a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3

Analysis

max time kernel
150s
max time network
145s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01-01-2025 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
Size

154KB
MD5

fbee06479cd3d2908500f57089eaac44
SHA1

259fadf7e37ba06549d19a9784e43cceb81f0a92
SHA256

a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3
SHA512

1ef52b6c9090af3a32f2b25c0b6ddade1729492b637b32824052754f35f53e32b3dae6ac165e23bc956248f0feca9cfbf60df26bfca224600c9068da28ee4363
SSDEEP

3072:of4fkx/LXeakFSesMI4oaZrS3FSO/DjEMmM/9kYXUz+:of4cx/7eakFSesMVoT3ESDjExM/9/Ua

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
675	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	674	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/22/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/6666J5/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/6666g6/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777P9/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777`:/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/4444u0/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/77778/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777 ;/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/1111�(/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/66665/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/77777/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777-6/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�6/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/77774/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/999�"/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/1111�-/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/2222�*/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/66667/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/6666�5/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777P9/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/66/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/3333�-/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�7/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�:/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/2222�-/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/111c�"/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777g7/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777'8/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�:/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/88882/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/44440/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/6666N5/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777r6/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777`:/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/999s�"/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777G8/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�8/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/111�"/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/222l�"/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/1111�"/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/77775/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777[7/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�7/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777:/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/77776/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�6/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777g7/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/77779/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777V9/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777,7/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777O7/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�7/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/3333�/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/6666�4/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/111/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/2222�*/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/2222+/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�6/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/3333�/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/2222�+/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/111�"/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�8/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/7777�9/cmdline	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
File opened for reading	/proc/111�"/stat	a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf

/tmp/a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
/tmp/a99311671e21b6f242f06af6cc0e0ac4dea0d418a917e6cd7c74072755caadf3.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:674

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads