044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e

Analysis

max time kernel
149s
max time network
131s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01-01-2025 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
Size

140KB
MD5

92ea35bfbc14690e163745bf8097be78
SHA1

9598a48d2d736eb26c712ef29d84eb746a5ad4e2
SHA256

044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e
SHA512

5ea53e399991857c9f861dd56a2b76cc26e9edfd07c759467a829299e5d5c0b1d73ee66b57efe146db871b63ff176620e563a774e61015a9ba32047b5eddce1c
SSDEEP

3072:rzCnTxaaeCwoNLfueMQhRBD7gI25NzM/998SJlb:rzCndaaeCwoNLf1Mw3gI25hM/998SJd

Score

7^/10

discovery

Malware Config

Signatures

Renames itself 1 IoCs

pid	Process
646	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/sbin/klogd	646	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/763/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/772/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/752/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/580/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/663/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/769/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/777/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/779/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/153/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/598/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/672/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/764/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/311/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/177/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/227/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/601/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/654/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/711/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/114/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/694/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/695/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/707/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/770/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/778/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/647/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/280/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/323/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/755/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/103/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/292/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/645/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/760/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/771/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/780/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/277/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/595/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/632/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/638/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/678/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/731/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/112/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/157/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/313/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/315/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/643/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/719/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/115/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/639/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/714/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/768/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/773/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/776/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/199/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/774/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/767/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/279/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/600/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/648/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/762/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/145/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/293/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/651/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/656/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
File opened for reading	/proc/732/cmdline	044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf

/tmp/044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
/tmp/044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e.elf
1⤵
- Renames itself
- Changes its process name
- Reads runtime system information
PID:646

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads