Analysis
-
max time kernel
130s -
max time network
97s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
02-01-2025 06:57
Behavioral task
behavioral1
Sample
ngwa5.elf
Resource
debian9-armhf-20240729-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
ngwa5.elf
-
Size
154KB
-
MD5
d4ca12234d829f677ded425c860a5de6
-
SHA1
7585f92317f2c788c20a4dc7ead8a054eea18827
-
SHA256
f599495bfe3b8eadc1be4eda341eab7ff8bae632236e213e03768c7d31b368a1
-
SHA512
696a3e949508e7acc154b21d86f3f743fbe1887e27b2d9f2f95de91e0e74a5f3cf4d5b156fa2492ed9db04381184b564a4e46ece80b1a03047bb9dbb5273209d
-
SSDEEP
1536:Bz8gOTkE/3a6oxRIsBF8IfbRaAr0tT4V8FgTDno2RF2DO93cG3gJHgWAlgbwyw1V:Bz8gd6C7TRaxl4cgvo27hQJAFzB1
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 661 ngwa5.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 660 ngwa5.elf -
description ioc Process File opened for reading /proc/80/cmdline ngwa5.elf File opened for reading /proc/275/cmdline ngwa5.elf File opened for reading /proc/287/cmdline ngwa5.elf File opened for reading /proc/611/cmdline ngwa5.elf File opened for reading /proc/2/cmdline ngwa5.elf File opened for reading /proc/27/cmdline ngwa5.elf File opened for reading /proc/102/cmdline ngwa5.elf File opened for reading /proc/4/cmdline ngwa5.elf File opened for reading /proc/20/cmdline ngwa5.elf File opened for reading /proc/29/cmdline ngwa5.elf File opened for reading /proc/113/cmdline ngwa5.elf File opened for reading /proc/141/cmdline ngwa5.elf File opened for reading /proc/16/cmdline ngwa5.elf File opened for reading /proc/142/cmdline ngwa5.elf File opened for reading /proc/289/cmdline ngwa5.elf File opened for reading /proc/306/cmdline ngwa5.elf File opened for reading /proc/316/cmdline ngwa5.elf File opened for reading /proc/356/cmdline ngwa5.elf File opened for reading /proc/614/cmdline ngwa5.elf File opened for reading /proc/3/cmdline ngwa5.elf File opened for reading /proc/9/cmdline ngwa5.elf File opened for reading /proc/12/cmdline ngwa5.elf File opened for reading /proc/17/cmdline ngwa5.elf File opened for reading /proc/150/cmdline ngwa5.elf File opened for reading /proc/7/cmdline ngwa5.elf File opened for reading /proc/13/cmdline ngwa5.elf File opened for reading /proc/18/cmdline ngwa5.elf File opened for reading /proc/145/cmdline ngwa5.elf File opened for reading /proc/23/cmdline ngwa5.elf File opened for reading /proc/43/cmdline ngwa5.elf File opened for reading /proc/212/cmdline ngwa5.elf File opened for reading /proc/307/cmdline ngwa5.elf File opened for reading /proc/594/cmdline ngwa5.elf File opened for reading /proc/612/cmdline ngwa5.elf File opened for reading /proc/8/cmdline ngwa5.elf File opened for reading /proc/19/cmdline ngwa5.elf File opened for reading /proc/24/cmdline ngwa5.elf File opened for reading /proc/28/cmdline ngwa5.elf File opened for reading /proc/41/cmdline ngwa5.elf File opened for reading /proc/173/cmdline ngwa5.elf File opened for reading /proc/112/cmdline ngwa5.elf File opened for reading /proc/6/cmdline ngwa5.elf File opened for reading /proc/156/cmdline ngwa5.elf File opened for reading /proc/276/cmdline ngwa5.elf File opened for reading /proc/5/cmdline ngwa5.elf File opened for reading /proc/21/cmdline ngwa5.elf File opened for reading /proc/10/cmdline ngwa5.elf File opened for reading /proc/15/cmdline ngwa5.elf File opened for reading /proc/42/cmdline ngwa5.elf File opened for reading /proc/110/cmdline ngwa5.elf File opened for reading /proc/272/cmdline ngwa5.elf File opened for reading /proc/14/cmdline ngwa5.elf File opened for reading /proc/25/cmdline ngwa5.elf File opened for reading /proc/11/cmdline ngwa5.elf File opened for reading /proc/22/cmdline ngwa5.elf File opened for reading /proc/26/cmdline ngwa5.elf File opened for reading /proc/274/cmdline ngwa5.elf