Analysis
-
max time kernel
130s -
max time network
140s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
19-12-2024 21:33
Behavioral task
behavioral1
Sample
ngwa5.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
ngwa5.elf
-
Size
154KB
-
MD5
b3d2354bd8a1a2db55179416fd67ec5f
-
SHA1
fd8620f2490a9bfe9ffce4cdffd33b41dec3cf40
-
SHA256
93616b561baa0dbf7946ef615431ed2dbacafb7e14b84df4f47088bf976cfee8
-
SHA512
4d7cb62a43c668939d220945346b5e756706552705aec8f62d654e253dace902c0b441de641998af827822495bc3c7a00586e7d64e36f4d11f7c4f6bc7662b1d
-
SSDEEP
3072:os5DGTspungiRVm4NYR89hBhzBMZ8/fs:os0TUmdTm4NY29hXz+Z8/fs
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 668 ngwa5.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 666 ngwa5.elf -
description ioc Process File opened for reading /proc/12/cmdline ngwa5.elf File opened for reading /proc/41/cmdline ngwa5.elf File opened for reading /proc/407/cmdline ngwa5.elf File opened for reading /proc/20/cmdline ngwa5.elf File opened for reading /proc/23/cmdline ngwa5.elf File opened for reading /proc/27/cmdline ngwa5.elf File opened for reading /proc/75/cmdline ngwa5.elf File opened for reading /proc/106/cmdline ngwa5.elf File opened for reading /proc/108/cmdline ngwa5.elf File opened for reading /proc/279/cmdline ngwa5.elf File opened for reading /proc/2/cmdline ngwa5.elf File opened for reading /proc/14/cmdline ngwa5.elf File opened for reading /proc/138/cmdline ngwa5.elf File opened for reading /proc/22/cmdline ngwa5.elf File opened for reading /proc/28/cmdline ngwa5.elf File opened for reading /proc/42/cmdline ngwa5.elf File opened for reading /proc/143/cmdline ngwa5.elf File opened for reading /proc/6/cmdline ngwa5.elf File opened for reading /proc/10/cmdline ngwa5.elf File opened for reading /proc/15/cmdline ngwa5.elf File opened for reading /proc/148/cmdline ngwa5.elf File opened for reading /proc/9/cmdline ngwa5.elf File opened for reading /proc/13/cmdline ngwa5.elf File opened for reading /proc/16/cmdline ngwa5.elf File opened for reading /proc/21/cmdline ngwa5.elf File opened for reading /proc/43/cmdline ngwa5.elf File opened for reading /proc/466/cmdline ngwa5.elf File opened for reading /proc/8/cmdline ngwa5.elf File opened for reading /proc/97/cmdline ngwa5.elf File opened for reading /proc/109/cmdline ngwa5.elf File opened for reading /proc/223/cmdline ngwa5.elf File opened for reading /proc/283/cmdline ngwa5.elf File opened for reading /proc/4/cmdline ngwa5.elf File opened for reading /proc/29/cmdline ngwa5.elf File opened for reading /proc/282/cmdline ngwa5.elf File opened for reading /proc/421/cmdline ngwa5.elf File opened for reading /proc/7/cmdline ngwa5.elf File opened for reading /proc/11/cmdline ngwa5.elf File opened for reading /proc/17/cmdline ngwa5.elf File opened for reading /proc/19/cmdline ngwa5.elf File opened for reading /proc/24/cmdline ngwa5.elf File opened for reading /proc/25/cmdline ngwa5.elf File opened for reading /proc/343/cmdline ngwa5.elf File opened for reading /proc/26/cmdline ngwa5.elf File opened for reading /proc/142/cmdline ngwa5.elf File opened for reading /proc/277/cmdline ngwa5.elf File opened for reading /proc/306/cmdline ngwa5.elf File opened for reading /proc/18/cmdline ngwa5.elf File opened for reading /proc/165/cmdline ngwa5.elf File opened for reading /proc/275/cmdline ngwa5.elf File opened for reading /proc/3/cmdline ngwa5.elf File opened for reading /proc/5/cmdline ngwa5.elf File opened for reading /proc/307/cmdline ngwa5.elf File opened for reading /proc/278/cmdline ngwa5.elf File opened for reading /proc/321/cmdline ngwa5.elf