a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad

Analysis

max time kernel
97s
max time network
150s
platform
debian-12_mipsel
resource
debian12-mipsel-20240418-en
resource tags

arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
26-12-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
Size

117KB
MD5

2fa5009f80187eab71c713eeddf85930
SHA1

9b93b360681885aa3de34968be730153f9e0b723
SHA256

a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad
SHA512

002b5a5804e0093bf745e43b2ff177c240d8d1669b5202c38a3ed04c04570d5344d2807f2b44b56fdddd259cef977f86fc130a51ef2aa27ebadaf0a328137e14
SSDEEP

1536:MLBhZQZyzqUvfXPZ3F8KG+7uCUlj138W1F0AhjsnpahhH7ci:MLBDYyzqUv/FFyj1MW1Ceonp07X

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
751	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	nginx	754	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
Changes the process name, possibly in an attempt to hide itself	bash	753	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
Changes the process name, possibly in an attempt to hide itself	inetd	755	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
Changes the process name, possibly in an attempt to hide itself	sshd	756	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/10/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/25/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/37/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/410/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/693/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/755/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/770/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/2/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/112/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/715/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/808/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/4/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/24/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/113/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/118/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/344/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/666/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/757/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/3/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/34/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/338/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/412/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/696/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/713/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/738/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/746/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/19/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/8/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/15/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/47/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/750/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/1/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/377/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/719/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/743/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/6/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/189/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/202/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/391/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/809/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/111/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/16/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/48/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/53/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/381/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/711/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/737/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/5/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/20/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/21/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/22/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/45/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/379/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/17/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/763/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/723/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/23/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/26/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/27/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/28/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/32/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/35/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/180/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
File opened for reading	/proc/12/cmdline	a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf

/tmp/a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
/tmp/a5f606e048e29abe87aa06941369dcd89e4d0e47d345d3df621f43ba5de84dad.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:751

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads