a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a

Analysis

max time kernel
148s
max time network
143s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
16-12-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
Size

58KB
MD5

785aad78d1631a0d3ed45d9b264ef5cf
SHA1

b27ee41c9ad72186723dae8a1ef9672b1ef9a712
SHA256

a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a
SHA512

bdbc4c053b54ede02b8774e18a1223f199fc2f122ecded98f35fc92b99aec4fdd892e20130a74c343ce9d309fa8c6350d576ea9ccfc69d1ba9927157d8b4775e
SSDEEP

1536:Fj7QguzvcqIMhqzU+c1VHeVT5iCsqXv+nN:FjQc/cbH2d9R+nN

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
661	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	nginx	663	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
Changes the process name, possibly in an attempt to hide itself	bash	662	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
Changes the process name, possibly in an attempt to hide itself	inetd	664	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
Changes the process name, possibly in an attempt to hide itself	sshd	665	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/652/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/796/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/7/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/12/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/18/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/24/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/281/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/4/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/15/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/23/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/41/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/786/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/794/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/5/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/16/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/22/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/656/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/665/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/110/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/112/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/113/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/784/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/169/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/280/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/644/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/651/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/673/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/342/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/771/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/790/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/606/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/608/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/9/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/21/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/27/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/143/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/144/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/19/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/28/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/43/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/155/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/171/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/769/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/10/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/13/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/17/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/328/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/601/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/11/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/14/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/229/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/293/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/295/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/778/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/20/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/25/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/283/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/659/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/776/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/2/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/26/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/81/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/103/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
File opened for reading	/proc/603/cmdline	a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf

/tmp/a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
/tmp/a83ab22aec72183df3df533e43fce12fe3245fa4f39dfc0af0428aeda4e68f1a.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:661

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads