1d23c62789148a29cacbd39dcd029559c6bb204fed4241a469a68c5f8cbd79da

Analysis

max time kernel
150s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29/12/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.arm5.elf
Size

126KB
MD5

07250240f8d90b729e6b3d98b8c0ff54
SHA1

bf8fb0fb42bbfce2dc48417272ce904bf3c56bc9
SHA256

1d23c62789148a29cacbd39dcd029559c6bb204fed4241a469a68c5f8cbd79da
SHA512

8fe0e42244fdc845f595c227c9ac0564033949ebdb70421c5e4db1155377082463a2cacca499d948cb1460e288fe5bdf4374efd613d03d65e10e2725cb7836f2
SSDEEP

1536:JSDwI4fG50nVg/QXEE9+19jAd424V8G2TTZxhLNqLbqt1budpLSlcCwyw6FPRbl:0DwLYhQX/019jc4r2/ZxhZqQbu34ebV

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	663	bot.arm5.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/792/cmdline	bot.arm5.elf
File opened for reading	/proc/3/cmdline	bot.arm5.elf
File opened for reading	/proc/12/cmdline	bot.arm5.elf
File opened for reading	/proc/23/cmdline	bot.arm5.elf
File opened for reading	/proc/109/cmdline	bot.arm5.elf
File opened for reading	/proc/718/cmdline	bot.arm5.elf
File opened for reading	/proc/739/cmdline	bot.arm5.elf
File opened for reading	/proc/726/cmdline	bot.arm5.elf
File opened for reading	/proc/738/cmdline	bot.arm5.elf
File opened for reading	/proc/744/cmdline	bot.arm5.elf
File opened for reading	/proc/748/cmdline	bot.arm5.elf
File opened for reading	/proc/778/cmdline	bot.arm5.elf
File opened for reading	/proc/790/cmdline	bot.arm5.elf
File opened for reading	/proc/218/cmdline	bot.arm5.elf
File opened for reading	/proc/666/cmdline	bot.arm5.elf
File opened for reading	/proc/695/cmdline	bot.arm5.elf
File opened for reading	/proc/725/cmdline	bot.arm5.elf
File opened for reading	/proc/728/cmdline	bot.arm5.elf
File opened for reading	/proc/138/cmdline	bot.arm5.elf
File opened for reading	/proc/745/cmdline	bot.arm5.elf
File opened for reading	/proc/746/cmdline	bot.arm5.elf
File opened for reading	/proc/752/cmdline	bot.arm5.elf
File opened for reading	/proc/771/cmdline	bot.arm5.elf
File opened for reading	/proc/780/cmdline	bot.arm5.elf
File opened for reading	/proc/714/cmdline	bot.arm5.elf
File opened for reading	/proc/749/cmdline	bot.arm5.elf
File opened for reading	/proc/8/cmdline	bot.arm5.elf
File opened for reading	/proc/14/cmdline	bot.arm5.elf
File opened for reading	/proc/276/cmdline	bot.arm5.elf
File opened for reading	/proc/463/cmdline	bot.arm5.elf
File opened for reading	/proc/685/cmdline	bot.arm5.elf
File opened for reading	/proc/694/cmdline	bot.arm5.elf
File opened for reading	/proc/768/cmdline	bot.arm5.elf
File opened for reading	/proc/784/cmdline	bot.arm5.elf
File opened for reading	/proc/791/cmdline	bot.arm5.elf
File opened for reading	/proc/9/cmdline	bot.arm5.elf
File opened for reading	/proc/305/cmdline	bot.arm5.elf
File opened for reading	/proc/664/cmdline	bot.arm5.elf
File opened for reading	/proc/706/cmdline	bot.arm5.elf
File opened for reading	/proc/716/cmdline	bot.arm5.elf
File opened for reading	/proc/721/cmdline	bot.arm5.elf
File opened for reading	/proc/27/cmdline	bot.arm5.elf
File opened for reading	/proc/660/cmdline	bot.arm5.elf
File opened for reading	/proc/675/cmdline	bot.arm5.elf
File opened for reading	/proc/757/cmdline	bot.arm5.elf
File opened for reading	/proc/762/cmdline	bot.arm5.elf
File opened for reading	/proc/696/cmdline	bot.arm5.elf
File opened for reading	/proc/736/cmdline	bot.arm5.elf
File opened for reading	/proc/16/cmdline	bot.arm5.elf
File opened for reading	/proc/141/cmdline	bot.arm5.elf
File opened for reading	/proc/661/cmdline	bot.arm5.elf
File opened for reading	/proc/667/cmdline	bot.arm5.elf
File opened for reading	/proc/673/cmdline	bot.arm5.elf
File opened for reading	/proc/692/cmdline	bot.arm5.elf
File opened for reading	/proc/793/cmdline	bot.arm5.elf
File opened for reading	/proc/697/cmdline	bot.arm5.elf
File opened for reading	/proc/766/cmdline	bot.arm5.elf
File opened for reading	/proc/5/cmdline	bot.arm5.elf
File opened for reading	/proc/29/cmdline	bot.arm5.elf
File opened for reading	/proc/137/cmdline	bot.arm5.elf
File opened for reading	/proc/280/cmdline	bot.arm5.elf
File opened for reading	/proc/677/cmdline	bot.arm5.elf
File opened for reading	/proc/689/cmdline	bot.arm5.elf
File opened for reading	/proc/7/cmdline	bot.arm5.elf

/tmp/bot.arm5.elf
/tmp/bot.arm5.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:663

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads