16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
14-12-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
Size

177KB
MD5

6b771c522f86b31da3032b7922d493a7
SHA1

0cc28ec6344f825f73bc4ae52fac381f00b7df45
SHA256

16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95
SHA512

1e3f0c11327fe3c1481effe19753018096e7e2a6accf1e42868f3ef8e86322455fe2ed74ffcc5364e19075491dec1da9bd565f09a41ab1b5ab3f667169c2f13f
SSDEEP

3072:swoe3sJlZd9nQiX/Wp+Q8x5pKNm2dW/5y:snSs/ZTQiX/m+bx2YSWB

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	702	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/315/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/674/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/730/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/789/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/800/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/807/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/4/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/675/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/715/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/720/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/748/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/322/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/743/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/782/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/714/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/69/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/77/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/230/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/382/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/697/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/709/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/713/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/2/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/803/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/725/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/726/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/792/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/805/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/75/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/76/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/700/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/705/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/754/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/787/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/6/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/716/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/717/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/770/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/665/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/148/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/734/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/7/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/11/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/719/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/729/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/744/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/757/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/10/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/13/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/78/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/372/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/740/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/742/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/763/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/769/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/1/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/759/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/718/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/806/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/169/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/784/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/785/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/797/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
File opened for reading	/proc/74/cmdline	16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf

/tmp/16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
/tmp/16e848fd462a4050ecd970cf8be0cbb483d48c776dc641bf004fbf821e246a95.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:702

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads