Analysis
-
max time kernel
137s -
max time network
148s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
30-12-2024 01:48
Behavioral task
behavioral1
Sample
njvwa4.elf
Resource
debian9-armhf-20240729-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
njvwa4.elf
-
Size
158KB
-
MD5
eddd6a2b24613e3622b9c0ff3a163946
-
SHA1
811c7f8b448961dbd2bb4f7402e7ba7a6b340f20
-
SHA256
a8633a532fca5bf08641cb8fb0cbf0e1da49f436cbd48af11d8ebf3af82b0428
-
SHA512
d3009ed1ef39c5f58b4be8f0a776598cb212a03450a7c4ebf0c905b60d6751b11be6164806e23699495b3d4d3d8071c75f165c5ff5a2e54586117c09cc924ae9
-
SSDEEP
1536:ec8n+sXCFKtDDofaaINXivAppBCAsmo4Vp7gTCA33qW53O/5y0iVu2L5lmlwywrT:ec8nlnoLIqA7BCV4rgmA33zfnIWEXe
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 646 njvwa4.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 645 njvwa4.elf -
description ioc Process File opened for reading /proc/107/cmdline njvwa4.elf File opened for reading /proc/163/cmdline njvwa4.elf File opened for reading /proc/302/cmdline njvwa4.elf File opened for reading /proc/20/cmdline njvwa4.elf File opened for reading /proc/23/cmdline njvwa4.elf File opened for reading /proc/25/cmdline njvwa4.elf File opened for reading /proc/26/cmdline njvwa4.elf File opened for reading /proc/41/cmdline njvwa4.elf File opened for reading /proc/43/cmdline njvwa4.elf File opened for reading /proc/8/cmdline njvwa4.elf File opened for reading /proc/16/cmdline njvwa4.elf File opened for reading /proc/17/cmdline njvwa4.elf File opened for reading /proc/19/cmdline njvwa4.elf File opened for reading /proc/22/cmdline njvwa4.elf File opened for reading /proc/311/cmdline njvwa4.elf File opened for reading /proc/24/cmdline njvwa4.elf File opened for reading /proc/218/cmdline njvwa4.elf File opened for reading /proc/4/cmdline njvwa4.elf File opened for reading /proc/18/cmdline njvwa4.elf File opened for reading /proc/28/cmdline njvwa4.elf File opened for reading /proc/108/cmdline njvwa4.elf File opened for reading /proc/288/cmdline njvwa4.elf File opened for reading /proc/265/cmdline njvwa4.elf File opened for reading /proc/271/cmdline njvwa4.elf File opened for reading /proc/3/cmdline njvwa4.elf File opened for reading /proc/14/cmdline njvwa4.elf File opened for reading /proc/27/cmdline njvwa4.elf File opened for reading /proc/105/cmdline njvwa4.elf File opened for reading /proc/148/cmdline njvwa4.elf File opened for reading /proc/301/cmdline njvwa4.elf File opened for reading /proc/578/cmdline njvwa4.elf File opened for reading /proc/7/cmdline njvwa4.elf File opened for reading /proc/11/cmdline njvwa4.elf File opened for reading /proc/15/cmdline njvwa4.elf File opened for reading /proc/29/cmdline njvwa4.elf File opened for reading /proc/266/cmdline njvwa4.elf File opened for reading /proc/268/cmdline njvwa4.elf File opened for reading /proc/134/cmdline njvwa4.elf File opened for reading /proc/216/cmdline njvwa4.elf File opened for reading /proc/308/cmdline njvwa4.elf File opened for reading /proc/2/cmdline njvwa4.elf File opened for reading /proc/6/cmdline njvwa4.elf File opened for reading /proc/5/cmdline njvwa4.elf File opened for reading /proc/13/cmdline njvwa4.elf File opened for reading /proc/21/cmdline njvwa4.elf File opened for reading /proc/147/cmdline njvwa4.elf File opened for reading /proc/9/cmdline njvwa4.elf File opened for reading /proc/10/cmdline njvwa4.elf File opened for reading /proc/12/cmdline njvwa4.elf File opened for reading /proc/579/cmdline njvwa4.elf File opened for reading /proc/42/cmdline njvwa4.elf File opened for reading /proc/75/cmdline njvwa4.elf File opened for reading /proc/97/cmdline njvwa4.elf File opened for reading /proc/137/cmdline njvwa4.elf File opened for reading /proc/582/cmdline njvwa4.elf