02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb

Analysis

max time kernel
149s
max time network
156s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
14-12-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
Size

180KB
MD5

24813c9b7ef3758ab5c1b0f417078b8c
SHA1

98333d2da78cd66d83a057496e7a8eb4014d707d
SHA256

02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb
SHA512

ec1e830ee80e14cf6f68616c3c2c537fb1813e369ec551ed08247452fdd1a40eb89dca5135c4abb6c10fd87ec4ec602fa7a3bd6d722342f5fb607b6eebf75e9b
SSDEEP

3072:xESFFN2WClO1TvknaBn4qfdQSCcQzWolIj/YpEoGM/RxA04TjSN:SSHNwlOBMnaBn4qFQ/OoOj/yJGM/RxAM

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	641	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/689/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/698/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/710/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/742/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/219/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/273/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/321/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/591/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/715/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/269/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/271/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/305/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/640/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/764/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/8/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/108/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/636/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/642/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/691/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/706/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/723/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/744/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/770/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/2/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/9/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/13/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/147/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/675/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/137/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/690/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/704/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/732/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/268/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/651/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/654/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/703/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/711/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/24/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/573/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/594/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/682/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/43/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/627/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/638/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/653/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/757/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/28/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/309/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/686/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/719/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/737/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/755/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/15/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/76/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/660/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/687/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/693/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/749/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/765/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/16/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/41/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/308/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/720/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/759/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf

/tmp/02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
/tmp/02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:641

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads