715b313624fe2fe8b3bea5b6a77bc52d4726bdeea41d6165a8b3e17bf8df496c

Analysis

max time kernel
151s
max time network
153s
platform
debian-12_mipsel
resource
debian12-mipsel-20240729-en
resource tags

arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
17-12-2024 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Size

72KB
MD5

625ffce6ca0ee0e0b066a8cd5a432d56
SHA1

edd481dec8d6b1dd1c82e65a444dd196aced3ff8
SHA256

6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4
SHA512

a5052e98f93f29cd757d8f3d1361b64f56bbd351908c2a0bf3b96d54e4b805b04dd906824c755842c8b28c97281eb90e2e3908a707b231dd7473b5e9dcdf7029
SSDEEP

768:K3sJmkq/lhWHgJvd8p6EF5Des4ReDB2wJ2iwgugBI2ZpMIXi5Ij7+eOcIoJhwnNS:KcJmkC1W5B4RcBvC8W2ZpMe7+pcI3nN

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
734	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	nginx	736	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	bash	735	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	sshd	738	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
Changes the process name, possibly in an attempt to hide itself	inetd	737	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/25/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/26/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/396/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/663/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/8/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/17/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/47/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/392/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/698/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/13/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/58/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/202/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/722/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/14/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/19/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/59/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/112/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/379/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/32/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/42/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/118/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/332/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/695/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/724/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/21/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/30/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/114/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/377/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/380/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/20/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/347/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/750/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/18/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/23/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/27/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/1/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/2/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/7/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/12/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/15/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/138/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/692/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/29/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/34/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/35/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/37/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/113/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/738/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/28/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/33/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/48/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/180/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/675/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/737/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/4/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/9/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/408/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/712/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/718/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/405/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/711/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/3/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/6/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
File opened for reading	/proc/11/cmdline	6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf

/tmp/6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
/tmp/6a5f7020fd887d23236d998ee107b4fab424fb307493be9c096f77c54dc2eae4.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:734

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads