/proc/711/cmdline	arm.elf
File opened for reading	/proc/734/cmdline	arm.elf
File opened for reading	/proc/753/cmdline	arm.elf
File opened for reading	/proc/9/cmdline	arm.elf
File opened for reading	/proc/591/cmdline	arm.elf
File opened for reading	/proc/314/cmdline	arm.elf
File opened for reading	/proc/648/cmdline	arm.elf
File opened for reading	/proc/651/cmdline	arm.elf
File opened for reading	/proc/652/cmdline	arm.elf
File opened for reading	/proc/674/cmdline	arm.elf
File opened for reading	/proc/676/cmdline	arm.elf
File opened for reading	/proc/29/cmdline	arm.elf
File opened for reading	/proc/96/cmdline	arm.elf
File opened for reading	/proc/684/cmdline	arm.elf
File opened for reading	/proc/737/cmdline	arm.elf
File opened for reading	/proc/658/cmdline	arm.elf
File opened for reading	/proc/706/cmdline	arm.elf
File opened for reading	/proc/725/cmdline	arm.elf
File opened for reading	/proc/2/cmdline	arm.elf
File opened for reading	/proc/634/cmdline	arm.elf
File opened for reading	/proc/683/cmdline	arm.elf
File opened for reading	/proc/691/cmdline	arm.elf
File opened for reading	/proc/699/cmdline	arm.elf
File opened for reading	/proc/700/cmdline	arm.elf
File opened for reading	/proc/743/cmdline	arm.elf
File opened for reading	/proc/770/cmdline	arm.elf
File opened for reading	/proc/644/cmdline	arm.elf
File opened for reading	/proc/666/cmdline	arm.elf
File opened for reading	/proc/276/cmdline	arm.elf
File opened for reading	/proc/673/cmdline	arm.elf
File opened for reading	/proc/694/cmdline	arm.elf
File opened for reading	/proc/713/cmdline	arm.elf
File opened for reading	/proc/763/cmdline	arm.elf
File opened for reading	/proc/764/cmdline	arm.elf
File opened for reading	/proc/11/cmdline	arm.elf
File opened for reading	/proc/26/cmdline	arm.elf
File opened for reading	/proc/278/cmdline	arm.elf
File opened for reading	/proc/630/cmdline	arm.elf
File opened for reading	/proc/708/cmdline	arm.elf
File opened for reading	/proc/28/cmdline	arm.elf
File opened for reading	/proc/136/cmdline	arm.elf
File opened for reading	/proc/712/cmdline	arm.elf
File opened for reading	/proc/731/cmdline	arm.elf
File opened for reading	/proc/739/cmdline	arm.elf
File opened for reading	/proc/10/cmdline	arm.elf
File opened for reading	/proc/629/cmdline	arm.elf
File opened for reading	/proc/698/cmdline	arm.elf
File opened for reading	/proc/756/cmdline	arm.elf

/tmp/arm.elf
/tmp/arm.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:637

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads