16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95

Analysis

max time kernel
150s
max time network
148s
platform
debian-9_mipsel
resource
debian9-mipsel-20240418-en
resource tags

arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
14-12-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
Size

177KB
MD5

6b771c522f86b31da3032b7922d493a7
SHA1

0cc28ec6344f825f73bc4ae52fac381f00b7df45
SHA256

16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95
SHA512

1e3f0c11327fe3c1481effe19753018096e7e2a6accf1e42868f3ef8e86322455fe2ed74ffcc5364e19075491dec1da9bd565f09a41ab1b5ab3f667169c2f13f
SSDEEP

3072:swoe3sJlZd9nQiX/Wp+Q8x5pKNm2dW/5y:snSs/ZTQiX/m+bx2YSWB

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	712	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/331/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/722/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/799/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/73/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/176/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/13/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/152/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/707/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/731/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/810/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/813/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/127/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/765/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/767/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/769/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/14/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/754/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/756/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/771/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/777/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/705/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/714/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/718/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/723/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/815/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/8/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/236/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/382/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/750/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/759/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/766/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/778/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/78/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/743/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/764/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/775/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/802/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/20/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/725/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/728/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/730/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/798/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/6/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/431/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/688/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/755/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/69/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/776/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/795/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/803/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/673/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/17/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/110/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/736/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/737/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/751/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/760/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/783/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/12/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/809/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/16/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/19/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/36/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/763/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf

/tmp/16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
/tmp/16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:712

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads