3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d

Analysis

max time kernel
149s
max time network
144s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
25-12-2024 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
Size

122KB
MD5

e11e0cd38f19021f626e05fa98c8485f
SHA1

d8e83ad856e480ca9b46f98c27d1b9a473c28bf1
SHA256

3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d
SHA512

8022bc87886032d5a838cf4865bf20d003ea60493e1fcc3e74bf9d2432b2b0d555289b2e261b9313d05724b86ae1e1f4acfcba60122b2ceb6795a8a8baa3d056
SSDEEP

3072:NEO4ETWNLGppUxICaq4F4N+05JpvHB4KPyhuom:NEO4EiGpKCCaq4F4N+q7B4KPcXm

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	MC	635	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/666/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/707/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/721/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/723/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/3/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/267/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/658/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/663/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/696/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/734/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/717/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/725/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/752/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/759/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/644/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/662/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/676/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/714/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/710/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/727/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/765/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/13/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/567/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/648/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/709/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/682/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/732/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/5/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/14/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/29/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/656/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/668/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/694/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/6/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/19/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/587/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/641/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/681/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/722/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/726/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/745/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/109/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/166/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/299/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/669/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/751/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/753/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/716/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/744/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/760/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/11/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/12/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/23/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/672/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/670/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/675/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/697/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/8/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/22/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/628/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/667/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/698/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/731/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
File opened for reading	/proc/743/cmdline	3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf

/tmp/3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
/tmp/3996227d61d657a648afed49138a258e6d616ed3e378a5feb61d6ecf6638634d.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:635

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads