Analysis
-
max time kernel
146s -
max time network
150s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
01-01-2025 14:41
Behavioral task
behavioral1
Sample
vevhea4
Resource
debian9-armhf-20240611-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
vevhea4
-
Size
158KB
-
MD5
6c98bf88e90f335ab790c0f198202a85
-
SHA1
a7ca128b201a5fcd28659e2a549a56d62c8d08c1
-
SHA256
54dc16bf2b288c2f7859a9571aa393dad0f750e139578c7633f5cb73208eccdd
-
SHA512
201e63b1cd89f19530ed4323f3f44c49dc9b5f4b6bf8fa155c09c4c68b1068d63a6aa0ee8a54ad87fedfb5eb1a25b9e0369b3ad36b25b6f59918875a9a70e8eb
-
SSDEEP
1536:EEMcnYy1LLOVdatnZYH0vbeeBrAUOR4V1kNTN0hAK15UOysm/Max6ewzil+0wywI:EEMHdyLbNBrs4QN50hAMdtehk9PZU
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 675 vevhea4 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 674 vevhea4 -
description ioc Process File opened for reading /proc/149/cmdline vevhea4 File opened for reading /proc/488/cmdline vevhea4 File opened for reading /proc/8/cmdline vevhea4 File opened for reading /proc/14/cmdline vevhea4 File opened for reading /proc/27/cmdline vevhea4 File opened for reading /proc/3/cmdline vevhea4 File opened for reading /proc/6/cmdline vevhea4 File opened for reading /proc/24/cmdline vevhea4 File opened for reading /proc/150/cmdline vevhea4 File opened for reading /proc/26/cmdline vevhea4 File opened for reading /proc/98/cmdline vevhea4 File opened for reading /proc/145/cmdline vevhea4 File opened for reading /proc/13/cmdline vevhea4 File opened for reading /proc/23/cmdline vevhea4 File opened for reading /proc/222/cmdline vevhea4 File opened for reading /proc/7/cmdline vevhea4 File opened for reading /proc/77/cmdline vevhea4 File opened for reading /proc/220/cmdline vevhea4 File opened for reading /proc/25/cmdline vevhea4 File opened for reading /proc/293/cmdline vevhea4 File opened for reading /proc/441/cmdline vevhea4 File opened for reading /proc/4/cmdline vevhea4 File opened for reading /proc/20/cmdline vevhea4 File opened for reading /proc/21/cmdline vevhea4 File opened for reading /proc/280/cmdline vevhea4 File opened for reading /proc/295/cmdline vevhea4 File opened for reading /proc/106/cmdline vevhea4 File opened for reading /proc/326/cmdline vevhea4 File opened for reading /proc/345/cmdline vevhea4 File opened for reading /proc/315/cmdline vevhea4 File opened for reading /proc/11/cmdline vevhea4 File opened for reading /proc/15/cmdline vevhea4 File opened for reading /proc/109/cmdline vevhea4 File opened for reading /proc/2/cmdline vevhea4 File opened for reading /proc/5/cmdline vevhea4 File opened for reading /proc/17/cmdline vevhea4 File opened for reading /proc/22/cmdline vevhea4 File opened for reading /proc/294/cmdline vevhea4 File opened for reading /proc/429/cmdline vevhea4 File opened for reading /proc/137/cmdline vevhea4 File opened for reading /proc/16/cmdline vevhea4 File opened for reading /proc/29/cmdline vevhea4 File opened for reading /proc/42/cmdline vevhea4 File opened for reading /proc/9/cmdline vevhea4 File opened for reading /proc/28/cmdline vevhea4 File opened for reading /proc/291/cmdline vevhea4 File opened for reading /proc/19/cmdline vevhea4 File opened for reading /proc/108/cmdline vevhea4 File opened for reading /proc/281/cmdline vevhea4 File opened for reading /proc/12/cmdline vevhea4 File opened for reading /proc/43/cmdline vevhea4 File opened for reading /proc/318/cmdline vevhea4 File opened for reading /proc/167/cmdline vevhea4 File opened for reading /proc/10/cmdline vevhea4 File opened for reading /proc/18/cmdline vevhea4 File opened for reading /proc/41/cmdline vevhea4