7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133

Analysis

max time kernel
149s
max time network
147s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-12-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
Size

214KB
MD5

db43063f5e6099373a8baa9dd4840f06
SHA1

780bc5db02a63aeb8369d3d347a3a6cd65f99a77
SHA256

7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133
SHA512

51b9d11d65e9c3aaa6cdba05dbf0564a655de746a86e2963e6b24103599205ce5771a9b688aa586abba5cb9b57dd8ced20115ad7c841c2c33ce93f41c38d2b4c
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIDN:R/j3u2aucadoWCZHP9p2xf/uIR

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
646	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	645	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/6666_7/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�8/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/3333�,/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/999�"/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�5/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777�5/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/88ll�"/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/99/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/2222,/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/44/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777�6/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666;/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/1111�"/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/5555�0/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�4/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666@5/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/66665/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�5/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�5/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777�6/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/55550/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/2222,/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666H4/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�4/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666_7/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/55/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/222�"/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�7/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/22222*/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/2222*/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777�5/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/66661/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�4/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/66665/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/66663/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�8/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666F4/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777d6/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/77/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/1111�,/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666=5/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/111�"/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777�6/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/66661/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�4/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/66665/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/1111�,/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/66665/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777b6/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�9/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/111m�"/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/66665/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777y6/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/111c�"/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666E4/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666W4/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666�4/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/2222�)/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666W5/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/1111�,/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666E4/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/7777�5/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666H4/cmdline	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
File opened for reading	/proc/6666D4/stat	7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf

/tmp/7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
/tmp/7b660d788c08e352ddfffa4dacdf7b9d850b561649243bb18bcc8675c06e5133.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:645

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads