2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9

Analysis

max time kernel
150s
max time network
152s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
25-12-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
Size

134KB
MD5

ac277ab772bcf5e631087de018213b1d
SHA1

b02bd2f706dd8d9654a66c91439ce5953ae9c912
SHA256

2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9
SHA512

14878c7f9c52d221555ca1ac8e1b1850e3a9a57037448f73710f64f4f316119627088e1c6caa512f7a3b568b1520bc448ffa5bdf2a8363280fe85d8c033ebe68
SSDEEP

1536:DeIIcq87ZO8VQzlHai3UAGXlFFAeSz4VAZJsTgVYYgBna2/AbdjlifIwywmFfb1O:CIIifY3UVVFFM4UiMVYYgnobKZGvQd

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	666	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/697/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/710/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/751/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/752/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/765/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/7/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/16/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/682/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/793/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/672/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/749/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/773/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/9/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/15/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/75/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/712/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/734/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/739/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/1/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/26/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/678/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/785/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/42/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/693/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/736/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/706/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/721/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/733/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/740/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/747/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/277/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/321/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/692/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/686/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/755/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/108/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/652/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/668/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/716/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/719/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/727/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/764/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/798/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/14/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/707/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/713/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/688/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/723/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/730/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/769/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/787/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/165/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/466/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/663/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/680/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/685/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/735/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/775/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/780/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/12/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/407/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/661/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/796/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
File opened for reading	/proc/777/cmdline	2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf

/tmp/2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
/tmp/2b9fd371dba5865cecabcfc60d31cf39e5da0808586748aa272327f2ca50ecc9.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:666

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads