862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e

Analysis

max time kernel
134s
max time network
141s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07/01/2025, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
Size

157KB
MD5

bd2d24ce1eb83fac748d764cf89e7463
SHA1

bdd55ed25b7327000bb98f39221b1359eca681d6
SHA256

862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e
SHA512

76424baebf536976a9b58cfca0a30f144f4cb051a0bb267b89281b394f2c555c3737ab913633cc0c03bdf5bca1c69b8b46474e9a7bd792feb62eb51ab0050034
SSDEEP

3072:vz6SmRl1T1mUayNbDhKwCx1g3W8WM7XaOSpqM/90UQbbVe:76SmRlh0UayNbDhKLx8W1M7XaOSkM/9H

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
661	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	660	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1111>#/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666\4/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/1111�"/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/1111M-/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/66664/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/3333/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/3333/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/22/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/111/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/44/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/444/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/66664/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/5555�0/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/444/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/2222�*/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/2222)/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/2222e*/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/2222+/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/111c�"/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/1111�"/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/1111N-/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666S1/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/77/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/111�"/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/222/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/1111�%/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/1111�"/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/88ll�"/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/111m�"/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/2222)/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/222l�"/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/888s�"/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/2222�*/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/222s�"/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/3333�,/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/2222?+/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666M1/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/222l�"/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/66664/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/222�"/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/3333�,/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/66665/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/44/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/3333�,/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/11/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/222/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/2222�+/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/3333�,/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/66661/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/1111L-/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/66661/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/1111K-/stat	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/6666�4/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/66/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
File opened for reading	/proc/111�"/cmdline	862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf

/tmp/862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
/tmp/862faabcd28e4f3f253e12bcc03566f6a612af9abe9ac609c74c06ce7bc86e6e.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:660

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads