399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83

Analysis

max time kernel
149s
max time network
156s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01/01/2025, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
Size

59KB
MD5

f48f64a1d0e56138c3b23c62abb319cc
SHA1

1887079849e13e2bb63d0a4effe3766b168f349c
SHA256

399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83
SHA512

03feda7c9449f6a01840cfb161006ae09be5bcaaebac25f5ff4f811a0a281f5ef764eaae5fe84361005f79f4ae7432b259a2c34d49b6b00bb3029969286b870c
SSDEEP

1536:oQSahyiQGrPHGxHw1/2OOt9bk9JtLvBp:oQj6GzGxwdgaPBp

Score

7^/10

discovery

Malware Config

Signatures

Renames itself 1 IoCs

pid	Process
651	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/sbin/procd	651	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/106/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/216/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/652/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/673/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/711/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/760/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/149/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/656/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/683/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/781/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/782/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/270/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/637/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/653/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/758/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/775/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/141/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/284/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/599/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/672/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/771/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/267/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/604/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/677/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/329/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/643/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/648/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/765/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/770/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/644/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/716/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/776/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/777/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/315/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/767/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/169/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/601/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/724/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/139/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/649/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/583/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/728/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/603/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/744/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/783/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/109/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/196/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/269/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/650/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/661/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/729/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/756/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/773/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/145/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/273/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/317/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/785/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/316/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/712/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/779/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/108/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/695/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/759/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
File opened for reading	/proc/769/cmdline	399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf

/tmp/399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
/tmp/399c7ffb446081836660326ef7e781fc68d0273bcf01e287c1de5f2bd69ecf83.elf
1⤵
- Renames itself
- Changes its process name
- Reads runtime system information
PID:651

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads