3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d

Analysis

max time kernel
150s
max time network
145s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
24-12-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

most-arm7.elf
Size

122KB
MD5

e11e0cd38f19021f626e05fa98c8485f
SHA1

d8e83ad856e480ca9b46f98c27d1b9a473c28bf1
SHA256

3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d
SHA512

8022bc87886032d5a838cf4865bf20d003ea60493e1fcc3e74bf9d2432b2b0d555289b2e261b9313d05724b86ae1e1f4acfcba60122b2ceb6795a8a8baa3d056
SSDEEP

3072:NEO4ETWNLGppUxICaq4F4N+05JpvHB4KPyhuom:NEO4EiGpKCCaq4F4N+q7B4KPcXm

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	MC	657	most-arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/24/cmdline	most-arm7.elf
File opened for reading	/proc/652/cmdline	most-arm7.elf
File opened for reading	/proc/660/cmdline	most-arm7.elf
File opened for reading	/proc/717/cmdline	most-arm7.elf
File opened for reading	/proc/732/cmdline	most-arm7.elf
File opened for reading	/proc/754/cmdline	most-arm7.elf
File opened for reading	/proc/11/cmdline	most-arm7.elf
File opened for reading	/proc/18/cmdline	most-arm7.elf
File opened for reading	/proc/762/cmdline	most-arm7.elf
File opened for reading	/proc/775/cmdline	most-arm7.elf
File opened for reading	/proc/682/cmdline	most-arm7.elf
File opened for reading	/proc/687/cmdline	most-arm7.elf
File opened for reading	/proc/710/cmdline	most-arm7.elf
File opened for reading	/proc/768/cmdline	most-arm7.elf
File opened for reading	/proc/222/cmdline	most-arm7.elf
File opened for reading	/proc/656/cmdline	most-arm7.elf
File opened for reading	/proc/706/cmdline	most-arm7.elf
File opened for reading	/proc/719/cmdline	most-arm7.elf
File opened for reading	/proc/766/cmdline	most-arm7.elf
File opened for reading	/proc/773/cmdline	most-arm7.elf
File opened for reading	/proc/788/cmdline	most-arm7.elf
File opened for reading	/proc/791/cmdline	most-arm7.elf
File opened for reading	/proc/290/cmdline	most-arm7.elf
File opened for reading	/proc/664/cmdline	most-arm7.elf
File opened for reading	/proc/25/cmdline	most-arm7.elf
File opened for reading	/proc/309/cmdline	most-arm7.elf
File opened for reading	/proc/684/cmdline	most-arm7.elf
File opened for reading	/proc/718/cmdline	most-arm7.elf
File opened for reading	/proc/741/cmdline	most-arm7.elf
File opened for reading	/proc/746/cmdline	most-arm7.elf
File opened for reading	/proc/6/cmdline	most-arm7.elf
File opened for reading	/proc/13/cmdline	most-arm7.elf
File opened for reading	/proc/727/cmdline	most-arm7.elf
File opened for reading	/proc/748/cmdline	most-arm7.elf
File opened for reading	/proc/752/cmdline	most-arm7.elf
File opened for reading	/proc/763/cmdline	most-arm7.elf
File opened for reading	/proc/765/cmdline	most-arm7.elf
File opened for reading	/proc/782/cmdline	most-arm7.elf
File opened for reading	/proc/277/cmdline	most-arm7.elf
File opened for reading	/proc/721/cmdline	most-arm7.elf
File opened for reading	/proc/612/cmdline	most-arm7.elf
File opened for reading	/proc/697/cmdline	most-arm7.elf
File opened for reading	/proc/699/cmdline	most-arm7.elf
File opened for reading	/proc/720/cmdline	most-arm7.elf
File opened for reading	/proc/739/cmdline	most-arm7.elf
File opened for reading	/proc/770/cmdline	most-arm7.elf
File opened for reading	/proc/4/cmdline	most-arm7.elf
File opened for reading	/proc/175/cmdline	most-arm7.elf
File opened for reading	/proc/712/cmdline	most-arm7.elf
File opened for reading	/proc/745/cmdline	most-arm7.elf
File opened for reading	/proc/747/cmdline	most-arm7.elf
File opened for reading	/proc/686/cmdline	most-arm7.elf
File opened for reading	/proc/707/cmdline	most-arm7.elf
File opened for reading	/proc/711/cmdline	most-arm7.elf
File opened for reading	/proc/715/cmdline	most-arm7.elf
File opened for reading	/proc/729/cmdline	most-arm7.elf
File opened for reading	/proc/749/cmdline	most-arm7.elf
File opened for reading	/proc/759/cmdline	most-arm7.elf
File opened for reading	/proc/143/cmdline	most-arm7.elf
File opened for reading	/proc/318/cmdline	most-arm7.elf
File opened for reading	/proc/114/cmdline	most-arm7.elf
File opened for reading	/proc/115/cmdline	most-arm7.elf
File opened for reading	/proc/757/cmdline	most-arm7.elf
File opened for reading	/proc/758/cmdline	most-arm7.elf

/tmp/most-arm7.elf
/tmp/most-arm7.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:657

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads