fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e

Analysis

max time kernel
148s
max time network
142s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
26-12-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
Size

69KB
MD5

1c8686e609976827983dab7cd41e087d
SHA1

142215e0a19e7f7cb11bf7d2ab951cee19f5ea91
SHA256

fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e
SHA512

80e625d9c9092ac0c0edc15020afac7d5bac0e9336e9cad927dc9bced017b53c3c1a9f4f6d4d38131f1eefff89ebfbd2861d8a2b38b21cd10dfb42205eabaceb
SSDEEP

1536:ID3wQHwUsadWweG3xDtab2VwCvHwGZ7eRAFqdoIh0/n7GF2kvEn6:0VQU9Wkhab8wCvQIKaFqdok0/n7GdEn6

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
650	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	651	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
Changes the process name, possibly in an attempt to hide itself	nginx	652	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
Changes the process name, possibly in an attempt to hide itself	inetd	653	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
Changes the process name, possibly in an attempt to hide itself	sshd	654	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/11/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/276/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/600/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/594/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/647/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/3/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/16/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/41/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/75/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/216/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/270/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/7/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/29/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/42/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/147/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/761/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/5/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/275/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/653/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/43/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/97/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/305/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/645/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/24/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/108/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/782/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/784/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/643/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/18/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/26/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/27/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/142/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/268/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/642/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/14/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/17/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/772/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/774/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/780/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/6/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/140/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/277/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/303/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/599/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/649/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/778/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/107/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/160/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/658/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/758/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/766/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/768/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/12/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/22/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/325/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/648/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/654/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/770/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/9/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/13/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/19/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/20/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
File opened for reading	/proc/105/cmdline	fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf

/tmp/fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
/tmp/fed90d67893412bceaa66d506747b90418a56d578f7bc5e1102b14268ceba41e.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:650

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads