d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
23-12-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
Size

126KB
MD5

900fd71a539f6b87e08d349965d48a1e
SHA1

9e6bd36b615ae5d430e71df02920711549932b9e
SHA256

d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856
SHA512

c7a9c4d156b55e615816f9727e21b3891cdb4b13e43207d1b72d0599ab185321ccdbe78323711da469c451d32579f46108e2c9d6aa3563089ab50b8392a8ad1a
SSDEEP

1536:Ji7SWWnG5vTCINDDVIbSXL1uAFDG4VDNET8CrI4EyR6q+vYZRbl/CwywbFUgiTUa:07S7g+iV9b1ub4LE4CrI4oq+QxQjD

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	-"6	640	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/675/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/732/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/742/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/763/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/773/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/16/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/651/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/666/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/682/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/727/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/740/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/24/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/625/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/652/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/321/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/775/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/656/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/658/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/723/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/749/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/756/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/108/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/159/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/269/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/712/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/729/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/747/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/17/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/18/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/573/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/743/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/681/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/683/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/736/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/761/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/7/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/649/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/657/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/664/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/766/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/11/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/25/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/654/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/638/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/679/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/688/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/708/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/728/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/22/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/284/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/295/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/771/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/700/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/704/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/709/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/710/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/713/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/8/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/678/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/686/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/722/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/758/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/772/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
File opened for reading	/proc/715/cmdline	d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf

/tmp/d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
/tmp/d838ec71d6649ae8735a382ce0a7eb04e4b03cc1211a6c166ffc5edcb17d4856.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:640

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads