5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72

Analysis

max time kernel
149s
max time network
160s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
14-12-2024 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
Size

134KB
MD5

71f6090d6161a8491d576cafa0ceb896
SHA1

663ba2a31818333e7aeff4d800be1686089d329b
SHA256

5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72
SHA512

20f781909def449a7fdd81d8bb9a01394441eb86aaec529987b137f90b2584ddc07651b62e1adedaabb22f5036f9e70c3cdb492b2596dc1dac51af9874fa3e12
SSDEEP

1536:zeIIcq87ZO8VQzlHaqDUAxXlFFAeSz4VAZJsTgVAwLBvy2/QjdjlqnQwywmFfbNZ:SIIifYDUuVFFM4UiMVAwLX4jypuv/d

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	664	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/41/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/149/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/766/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/771/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/789/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/790/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/791/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/19/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/281/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/285/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/314/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/606/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/611/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/793/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/12/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/28/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/43/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/667/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/710/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/25/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/738/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/748/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/757/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/759/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/80/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/16/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/29/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/733/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/779/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/4/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/665/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/713/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/756/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/656/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/712/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/287/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/661/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/709/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/752/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/761/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/768/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/792/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/18/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/708/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/735/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/740/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/678/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/42/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/109/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/741/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/749/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/751/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/755/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/783/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/27/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/799/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/676/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/697/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/781/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/668/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/299/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/662/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/673/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
File opened for reading	/proc/696/cmdline	5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf

/tmp/5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
/tmp/5c7b1c604278b4751a42afd0079fd061f8164850a1a81a83ec1bfc2540f94c72.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:664

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads