61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b

Analysis

max time kernel
149s
max time network
156s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
23-12-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
Size

175KB
MD5

3cb7f09ee95355d0ecf9166d196a2005
SHA1

00b23ecc99df8164d128d033542730a326cb898d
SHA256

61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b
SHA512

5d7dbf2a88fcddcaf09cf224582a139f0951aa0e3b1e28314dbdd205f49e83d613ac3ff7a85a7e1ee263ad6474420fc766c30967c04e75d509079d29a653a3f4
SSDEEP

3072:3tbNtVjxrvAqTkYaDsh+OcAhf/HSwBjdo2nJ/o/wM/R8+n:3tdxr9oYaDsh+nAxRBBo2JgIM/R8+n

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	-"6	709	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/758/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/646/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/727/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/365/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/34/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/36/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/717/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/5/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/29/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/317/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/10/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/13/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/188/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/324/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/45/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/73/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/720/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/725/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/32/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/35/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/14/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/30/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/310/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/629/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/737/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/750/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/1/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/3/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/345/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/17/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/741/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/21/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/57/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/342/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/631/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/721/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/723/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/8/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/18/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/742/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/44/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/327/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/680/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/702/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/739/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/744/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/19/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/208/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/662/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/700/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/743/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/751/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/2/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/33/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/726/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/16/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/51/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/142/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/195/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/752/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/46/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/56/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/316/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
File opened for reading	/proc/748/cmdline	61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf

/tmp/61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
/tmp/61692b93323b0b8699080be55f00a7f8b08676cf78a2927a913794347f30892b.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:709

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads