abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86

Analysis

max time kernel
149s
max time network
149s
platform
debian-12_armhf
resource
debian12-armhf-20240418-en
resource tags

arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
01/01/2025, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
Size

138KB
MD5

e0a687080d2ad1f32c85890b3fe2d8e1
SHA1

59773797d36362c670a6bc5356e51e7a759aeb11
SHA256

abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86
SHA512

bfa2cf57762f0ecf0731e2f9e84d8d2e1ddbf5b1f3ec1e016e84c178e83e967f99e59cb1b55a1c657a41efd90f8283a9a6e36399f8b214ae7860366b6a0dcca1
SSDEEP

3072:vIWGv+U+KJarvJJpDYjln8wNpYipn0+HutbM/9N8:vIWGrHJarvJJpcBn8Zan0+HuJM/9N8

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
703	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	nginx	707	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
Changes the process name, possibly in an attempt to hide itself	bash	706	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
Changes the process name, possibly in an attempt to hide itself	inetd	708	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
Changes the process name, possibly in an attempt to hide itself	sshd	709	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/142/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/187/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/208/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/309/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/640/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/22/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/21/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/32/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/42/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/197/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/256/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/359/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/673/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/4/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/708/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/17/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/18/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/19/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/317/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/346/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/639/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/702/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/9/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/704/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/73/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/658/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/705/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/35/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/30/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/36/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/343/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/655/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/676/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/23/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/11/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/14/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/24/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/57/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/220/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/623/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/720/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/10/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/31/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/51/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/13/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/26/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/27/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/28/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/44/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/12/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/29/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/6/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/324/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/56/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/671/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/692/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/701/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/15/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/2/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/20/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/699/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/1/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/34/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
File opened for reading	/proc/314/cmdline	abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf

/tmp/abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
/tmp/abafbd63f76f0397bf6360ea91883ccb6084638305c0a11949ca22d3609a7b86.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:703

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads