99971dcc74c4cca72d2ab9d3bd93bbb91d74715398a766256827efce57ffbab0

Analysis

max time kernel
149s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
28-12-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

most-arm7.elf
Size

165KB
MD5

9da2e7f669b09d465e3483f457728096
SHA1

e2632369eefec84a461bedfa327264aeba967358
SHA256

99971dcc74c4cca72d2ab9d3bd93bbb91d74715398a766256827efce57ffbab0
SHA512

331188083b3088129b764633a630e6d78553f58cdc190b942d2c09776229ddd57983f7b34c6a8eb804fb1a454a9870ad7f2748afc80eec81e814d51fb20e18c5
SSDEEP

3072:NEO4ETWNLGppUxICaq4F4N+05JpvHB4KPyhuonM/RWyWn:NEO4EiGpKCCaq4F4N+q7B4KPcXnM/Rn2

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	MC	641	most-arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/680/cmdline	most-arm7.elf
File opened for reading	/proc/692/cmdline	most-arm7.elf
File opened for reading	/proc/702/cmdline	most-arm7.elf
File opened for reading	/proc/705/cmdline	most-arm7.elf
File opened for reading	/proc/706/cmdline	most-arm7.elf
File opened for reading	/proc/737/cmdline	most-arm7.elf
File opened for reading	/proc/739/cmdline	most-arm7.elf
File opened for reading	/proc/642/cmdline	most-arm7.elf
File opened for reading	/proc/745/cmdline	most-arm7.elf
File opened for reading	/proc/742/cmdline	most-arm7.elf
File opened for reading	/proc/695/cmdline	most-arm7.elf
File opened for reading	/proc/656/cmdline	most-arm7.elf
File opened for reading	/proc/671/cmdline	most-arm7.elf
File opened for reading	/proc/653/cmdline	most-arm7.elf
File opened for reading	/proc/16/cmdline	most-arm7.elf
File opened for reading	/proc/646/cmdline	most-arm7.elf
File opened for reading	/proc/691/cmdline	most-arm7.elf
File opened for reading	/proc/715/cmdline	most-arm7.elf
File opened for reading	/proc/14/cmdline	most-arm7.elf
File opened for reading	/proc/4/cmdline	most-arm7.elf
File opened for reading	/proc/147/cmdline	most-arm7.elf
File opened for reading	/proc/701/cmdline	most-arm7.elf
File opened for reading	/proc/721/cmdline	most-arm7.elf
File opened for reading	/proc/722/cmdline	most-arm7.elf
File opened for reading	/proc/724/cmdline	most-arm7.elf
File opened for reading	/proc/774/cmdline	most-arm7.elf
File opened for reading	/proc/2/cmdline	most-arm7.elf
File opened for reading	/proc/43/cmdline	most-arm7.elf
File opened for reading	/proc/665/cmdline	most-arm7.elf
File opened for reading	/proc/714/cmdline	most-arm7.elf
File opened for reading	/proc/735/cmdline	most-arm7.elf
File opened for reading	/proc/5/cmdline	most-arm7.elf
File opened for reading	/proc/640/cmdline	most-arm7.elf
File opened for reading	/proc/713/cmdline	most-arm7.elf
File opened for reading	/proc/751/cmdline	most-arm7.elf
File opened for reading	/proc/757/cmdline	most-arm7.elf
File opened for reading	/proc/761/cmdline	most-arm7.elf
File opened for reading	/proc/310/cmdline	most-arm7.elf
File opened for reading	/proc/318/cmdline	most-arm7.elf
File opened for reading	/proc/658/cmdline	most-arm7.elf
File opened for reading	/proc/108/cmdline	most-arm7.elf
File opened for reading	/proc/647/cmdline	most-arm7.elf
File opened for reading	/proc/661/cmdline	most-arm7.elf
File opened for reading	/proc/666/cmdline	most-arm7.elf
File opened for reading	/proc/644/cmdline	most-arm7.elf
File opened for reading	/proc/187/cmdline	most-arm7.elf
File opened for reading	/proc/633/cmdline	most-arm7.elf
File opened for reading	/proc/684/cmdline	most-arm7.elf
File opened for reading	/proc/720/cmdline	most-arm7.elf
File opened for reading	/proc/743/cmdline	most-arm7.elf
File opened for reading	/proc/769/cmdline	most-arm7.elf
File opened for reading	/proc/27/cmdline	most-arm7.elf
File opened for reading	/proc/645/cmdline	most-arm7.elf
File opened for reading	/proc/716/cmdline	most-arm7.elf
File opened for reading	/proc/730/cmdline	most-arm7.elf
File opened for reading	/proc/748/cmdline	most-arm7.elf
File opened for reading	/proc/42/cmdline	most-arm7.elf
File opened for reading	/proc/25/cmdline	most-arm7.elf
File opened for reading	/proc/138/cmdline	most-arm7.elf
File opened for reading	/proc/707/cmdline	most-arm7.elf
File opened for reading	/proc/766/cmdline	most-arm7.elf
File opened for reading	/proc/19/cmdline	most-arm7.elf
File opened for reading	/proc/674/cmdline	most-arm7.elf
File opened for reading	/proc/689/cmdline	most-arm7.elf

/tmp/most-arm7.elf
/tmp/most-arm7.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:641

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads