fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e

Analysis

max time kernel
148s
max time network
146s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
26-12-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
Size

69KB
MD5

1c8686e609976827983dab7cd41e087d
SHA1

142215e0a19e7f7cb11bf7d2ab951cee19f5ea91
SHA256

fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e
SHA512

80e625d9c9092ac0c0edc15020afac7d5bac0e9336e9cad927dc9bced017b53c3c1a9f4f6d4d38131f1eefff89ebfbd2861d8a2b38b21cd10dfb42205eabaceb
SSDEEP

1536:ID3wQHwUsadWweG3xDtab2VwCvHwGZ7eRAFqdoIh0/n7GF2kvEn6:0VQU9Wkhab8wCvQIKaFqdok0/n7GdEn6

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
646	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	647	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
Changes the process name, possibly in an attempt to hide itself	nginx	648	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
Changes the process name, possibly in an attempt to hide itself	inetd	649	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
Changes the process name, possibly in an attempt to hide itself	sshd	650	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/169/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/264/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/295/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/299/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/598/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/4/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/13/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/18/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/649/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/778/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/763/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/768/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/5/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/15/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/17/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/306/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/333/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/639/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/780/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/1/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/8/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/22/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/632/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/767/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/7/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/29/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/108/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/600/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/765/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/11/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/16/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/265/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/756/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/10/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/42/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/650/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/261/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/262/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/580/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/774/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/43/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/97/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/147/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/143/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/205/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/601/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/784/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/9/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/12/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/106/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/776/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/21/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/25/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/772/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/595/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/638/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/643/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/41/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/266/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/679/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/758/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/2/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/26/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/27/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf

/tmp/fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
/tmp/fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:646

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads