Analysis
-
max time kernel
136s -
max time network
144s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
28-12-2024 21:24
Behavioral task
behavioral1
Sample
ngwa5.elf
Resource
debian9-armhf-20240729-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
ngwa5.elf
-
Size
154KB
-
MD5
fcd78cda92e0b39c4743ba2b430914d5
-
SHA1
a2ea7c56522e27991afd72e9d11b0be2fe21149a
-
SHA256
ba3a3ee7449e015b50b1d4662bfb7c6e256f3f3d119716eb995699036f80a639
-
SHA512
5c5f67f101dd66b5242e8c1c0e56a59ad01a0e64d23320939692ec38d1fceec937c62129a466d391ff2608f05a498100c3f557a1e3f7a25a3c8603fcd52171d1
-
SSDEEP
3072:xNKs58C55mYuMRN04VhF6s9RjQnHA86VFTs:nKs58LmX04Vj6sPjQng863Ts
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 648 ngwa5.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 647 ngwa5.elf -
description ioc Process File opened for reading /proc/23/cmdline ngwa5.elf File opened for reading /proc/5/cmdline ngwa5.elf File opened for reading /proc/13/cmdline ngwa5.elf File opened for reading /proc/177/cmdline ngwa5.elf File opened for reading /proc/115/cmdline ngwa5.elf File opened for reading /proc/157/cmdline ngwa5.elf File opened for reading /proc/293/cmdline ngwa5.elf File opened for reading /proc/311/cmdline ngwa5.elf File opened for reading /proc/313/cmdline ngwa5.elf File opened for reading /proc/2/cmdline ngwa5.elf File opened for reading /proc/6/cmdline ngwa5.elf File opened for reading /proc/144/cmdline ngwa5.elf File opened for reading /proc/292/cmdline ngwa5.elf File opened for reading /proc/4/cmdline ngwa5.elf File opened for reading /proc/20/cmdline ngwa5.elf File opened for reading /proc/114/cmdline ngwa5.elf File opened for reading /proc/227/cmdline ngwa5.elf File opened for reading /proc/277/cmdline ngwa5.elf File opened for reading /proc/280/cmdline ngwa5.elf File opened for reading /proc/595/cmdline ngwa5.elf File opened for reading /proc/12/cmdline ngwa5.elf File opened for reading /proc/29/cmdline ngwa5.elf File opened for reading /proc/103/cmdline ngwa5.elf File opened for reading /proc/598/cmdline ngwa5.elf File opened for reading /proc/10/cmdline ngwa5.elf File opened for reading /proc/16/cmdline ngwa5.elf File opened for reading /proc/580/cmdline ngwa5.elf File opened for reading /proc/8/cmdline ngwa5.elf File opened for reading /proc/19/cmdline ngwa5.elf File opened for reading /proc/7/cmdline ngwa5.elf File opened for reading /proc/25/cmdline ngwa5.elf File opened for reading /proc/600/cmdline ngwa5.elf File opened for reading /proc/145/cmdline ngwa5.elf File opened for reading /proc/3/cmdline ngwa5.elf File opened for reading /proc/17/cmdline ngwa5.elf File opened for reading /proc/28/cmdline ngwa5.elf File opened for reading /proc/14/cmdline ngwa5.elf File opened for reading /proc/42/cmdline ngwa5.elf File opened for reading /proc/22/cmdline ngwa5.elf File opened for reading /proc/21/cmdline ngwa5.elf File opened for reading /proc/24/cmdline ngwa5.elf File opened for reading /proc/26/cmdline ngwa5.elf File opened for reading /proc/323/cmdline ngwa5.elf File opened for reading /proc/9/cmdline ngwa5.elf File opened for reading /proc/15/cmdline ngwa5.elf File opened for reading /proc/18/cmdline ngwa5.elf File opened for reading /proc/153/cmdline ngwa5.elf File opened for reading /proc/199/cmdline ngwa5.elf File opened for reading /proc/279/cmdline ngwa5.elf File opened for reading /proc/11/cmdline ngwa5.elf File opened for reading /proc/41/cmdline ngwa5.elf File opened for reading /proc/112/cmdline ngwa5.elf File opened for reading /proc/315/cmdline ngwa5.elf File opened for reading /proc/27/cmdline ngwa5.elf File opened for reading /proc/43/cmdline ngwa5.elf File opened for reading /proc/81/cmdline ngwa5.elf