6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea

Analysis

max time kernel
149s
max time network
132s
platform
debian-9_mips
resource
debian9-mipsbe-20240729-en
resource tags

arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
01/01/2025, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
Size

75KB
MD5

5bfe26687ccf4153f2424882a019b567
SHA1

1f7ccafdcbe379accc21c69aaec54de12254e4a5
SHA256

6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea
SHA512

c56471a3aafa250863f992aa894241a8f665f85547cdc933c0042ec1715226c65fe1b3d0b750d8f612540baf4102d94b9dcfb5159710d245a4ee570c51ed1356
SSDEEP

1536:D0WdkyFfYl+uN7uNLqN339xNy9ctC/LeOQc+Ng:ZdlFqxNy9c+Cc+K

Score

7^/10

discovery

Malware Config

Signatures

Renames itself 1 IoCs

pid	Process
709	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	sleep 1	709	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf

Reads runtime system information 53 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/434/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/241/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/767/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/728/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/735/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/160/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/701/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/736/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/804/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/710/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/714/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/388/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/750/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/720/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/702/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/706/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/332/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/334/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/678/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/712/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/125/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/331/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/329/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/768/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/780/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/787/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/796/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/812/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/813/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/680/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/711/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/786/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/109/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/684/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/716/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/759/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/361/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/380/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/749/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/685/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/772/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/126/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/155/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/704/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/385/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/675/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/707/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/708/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/328/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/377/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/773/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/179/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
File opened for reading	/proc/741/cmdline	6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf

/tmp/6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
/tmp/6596e9de08a8b69c6ab21e80d367c78053049283e2f8af1ac4c297508f20e8ea.elf
1⤵
- Renames itself
- Changes its process name
- Reads runtime system information
PID:709

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads