55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5

Analysis

max time kernel
149s
max time network
146s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-12-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
Size

130KB
MD5

ca98057f82a1896c9e84801a065baa7f
SHA1

bd058da110157d6c5c60b31c127c1c379422280d
SHA256

55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5
SHA512

b96f043a6b61b157d62c81c26d8a2a7ad24987cb1cd8e3491b61db458fe3944a66dfeb8bab8d24907eceba1cc367a55a903428b7dd7d625fe02d76b03bad146e
SSDEEP

1536:1HQeHIjFlGz/r5eQpG/lFcAPWZf4VTyqsTgDpMMvnPu2/gUdWl5IJwyw2FR4Yoah:1HQeFeQg9FcT4YZMDpMMFoUwpJib1

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	646	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/599/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/652/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/662/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/670/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/672/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/714/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/22/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/227/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/766/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/675/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/683/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/706/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/740/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/762/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/776/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/20/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/316/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/780/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/679/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/771/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/28/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/674/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/638/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/699/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/705/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/744/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/2/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/7/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/294/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/677/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/701/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/16/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/21/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/698/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/752/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/759/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/23/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/659/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/641/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/669/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/700/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/717/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/738/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/742/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/11/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/597/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/695/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/702/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/8/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/323/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/710/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/763/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/770/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/778/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/12/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/280/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/718/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/649/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/691/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/665/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/687/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/688/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/290/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
File opened for reading	/proc/658/cmdline	55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf

/tmp/55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
/tmp/55699e28e6c1070ab1e5d0d8937d87c17413383ca07aa68addcefec5f5c6c0a5.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:646

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads