a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a

Analysis

max time kernel
4s
max time network
13s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
15-12-2024 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm.elf
Size

58KB
MD5

785aad78d1631a0d3ed45d9b264ef5cf
SHA1

b27ee41c9ad72186723dae8a1ef9672b1ef9a712
SHA256

a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a
SHA512

bdbc4c053b54ede02b8774e18a1223f199fc2f122ecded98f35fc92b99aec4fdd892e20130a74c343ce9d309fa8c6350d576ea9ccfc69d1ba9927157d8b4775e
SSDEEP

1536:Fj7QguzvcqIMhqzU+c1VHeVT5iCsqXv+nN:FjQc/cbH2d9R+nN

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
656	arm.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 7 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	657	arm.elf
Changes the process name, possibly in an attempt to hide itself	nginx	658	arm.elf
Changes the process name, possibly in an attempt to hide itself	inetd	659	arm.elf
Changes the process name, possibly in an attempt to hide itself	sshd	660	arm.elf
Changes the process name, possibly in an attempt to hide itself	bash	659	arm.elf
Changes the process name, possibly in an attempt to hide itself	inetd	687	arm.elf
Changes the process name, possibly in an attempt to hide itself	sshd	688	arm.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/9/cmdline	arm.elf
File opened for reading	/proc/20/cmdline	arm.elf
File opened for reading	/proc/612/cmdline	arm.elf
File opened for reading	/proc/24/cmdline	arm.elf
File opened for reading	/proc/43/cmdline	arm.elf
File opened for reading	/proc/143/cmdline	arm.elf
File opened for reading	/proc/588/cmdline	arm.elf
File opened for reading	/proc/653/cmdline	arm.elf
File opened for reading	/proc/6/cmdline	arm.elf
File opened for reading	/proc/18/cmdline	arm.elf
File opened for reading	/proc/23/cmdline	arm.elf
File opened for reading	/proc/42/cmdline	arm.elf
File opened for reading	/proc/75/cmdline	arm.elf
File opened for reading	/proc/164/cmdline	arm.elf
File opened for reading	/proc/642/cmdline	arm.elf
File opened for reading	/proc/2/cmdline	arm.elf
File opened for reading	/proc/5/cmdline	arm.elf
File opened for reading	/proc/16/cmdline	arm.elf
File opened for reading	/proc/41/cmdline	arm.elf
File opened for reading	/proc/649/cmdline	arm.elf
File opened for reading	/proc/1/cmdline	arm.elf
File opened for reading	/proc/4/cmdline	arm.elf
File opened for reading	/proc/97/cmdline	arm.elf
File opened for reading	/proc/274/cmdline	arm.elf
File opened for reading	/proc/659/cmdline	arm.elf
File opened for reading	/proc/27/cmdline	arm.elf
File opened for reading	/proc/7/cmdline	arm.elf
File opened for reading	/proc/11/cmdline	arm.elf
File opened for reading	/proc/13/cmdline	arm.elf
File opened for reading	/proc/15/cmdline	arm.elf
File opened for reading	/proc/19/cmdline	arm.elf
File opened for reading	/proc/25/cmdline	arm.elf
File opened for reading	/proc/26/cmdline	arm.elf
File opened for reading	/proc/106/cmdline	arm.elf
File opened for reading	/proc/107/cmdline	arm.elf
File opened for reading	/proc/278/cmdline	arm.elf
File opened for reading	/proc/307/cmdline	arm.elf
File opened for reading	/proc/12/cmdline	arm.elf
File opened for reading	/proc/334/cmdline	arm.elf
File opened for reading	/proc/597/cmdline	arm.elf
File opened for reading	/proc/21/cmdline	arm.elf
File opened for reading	/proc/271/cmdline	arm.elf
File opened for reading	/proc/654/cmdline	arm.elf
File opened for reading	/proc/17/cmdline	arm.elf
File opened for reading	/proc/28/cmdline	arm.elf
File opened for reading	/proc/104/cmdline	arm.elf
File opened for reading	/proc/281/cmdline	arm.elf
File opened for reading	/proc/599/cmdline	arm.elf
File opened for reading	/proc/651/cmdline	arm.elf
File opened for reading	/proc/22/cmdline	arm.elf
File opened for reading	/proc/136/cmdline	arm.elf
File opened for reading	/proc/10/cmdline	arm.elf
File opened for reading	/proc/273/cmdline	arm.elf
File opened for reading	/proc/145/cmdline	arm.elf
File opened for reading	/proc/276/cmdline	arm.elf
File opened for reading	/proc/648/cmdline	arm.elf
File opened for reading	/proc/212/cmdline	arm.elf
File opened for reading	/proc/603/cmdline	arm.elf
File opened for reading	/proc/660/cmdline	arm.elf
File opened for reading	/proc/8/cmdline	arm.elf
File opened for reading	/proc/14/cmdline	arm.elf
File opened for reading	/proc/29/cmdline	arm.elf
File opened for reading	/proc/270/cmdline	arm.elf
File opened for reading	/proc/306/cmdline	arm.elf

/tmp/arm.elf
/tmp/arm.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:656

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads