61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b

Analysis

max time kernel
149s
max time network
157s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
22-12-2024 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vlxx.arm7.elf
Size

175KB
MD5

3cb7f09ee95355d0ecf9166d196a2005
SHA1

00b23ecc99df8164d128d033542730a326cb898d
SHA256

61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b
SHA512

5d7dbf2a88fcddcaf09cf224582a139f0951aa0e3b1e28314dbdd205f49e83d613ac3ff7a85a7e1ee263ad6474420fc766c30967c04e75d509079d29a653a3f4
SSDEEP

3072:3tbNtVjxrvAqTkYaDsh+OcAhf/HSwBjdo2nJ/o/wM/R8+n:3tdxr9oYaDsh+nAxRBBo2JgIM/R8+n

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	-"6	656	vlxx.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/25/cmdline	vlxx.arm7.elf
File opened for reading	/proc/649/cmdline	vlxx.arm7.elf
File opened for reading	/proc/766/cmdline	vlxx.arm7.elf
File opened for reading	/proc/771/cmdline	vlxx.arm7.elf
File opened for reading	/proc/27/cmdline	vlxx.arm7.elf
File opened for reading	/proc/651/cmdline	vlxx.arm7.elf
File opened for reading	/proc/668/cmdline	vlxx.arm7.elf
File opened for reading	/proc/694/cmdline	vlxx.arm7.elf
File opened for reading	/proc/752/cmdline	vlxx.arm7.elf
File opened for reading	/proc/757/cmdline	vlxx.arm7.elf
File opened for reading	/proc/595/cmdline	vlxx.arm7.elf
File opened for reading	/proc/678/cmdline	vlxx.arm7.elf
File opened for reading	/proc/679/cmdline	vlxx.arm7.elf
File opened for reading	/proc/731/cmdline	vlxx.arm7.elf
File opened for reading	/proc/783/cmdline	vlxx.arm7.elf
File opened for reading	/proc/15/cmdline	vlxx.arm7.elf
File opened for reading	/proc/103/cmdline	vlxx.arm7.elf
File opened for reading	/proc/657/cmdline	vlxx.arm7.elf
File opened for reading	/proc/687/cmdline	vlxx.arm7.elf
File opened for reading	/proc/708/cmdline	vlxx.arm7.elf
File opened for reading	/proc/763/cmdline	vlxx.arm7.elf
File opened for reading	/proc/776/cmdline	vlxx.arm7.elf
File opened for reading	/proc/20/cmdline	vlxx.arm7.elf
File opened for reading	/proc/41/cmdline	vlxx.arm7.elf
File opened for reading	/proc/148/cmdline	vlxx.arm7.elf
File opened for reading	/proc/168/cmdline	vlxx.arm7.elf
File opened for reading	/proc/704/cmdline	vlxx.arm7.elf
File opened for reading	/proc/733/cmdline	vlxx.arm7.elf
File opened for reading	/proc/745/cmdline	vlxx.arm7.elf
File opened for reading	/proc/11/cmdline	vlxx.arm7.elf
File opened for reading	/proc/115/cmdline	vlxx.arm7.elf
File opened for reading	/proc/303/cmdline	vlxx.arm7.elf
File opened for reading	/proc/688/cmdline	vlxx.arm7.elf
File opened for reading	/proc/713/cmdline	vlxx.arm7.elf
File opened for reading	/proc/750/cmdline	vlxx.arm7.elf
File opened for reading	/proc/787/cmdline	vlxx.arm7.elf
File opened for reading	/proc/653/cmdline	vlxx.arm7.elf
File opened for reading	/proc/659/cmdline	vlxx.arm7.elf
File opened for reading	/proc/686/cmdline	vlxx.arm7.elf
File opened for reading	/proc/692/cmdline	vlxx.arm7.elf
File opened for reading	/proc/715/cmdline	vlxx.arm7.elf
File opened for reading	/proc/723/cmdline	vlxx.arm7.elf
File opened for reading	/proc/734/cmdline	vlxx.arm7.elf
File opened for reading	/proc/742/cmdline	vlxx.arm7.elf
File opened for reading	/proc/743/cmdline	vlxx.arm7.elf
File opened for reading	/proc/751/cmdline	vlxx.arm7.elf
File opened for reading	/proc/786/cmdline	vlxx.arm7.elf
File opened for reading	/proc/153/cmdline	vlxx.arm7.elf
File opened for reading	/proc/663/cmdline	vlxx.arm7.elf
File opened for reading	/proc/697/cmdline	vlxx.arm7.elf
File opened for reading	/proc/721/cmdline	vlxx.arm7.elf
File opened for reading	/proc/4/cmdline	vlxx.arm7.elf
File opened for reading	/proc/43/cmdline	vlxx.arm7.elf
File opened for reading	/proc/151/cmdline	vlxx.arm7.elf
File opened for reading	/proc/281/cmdline	vlxx.arm7.elf
File opened for reading	/proc/676/cmdline	vlxx.arm7.elf
File opened for reading	/proc/680/cmdline	vlxx.arm7.elf
File opened for reading	/proc/707/cmdline	vlxx.arm7.elf
File opened for reading	/proc/732/cmdline	vlxx.arm7.elf
File opened for reading	/proc/741/cmdline	vlxx.arm7.elf
File opened for reading	/proc/754/cmdline	vlxx.arm7.elf
File opened for reading	/proc/758/cmdline	vlxx.arm7.elf
File opened for reading	/proc/770/cmdline	vlxx.arm7.elf
File opened for reading	/proc/772/cmdline	vlxx.arm7.elf

/tmp/vlxx.arm7.elf
/tmp/vlxx.arm7.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:656

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads