e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65

Analysis

max time kernel
130s
max time network
152s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-12-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
Size

73KB
MD5

4f1be192cb2790c9a272bc8ae2ed4b79
SHA1

d7c5fc8426775df43d7904f7d8475c9a2f5d6443
SHA256

e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65
SHA512

0af8a527e472857be69174be2544d328bd5001283a6e6999eaa577ff48bef64429c5b7934f1dbe2a0339d0984721bc5632622f2f4052cbc54a832518e7ae6861
SSDEEP

1536:8GcEk0+/kGoDDBKhjErbwlONGR5znoyhI6Sim:8GcSRMjEPsRnxC

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
642	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	641	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf

Reads runtime system information 57 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/137/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/141/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/305/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/108/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/22/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/41/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/290/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/3/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/15/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/18/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/5/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/42/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/269/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/309/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/19/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/273/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/274/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/109/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/23/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/200/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/271/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/8/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/9/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/12/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/2/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/13/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/14/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/76/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/4/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/591/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/43/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/593/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/28/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/146/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/573/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/24/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/167/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/219/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/321/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/26/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/16/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/25/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/29/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/586/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/10/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/20/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/27/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/268/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/308/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/7/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/11/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/17/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/21/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/98/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/106/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/147/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
File opened for reading	/proc/6/cmdline	e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf

/tmp/e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
/tmp/e2991286f85807cd3f7a227420b2692c4928c06c241656c0454319388522cf65.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:641

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads