02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb

Analysis

max time kernel
150s
max time network
152s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
14-12-2024 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
Size

180KB
MD5

24813c9b7ef3758ab5c1b0f417078b8c
SHA1

98333d2da78cd66d83a057496e7a8eb4014d707d
SHA256

02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb
SHA512

ec1e830ee80e14cf6f68616c3c2c537fb1813e369ec551ed08247452fdd1a40eb89dca5135c4abb6c10fd87ec4ec602fa7a3bd6d722342f5fb607b6eebf75e9b
SSDEEP

3072:xESFFN2WClO1TvknaBn4qfdQSCcQzWolIj/YpEoGM/RxA04TjSN:SSHNwlOBMnaBn4qFQ/OoOj/yJGM/RxAM

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	707	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/736/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/744/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/15/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/188/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/22/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/212/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/731/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/754/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/21/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/257/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/734/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/743/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/749/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/16/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/43/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/143/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/321/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/699/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/760/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/19/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/28/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/46/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/57/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/208/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/465/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/720/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/4/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/685/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/263/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/726/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/710/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/310/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/750/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/30/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/10/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/35/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/347/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/752/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/761/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/6/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/11/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/629/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/723/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/739/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/2/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/728/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/755/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/20/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/716/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/722/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/33/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/709/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/745/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/24/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/325/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/712/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/721/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/741/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/26/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/17/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/740/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/748/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/12/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
File opened for reading	/proc/36/cmdline	02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf

/tmp/02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
/tmp/02c600877675c2892235cfc119091ed9999f93304eb27802e702ea310ebe17fb.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:707

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads