f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049

Analysis

max time kernel
149s
max time network
154s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
30-12-2024 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
Size

153KB
MD5

20929309199e4b8bbca4899ac02edd16
SHA1

f47314762d0084b305a4147e3224b66380131a10
SHA256

f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049
SHA512

3bbf566b0545f22bcd2c7bf87c685891d3c2369d14e0e6ea90a8559b778b8197e358aaa64b46e0cff4714810f5cea71d21e2da0c8f249de6cffdf97dffd79caf
SSDEEP

3072:30MUdehIVNTkaGGiuM1BB6+5rhW+cq/Ma/mCGM/9zODF9z+:30MUMhWdkaGGiuM1D6gWdGMa/mrM/9GK

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
712	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	709	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/111/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/6666:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333$5/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/33/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/111c�/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/6666P:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/1111�/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333fffffff/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/6666�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/222�/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333�:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777<</stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/555/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/222�/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777U</cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777M</cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/111c�/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333�4/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/222c�/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/6666:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/55/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/111u\|/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/1111�:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/88/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333�4/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/44/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/444d�/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/555/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/111/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333B5/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777t</stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777t</cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/333s�/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/6666P:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/88/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333)5/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/333�/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/2222F4/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/3333�5/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777_</stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777[</stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/333�/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/6666�7/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/6666?:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/222�/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/1111�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/6666M8/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/7777�:/cmdline	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
File opened for reading	/proc/222/stat	f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf

/tmp/f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
/tmp/f4dbb2787ac86f3323d5aa0d60db73b3630c212ec8b422768e92fd449e535049.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:709

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads