b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e

Analysis

max time kernel
148s
max time network
159s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
03-01-2025 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
Size

207KB
MD5

feb836b565aa6eb913c9919f942618d8
SHA1

ae58955f42ca4a0c8caefcddd36224f8fbbfb426
SHA256

b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e
SHA512

07cdc31d8530c6c69c426b3dce300e5218d6acf52084a0ead9ba11a91af7b7764c660c7630dbae3acf4916a50221acdd90223eec02968f13ca3648c4134db4cc
SSDEEP

6144:ISeqMLllawJoqhZaTBnlqSAgWRKiOHEJ2M/RAu7kLd:ICMR37hZaNnlqSf45FJv/exB

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
642	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	641	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/111m�"/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/222�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/1111�#/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/111/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/5555�3/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/77773/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/66665/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/77/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/2222�*/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/777s�"/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/2222\*/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/3333/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/2222�*/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/66663/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/2222�*/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/5555�/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�4/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/7777�8/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/5555�/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/7777�7/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/66664/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/88ll�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/222s�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/111c�"/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/222i�"/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/222l�"/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/3333�,/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/2222%*/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/2222�*/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/44/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/111c�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/3333/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/5555C3/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/77777/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/1111�"/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/111m�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/2222\*/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/3333�,/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�3/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/11/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/111�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/1111�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/1111�%/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/5555�/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/6666�4/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/111�"/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/5555f/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/222/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/2222$)/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/7777]9/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/7777S8/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/111�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/222i�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/999�"/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/3333�,/stat	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
File opened for reading	/proc/7777�6/cmdline	b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf

/tmp/b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
/tmp/b8f563125ea97a9b9a74627ac8c315a962a48a76881bc6c430ece8a560a87f8e.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:641

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads