4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df

Analysis

max time kernel
148s
max time network
154s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30/12/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm7.elf
Size

142KB
MD5

e0f0ed1d9947c3d36707d71a278c3800
SHA1

778bfe9c171f7ab5ae0e1fbdf4e134c2914cd498
SHA256

4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df
SHA512

548b1bc24b86786101ac6e7496e929429265e6e76f6d3ff3211acf3067e3593edb1d1bc4869007baf9aff40f12159017616fa27732e0a93b830928ff7fda8376
SSDEEP

3072:zv/Z42foK5ab/JOwjYdUswfZTDRnnx+er3M/9Kb:zv/Zp5ab/JOw8as8lnnx+ebM/9Kb

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
649	arm7.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	651	arm7.elf
Changes the process name, possibly in an attempt to hide itself	nginx	652	arm7.elf
Changes the process name, possibly in an attempt to hide itself	inetd	653	arm7.elf
Changes the process name, possibly in an attempt to hide itself	sshd	654	arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/41/cmdline	arm7.elf
File opened for reading	/proc/602/cmdline	arm7.elf
File opened for reading	/proc/762/cmdline	arm7.elf
File opened for reading	/proc/780/cmdline	arm7.elf
File opened for reading	/proc/1/cmdline	arm7.elf
File opened for reading	/proc/8/cmdline	arm7.elf
File opened for reading	/proc/42/cmdline	arm7.elf
File opened for reading	/proc/43/cmdline	arm7.elf
File opened for reading	/proc/98/cmdline	arm7.elf
File opened for reading	/proc/265/cmdline	arm7.elf
File opened for reading	/proc/269/cmdline	arm7.elf
File opened for reading	/proc/767/cmdline	arm7.elf
File opened for reading	/proc/17/cmdline	arm7.elf
File opened for reading	/proc/21/cmdline	arm7.elf
File opened for reading	/proc/284/cmdline	arm7.elf
File opened for reading	/proc/653/cmdline	arm7.elf
File opened for reading	/proc/663/cmdline	arm7.elf
File opened for reading	/proc/24/cmdline	arm7.elf
File opened for reading	/proc/107/cmdline	arm7.elf
File opened for reading	/proc/22/cmdline	arm7.elf
File opened for reading	/proc/213/cmdline	arm7.elf
File opened for reading	/proc/646/cmdline	arm7.elf
File opened for reading	/proc/2/cmdline	arm7.elf
File opened for reading	/proc/6/cmdline	arm7.elf
File opened for reading	/proc/268/cmdline	arm7.elf
File opened for reading	/proc/19/cmdline	arm7.elf
File opened for reading	/proc/262/cmdline	arm7.elf
File opened for reading	/proc/15/cmdline	arm7.elf
File opened for reading	/proc/23/cmdline	arm7.elf
File opened for reading	/proc/601/cmdline	arm7.elf
File opened for reading	/proc/647/cmdline	arm7.elf
File opened for reading	/proc/772/cmdline	arm7.elf
File opened for reading	/proc/784/cmdline	arm7.elf
File opened for reading	/proc/5/cmdline	arm7.elf
File opened for reading	/proc/14/cmdline	arm7.elf
File opened for reading	/proc/598/cmdline	arm7.elf
File opened for reading	/proc/4/cmdline	arm7.elf
File opened for reading	/proc/139/cmdline	arm7.elf
File opened for reading	/proc/110/cmdline	arm7.elf
File opened for reading	/proc/152/cmdline	arm7.elf
File opened for reading	/proc/581/cmdline	arm7.elf
File opened for reading	/proc/642/cmdline	arm7.elf
File opened for reading	/proc/654/cmdline	arm7.elf
File opened for reading	/proc/13/cmdline	arm7.elf
File opened for reading	/proc/18/cmdline	arm7.elf
File opened for reading	/proc/141/cmdline	arm7.elf
File opened for reading	/proc/786/cmdline	arm7.elf
File opened for reading	/proc/769/cmdline	arm7.elf
File opened for reading	/proc/778/cmdline	arm7.elf
File opened for reading	/proc/785/cmdline	arm7.elf
File opened for reading	/proc/9/cmdline	arm7.elf
File opened for reading	/proc/140/cmdline	arm7.elf
File opened for reading	/proc/264/cmdline	arm7.elf
File opened for reading	/proc/322/cmdline	arm7.elf
File opened for reading	/proc/760/cmdline	arm7.elf
File opened for reading	/proc/774/cmdline	arm7.elf
File opened for reading	/proc/3/cmdline	arm7.elf
File opened for reading	/proc/20/cmdline	arm7.elf
File opened for reading	/proc/29/cmdline	arm7.elf
File opened for reading	/proc/76/cmdline	arm7.elf
File opened for reading	/proc/635/cmdline	arm7.elf
File opened for reading	/proc/12/cmdline	arm7.elf
File opened for reading	/proc/594/cmdline	arm7.elf
File opened for reading	/proc/25/cmdline	arm7.elf

/tmp/arm7.elf
/tmp/arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:649

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads