c7357a58da94ee76f4cb1e491ccedd48405f1fbdd8610b4f414f194d9e04d5aa

Analysis

max time kernel
150s
max time network
155s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
04-01-2025 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
Size

154KB
MD5

1021bcdbd3317439c8028eba6b621e08
SHA1

ef6f92fd8b9ce15c0af8ff379cedc6a8ffc85a36
SHA256

fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56
SHA512

168cd371ee931004406232b5692b1d3eacd53f211cb607eca5c3b0b1cba131c8328f5de74354e5fd1a062f926372497bdfb26de7cacff67b6ff78d317f14a08b
SSDEEP

3072:4f4fkx/LXeakFSesMI4oaZrS3FSO/DiEMmM/9nhJ+z+:4f4cx/7eakFSesMVoT3ESDiExM/93+a

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
707	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	705	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/222m�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666);/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/3333�4/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/22/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/44/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/2222�3/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/99ssb/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/444d�/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/33/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/111d/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/333�/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222254/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666o;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/22/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/3333�4/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777e;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/333�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/55/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/66/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666J8/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222254/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/333385/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/333�/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/777k�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/77/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222l�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777y;/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/333�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666n;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/3333�4/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/3333M5/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/333c�/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222c�/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222v�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/44447/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/6666m;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/777/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222c�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/2222c;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/111d/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222v�/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/3333�4/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222cx/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/111/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/555/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777y;/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/555s�/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222x/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/7777�;/cmdline	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/222v�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
File opened for reading	/proc/333�/stat	fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf

/tmp/fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
/tmp/fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:705

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads