fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56

Analysis

max time kernel
130s
max time network
142s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
03-01-2025 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
Size

154KB
MD5

1021bcdbd3317439c8028eba6b621e08
SHA1

ef6f92fd8b9ce15c0af8ff379cedc6a8ffc85a36
SHA256

fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56
SHA512

168cd371ee931004406232b5692b1d3eacd53f211cb607eca5c3b0b1cba131c8328f5de74354e5fd1a062f926372497bdfb26de7cacff67b6ff78d317f14a08b
SSDEEP

3072:4f4fkx/LXeakFSesMI4oaZrS3FSO/DiEMmM/9nhJ+z+:4f4cx/7eakFSesMVoT3ESDiExM/93+a

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
661	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	660	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/6666�4/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/1111�-/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/2222(/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77776/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77777/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�7/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/777s�"/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�4/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/66667/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/3333/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222v�"/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77777/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�6/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77777/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/88ll�"/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/111c�"/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�5/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666$6/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777n6/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77773/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�4/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/2222�,/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/2222;*/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/66666/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�5/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/1111�%/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77777/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�7/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/1111�#/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/11/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666<5/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666[5/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666w5/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77778ll�"/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/2222�,/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�4/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666f5/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222s�"/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/1111�"/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/1111�#/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/66663/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666w5/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777]7/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/2222J+/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�3/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77773/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/666681/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�5/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/1111�-/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�5/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222l�"/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/444/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777s7/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77775/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�7/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666�4/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/444/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666Q5/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�6/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�6/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/111�"/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/2222�*/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222�"/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/33/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf

/tmp/fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
/tmp/fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:660

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads