044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e

Analysis

max time kernel
149s
max time network
158s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
24-01-2025 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

garm7
Size

140KB
MD5

92ea35bfbc14690e163745bf8097be78
SHA1

9598a48d2d736eb26c712ef29d84eb746a5ad4e2
SHA256

044f2d0a3268bccd9e6c38e35bda5d7d5206feb6c34ae8ad384a7655346a667e
SHA512

5ea53e399991857c9f861dd56a2b76cc26e9edfd07c759467a829299e5d5c0b1d73ee66b57efe146db871b63ff176620e563a774e61015a9ba32047b5eddce1c
SSDEEP

3072:rzCnTxaaeCwoNLfueMQhRBD7gI25NzM/998SJlb:rzCndaaeCwoNLf1Mw3gI25hM/998SJd

Score

7^/10

discovery

Malware Config

Signatures

Renames itself 1 IoCs

pid	Process
705	garm7

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/bin/busybox ntpd	705	garm7

Reads runtime system information 41 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/747/cmdline	garm7
File opened for reading	/proc/753/cmdline	garm7
File opened for reading	/proc/756/cmdline	garm7
File opened for reading	/proc/759/cmdline	garm7
File opened for reading	/proc/254/cmdline	garm7
File opened for reading	/proc/354/cmdline	garm7
File opened for reading	/proc/627/cmdline	garm7
File opened for reading	/proc/659/cmdline	garm7
File opened for reading	/proc/708/cmdline	garm7
File opened for reading	/proc/709/cmdline	garm7
File opened for reading	/proc/728/cmdline	garm7
File opened for reading	/proc/748/cmdline	garm7
File opened for reading	/proc/141/cmdline	garm7
File opened for reading	/proc/676/cmdline	garm7
File opened for reading	/proc/695/cmdline	garm7
File opened for reading	/proc/701/cmdline	garm7
File opened for reading	/proc/140/cmdline	garm7
File opened for reading	/proc/313/cmdline	garm7
File opened for reading	/proc/340/cmdline	garm7
File opened for reading	/proc/731/cmdline	garm7
File opened for reading	/proc/212/cmdline	garm7
File opened for reading	/proc/320/cmdline	garm7
File opened for reading	/proc/643/cmdline	garm7
File opened for reading	/proc/721/cmdline	garm7
File opened for reading	/proc/662/cmdline	garm7
File opened for reading	/proc/702/cmdline	garm7
File opened for reading	/proc/184/cmdline	garm7
File opened for reading	/proc/311/cmdline	garm7
File opened for reading	/proc/319/cmdline	garm7
File opened for reading	/proc/644/cmdline	garm7
File opened for reading	/proc/758/cmdline	garm7
File opened for reading	/proc/194/cmdline	garm7
File opened for reading	/proc/342/cmdline	garm7
File opened for reading	/proc/749/cmdline	garm7
File opened for reading	/proc/750/cmdline	garm7
File opened for reading	/proc/188/cmdline	garm7
File opened for reading	/proc/344/cmdline	garm7
File opened for reading	/proc/305/cmdline	garm7
File opened for reading	/proc/675/cmdline	garm7
File opened for reading	/proc/679/cmdline	garm7
File opened for reading	/proc/707/cmdline	garm7

/tmp/garm7
/tmp/garm7 hybrid
1⤵
- Renames itself
- Changes its process name
- Reads runtime system information
PID:705

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads