613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6

Analysis

max time kernel
149s
max time network
148s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07-01-2025 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
Size

202KB
MD5

85a2e5ad0c6146c60eb6e6d758ccf4ad
SHA1

715c65aa9332ec9cfd8d0a312f0920b1bdb7eba4
SHA256

613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6
SHA512

6424ae0b9519805c7391053b8ff2179b9bb7fd0a40f4e2d7bc8970514733600d920be6c3c1c5c449f46b6fe74c57685264402ce465e534006d0b476dd6a0aaf2
SSDEEP

6144:Rdq+j3uigacvucaDxoWCZGq8kvVpM+uxGM/RzMIo:R/j3u2aucadoWCZHP9p2xf/uIo

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
645	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	644	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/222v�"/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�4/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777H8/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/2222�,/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�4/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/66665/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666-7/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/77775/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777�5/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/77773/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�3/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�3/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/66665/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/111�"/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666$4/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�4/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777�5/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777�5/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/11118)/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/222�"/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/66664/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/66664/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777�9/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777L6/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/5555�/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/55/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666b4/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777_5/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777�5/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777O:/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/77774/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/222i�"/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/444/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�3/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777L6/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/3333�3/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�3/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�4/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/77776/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777�5/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/777756/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777P9/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/88ll�"/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666g3/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/66664/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666�4/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777J9/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777�9/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/111�"/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/2222�,/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/55553/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666L5/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777�8/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/1111�3/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/1111�"/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/7777X6/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/5555�3/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/222i�"/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/77775/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/222/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/3333�,/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/6666q6/stat	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/222�"/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
File opened for reading	/proc/1111�"/cmdline	613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf

/tmp/613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
/tmp/613641017be2be2d07824491cd27fb1d988ea162b4f1a4bacacb158d774667e6.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:644

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads