abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86

Analysis

max time kernel
1s
max time network
150s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
31/12/2024, 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm7.elf
Size

138KB
MD5

e0a687080d2ad1f32c85890b3fe2d8e1
SHA1

59773797d36362c670a6bc5356e51e7a759aeb11
SHA256

abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86
SHA512

bfa2cf57762f0ecf0731e2f9e84d8d2e1ddbf5b1f3ec1e016e84c178e83e967f99e59cb1b55a1c657a41efd90f8283a9a6e36399f8b214ae7860366b6a0dcca1
SSDEEP

3072:vIWGv+U+KJarvJJpDYjln8wNpYipn0+HutbM/9N8:vIWGrHJarvJJpcBn8Zan0+HuJM/9N8

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
710	arm7.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	nginx	714	arm7.elf
Changes the process name, possibly in an attempt to hide itself	bash	713	arm7.elf
Changes the process name, possibly in an attempt to hide itself	sshd	716	arm7.elf
Changes the process name, possibly in an attempt to hide itself	inetd	715	arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/326/cmdline	arm7.elf
File opened for reading	/proc/340/cmdline	arm7.elf
File opened for reading	/proc/685/cmdline	arm7.elf
File opened for reading	/proc/1/cmdline	arm7.elf
File opened for reading	/proc/7/cmdline	arm7.elf
File opened for reading	/proc/9/cmdline	arm7.elf
File opened for reading	/proc/24/cmdline	arm7.elf
File opened for reading	/proc/35/cmdline	arm7.elf
File opened for reading	/proc/312/cmdline	arm7.elf
File opened for reading	/proc/3/cmdline	arm7.elf
File opened for reading	/proc/12/cmdline	arm7.elf
File opened for reading	/proc/29/cmdline	arm7.elf
File opened for reading	/proc/34/cmdline	arm7.elf
File opened for reading	/proc/33/cmdline	arm7.elf
File opened for reading	/proc/143/cmdline	arm7.elf
File opened for reading	/proc/358/cmdline	arm7.elf
File opened for reading	/proc/684/cmdline	arm7.elf
File opened for reading	/proc/8/cmdline	arm7.elf
File opened for reading	/proc/10/cmdline	arm7.elf
File opened for reading	/proc/14/cmdline	arm7.elf
File opened for reading	/proc/74/cmdline	arm7.elf
File opened for reading	/proc/188/cmdline	arm7.elf
File opened for reading	/proc/687/cmdline	arm7.elf
File opened for reading	/proc/13/cmdline	arm7.elf
File opened for reading	/proc/18/cmdline	arm7.elf
File opened for reading	/proc/19/cmdline	arm7.elf
File opened for reading	/proc/21/cmdline	arm7.elf
File opened for reading	/proc/28/cmdline	arm7.elf
File opened for reading	/proc/316/cmdline	arm7.elf
File opened for reading	/proc/612/cmdline	arm7.elf
File opened for reading	/proc/5/cmdline	arm7.elf
File opened for reading	/proc/11/cmdline	arm7.elf
File opened for reading	/proc/23/cmdline	arm7.elf
File opened for reading	/proc/257/cmdline	arm7.elf
File opened for reading	/proc/57/cmdline	arm7.elf
File opened for reading	/proc/58/cmdline	arm7.elf
File opened for reading	/proc/317/cmdline	arm7.elf
File opened for reading	/proc/617/cmdline	arm7.elf
File opened for reading	/proc/2/cmdline	arm7.elf
File opened for reading	/proc/6/cmdline	arm7.elf
File opened for reading	/proc/26/cmdline	arm7.elf
File opened for reading	/proc/52/cmdline	arm7.elf
File opened for reading	/proc/22/cmdline	arm7.elf
File opened for reading	/proc/214/cmdline	arm7.elf
File opened for reading	/proc/323/cmdline	arm7.elf
File opened for reading	/proc/36/cmdline	arm7.elf
File opened for reading	/proc/468/cmdline	arm7.elf
File opened for reading	/proc/4/cmdline	arm7.elf
File opened for reading	/proc/27/cmdline	arm7.elf
File opened for reading	/proc/30/cmdline	arm7.elf
File opened for reading	/proc/31/cmdline	arm7.elf
File opened for reading	/proc/16/cmdline	arm7.elf
File opened for reading	/proc/20/cmdline	arm7.elf
File opened for reading	/proc/344/cmdline	arm7.elf
File opened for reading	/proc/25/cmdline	arm7.elf
File opened for reading	/proc/38/cmdline	arm7.elf
File opened for reading	/proc/45/cmdline	arm7.elf
File opened for reading	/proc/341/cmdline	arm7.elf
File opened for reading	/proc/47/cmdline	arm7.elf
File opened for reading	/proc/469/cmdline	arm7.elf
File opened for reading	/proc/666/cmdline	arm7.elf
File opened for reading	/proc/17/cmdline	arm7.elf
File opened for reading	/proc/43/cmdline	arm7.elf
File opened for reading	/proc/46/cmdline	arm7.elf

/tmp/arm7.elf
/tmp/arm7.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:710

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads