6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4

Analysis

max time kernel
5s
max time network
8s
platform
debian-12_mipsel
resource
debian12-mipsel-20240418-en
resource tags

arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
16/12/2024, 02:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Size

72KB
MD5

625ffce6ca0ee0e0b066a8cd5a432d56
SHA1

edd481dec8d6b1dd1c82e65a444dd196aced3ff8
SHA256

6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4
SHA512

a5052e98f93f29cd757d8f3d1361b64f56bbd351908c2a0bf3b96d54e4b805b04dd906824c755842c8b28c97281eb90e2e3908a707b231dd7473b5e9dcdf7029
SSDEEP

768:K3sJmkq/lhWHgJvd8p6EF5Des4ReDB2wJ2iwgugBI2ZpMIXi5Ij7+eOcIoJhwnNS:KcJmkC1W5B4RcBvC8W2ZpMe7+pcI3nN

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
743	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 7 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	nginx	745	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	bash	744	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	inetd	746	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	sshd	747	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	bash	746	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	inetd	785	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	sshd	786	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/27/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/138/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/204/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/385/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/3/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/15/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/30/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/712/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/11/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/22/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/25/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/32/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/42/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/118/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/402/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/413/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/4/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/6/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/714/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/53/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/668/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/700/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/31/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/58/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/115/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/339/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/356/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/383/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/20/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/112/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/29/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/181/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/417/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/711/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/9/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/10/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/12/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/113/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/33/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/120/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/380/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/7/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/14/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/48/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/698/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/18/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/24/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/13/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/19/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/37/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/137/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/2/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/8/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/114/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/411/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/16/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/35/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/28/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/44/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/59/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/399/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/680/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/1/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/23/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

/tmp/6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
/tmp/6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:743

Network

DNS

t.hxhk.cc

Remote address:

8.8.8.8:53

Request

t.hxhk.cc

IN A

Response

t.hxhk.cc

IN A

93.123.109.208
DNS

t.hxhk.cc

Remote address:

8.8.8.8:53

Request

t.hxhk.cc

IN A

Response

t.hxhk.cc

IN A

93.123.109.208
DNS

debian12-mipsel-20240418-en-0

Remote address:

1.1.1.1:53

Request

debian12-mipsel-20240418-en-0

IN AAAA

Response
DNS

debian12-mipsel-20240418-en-0

Remote address:

1.1.1.1:53

Request

debian12-mipsel-20240418-en-0

IN A

Response
DNS

debian12-mipsel-20240418-en-0

Remote address:

1.1.1.1:53

Request

debian12-mipsel-20240418-en-0

IN AAAA

Response
DNS

debian12-mipsel-20240418-en-0

Remote address:

1.1.1.1:53

Request

debian12-mipsel-20240418-en-0

IN A

Response

93.123.109.208:55650

t.hxhk.cc

226 B
247 B
4
5
93.123.109.208:55650

t.hxhk.cc

226 B
247 B
4
5

8.8.8.8:53

t.hxhk.cc

dns

55 B
71 B
1
1

DNS Request

t.hxhk.cc

DNS Response

93.123.109.208
8.8.8.8:53

t.hxhk.cc

dns

55 B
71 B
1
1

DNS Request

t.hxhk.cc

DNS Response

93.123.109.208
1.1.1.1:53

debian12-mipsel-20240418-en-0

dns

75 B
150 B
1
1

DNS Request

debian12-mipsel-20240418-en-0
1.1.1.1:53

debian12-mipsel-20240418-en-0

dns

75 B
150 B
1
1

DNS Request

debian12-mipsel-20240418-en-0
1.1.1.1:53

debian12-mipsel-20240418-en-0

dns

75 B
150 B
1
1

DNS Request

debian12-mipsel-20240418-en-0
1.1.1.1:53

debian12-mipsel-20240418-en-0

dns

75 B
150 B
1
1

DNS Request

debian12-mipsel-20240418-en-0

Windows 7 deprecation

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.