2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e

Analysis

max time kernel
130s
max time network
145s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01-01-2025 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
Size

73KB
MD5

a81b3e1b08e1dd38ed320248960f0a22
SHA1

e6caa95820ed9a3ac2721bb35d5141b95f58bb6f
SHA256

2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e
SHA512

5b492fd9d7023140c05e1160e5b8b911e20a7b560942a348cce369d79d72e715c22f84bd21b050cca9a341967dc3305c3e3cb517ebecce8b8bd12dab2a651a82
SSDEEP

1536:0ywMg00kq9ASzNW1vUTYM5ONh5TmM0FHzwUhIuSim:0ywWjSgvUUbw5zD2

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
675	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	674	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf

Reads runtime system information 56 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/4/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/5/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/10/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/13/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/294/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/295/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/41/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/21/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/29/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/222/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/345/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/429/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/2/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/6/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/42/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/109/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/315/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/12/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/20/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/145/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/293/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/19/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/167/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/15/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/137/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/220/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/280/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/3/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/7/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/22/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/16/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/26/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/150/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/23/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/281/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/8/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/318/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/441/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/9/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/25/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/106/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/149/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/17/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/27/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/291/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/43/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/77/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/488/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/108/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/11/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/14/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/18/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/24/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/28/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/98/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
File opened for reading	/proc/326/cmdline	2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf

/tmp/2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
/tmp/2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:674

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads