4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df

Analysis

max time kernel
148s
max time network
145s
platform
debian-12_armhf
resource
debian12-armhf-20240418-en
resource tags

arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
31/12/2024, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
Size

142KB
MD5

e0f0ed1d9947c3d36707d71a278c3800
SHA1

778bfe9c171f7ab5ae0e1fbdf4e134c2914cd498
SHA256

4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df
SHA512

548b1bc24b86786101ac6e7496e929429265e6e76f6d3ff3211acf3067e3593edb1d1bc4869007baf9aff40f12159017616fa27732e0a93b830928ff7fda8376
SSDEEP

3072:zv/Z42foK5ab/JOwjYdUswfZTDRnnx+er3M/9Kb:zv/Zp5ab/JOw8as8lnnx+ebM/9Kb

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
706	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	708	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
Changes the process name, possibly in an attempt to hide itself	nginx	710	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
Changes the process name, possibly in an attempt to hide itself	inetd	711	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
Changes the process name, possibly in an attempt to hide itself	sshd	712	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/645/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/685/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/721/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/25/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/33/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/322/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/24/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/34/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/51/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/19/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/699/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/704/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/5/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/11/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/12/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/681/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/44/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/335/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/345/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/348/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/189/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/357/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/712/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/8/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/9/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/16/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/663/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/21/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/23/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/26/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/35/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/2/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/4/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/18/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/45/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/56/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/646/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/3/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/10/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/22/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/20/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/30/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/36/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/46/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/57/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/6/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/14/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/17/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/629/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/711/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/1/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/195/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/343/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/208/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/682/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/709/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/27/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/28/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/29/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/707/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/42/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/73/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/705/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
File opened for reading	/proc/324/cmdline	4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf

/tmp/4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
/tmp/4d94bc475354ac5ae483944b9ea4b5804939cf2470e81acfde204b196c1c51df.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:706

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads