71930f5e05463a19eceacb4e27d888c7362e5e64e07c2fe0b099dae3b4ee0bdb

Analysis

max time kernel
146s
max time network
151s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
27-12-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
Size

73KB
MD5

02ef5e852076cf9c563fbaa180646c85
SHA1

ec96ee7b457856f00fe02fe4c5579617f4adc054
SHA256

3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4
SHA512

b6d7975aa4deb620c945e4355d82569fdf306a8779d62c7966c2f1ff55a849edb6d2f74e898789355f8dbec6cbea763a8528dc01e964813da262bf27e9161a7f
SSDEEP

1536:EGcEk0+/kGoDbJKt34rbwlONi15znoedI6SiG:EGcSRI34vkRnVm

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
675	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	674	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf

Reads runtime system information 56 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/18/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/28/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/294/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/326/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/17/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/21/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/109/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/137/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/291/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/315/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/6/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/15/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/19/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/27/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/42/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/10/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/41/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/23/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/106/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/222/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/2/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/14/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/150/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/167/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/429/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/149/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/26/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/108/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/24/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/29/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/5/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/25/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/295/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/345/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/488/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/7/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/220/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/281/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/441/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/12/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/20/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/318/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/8/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/13/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/22/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/43/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/98/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/280/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/293/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/9/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/16/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/145/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/77/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/3/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/4/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
File opened for reading	/proc/11/cmdline	3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf

/tmp/3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
/tmp/3d7d516288e90fb68be50e151604f949215d982538d3d53cbfce723fe24a35f4.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:674

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads