6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4

Analysis

max time kernel
5s
max time network
8s
platform
debian-12_mipsel
resource
debian12-mipsel-20240418-en
resource tags

arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
16-12-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Size

72KB
MD5

625ffce6ca0ee0e0b066a8cd5a432d56
SHA1

edd481dec8d6b1dd1c82e65a444dd196aced3ff8
SHA256

6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4
SHA512

a5052e98f93f29cd757d8f3d1361b64f56bbd351908c2a0bf3b96d54e4b805b04dd906824c755842c8b28c97281eb90e2e3908a707b231dd7473b5e9dcdf7029
SSDEEP

768:K3sJmkq/lhWHgJvd8p6EF5Des4ReDB2wJ2iwgugBI2ZpMIXi5Ij7+eOcIoJhwnNS:KcJmkC1W5B4RcBvC8W2ZpMe7+pcI3nN

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
743	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 7 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	nginx	745	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	bash	744	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	inetd	746	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	sshd	747	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	bash	746	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	inetd	785	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	sshd	786	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/27/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/138/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/204/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/385/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/3/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/15/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/30/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/712/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/11/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/22/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/25/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/32/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/42/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/118/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/402/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/413/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/4/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/6/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/714/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/53/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/668/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/700/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/31/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/58/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/115/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/339/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/356/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/383/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/20/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/112/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/29/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/181/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/417/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/711/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/9/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/10/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/12/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/113/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/33/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/120/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/380/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/7/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/14/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/48/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/698/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/18/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/24/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/13/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/19/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/37/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/137/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/2/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/8/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/114/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/411/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/16/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/35/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/28/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/44/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/59/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/399/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/680/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/1/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/23/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

/tmp/6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
/tmp/6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:743

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads