Analysis
-
max time kernel
140s -
max time network
140s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
02-01-2025 02:03
Behavioral task
behavioral1
Sample
155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf
-
Size
142KB
-
MD5
334e0582c46df8d1fb4254cb29888ed6
-
SHA1
7ef377fc86cb7e0915ac0b0efe6a34eb0d0ebc7a
-
SHA256
155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae
-
SHA512
6f6954654b380a5c0d763a3d43b0785dba1ead63c1971ee92bd3030cadd6c7ca7689a005b65873395a351b2a2a936da1dd150e11db14b9eece93011b7c7cd54c
-
SSDEEP
1536:V1VM8xzU8HapQ1JNE07fBReALJRG4VbjsCTDI/ZvRqfMS8cGUltLwywTlyuxPvCn:V1VP0p507pRe2Q4pTQ/ZAUSF8fiUF0Z
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 660 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 659 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf -
description ioc Process File opened for reading /proc/658/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/779/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/456/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/775/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/776/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/611/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/649/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/668/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/782/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/406/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/411/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/451/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/654/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/656/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/663/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/703/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/773/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/787/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/791/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/793/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/661/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/781/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/785/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/648/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/702/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/771/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/789/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/657/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/737/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/769/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/777/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf File opened for reading /proc/783/exe 155154b113b0d050d2e6ef65608c765c90555a312ebbde7212b281af661012ae.elf