d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca

Analysis

max time kernel
150s
max time network
153s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
29-01-2025 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
Size

161KB
MD5

ffdde8a8f2592766828b8b6da33b3d7a
SHA1

414d7fb81f5937ac61de4bfc06009d73853afab7
SHA256

d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca
SHA512

92276fb07a9048e7641b369991993e7b0a195066a842a186f43a3f559abe7339c8f9800fddbfd1cccc3fbfa101022737c530dd0cd28e04d027c0daf5eddcaa11
SSDEEP

3072:FvmgII1T1mUaFtbDhKjrxxg3WQbM4ofLH66zM/94ZqV/:FvmgIIh0UaFtbDhKHxgW8M4ofLHxM/99

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
706	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	705	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/333�/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/333�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/3333�4/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/111t/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/3333�4/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/33/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222~/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222v�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/333s�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222�/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/99ssh/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777o;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222l�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222v�/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/444s�/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/6666;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/3333�4/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777P;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/3333k5/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777@;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/1111D;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/6666_8/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777y;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/111v/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/6666;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/22/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/55/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/6666M;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/111ur/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/6666O;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222m�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/333�/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/6666_8/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/3333�4/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/2222�3/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/333s�/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/111j/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222l�/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/99ssh/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222l�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777e;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/2222�2/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777@;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/1111Z0/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777�;/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/222c�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/3333fffffff/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/777k�/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/55/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/7777F;/cmdline	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
File opened for reading	/proc/11/stat	d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf

/tmp/d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
/tmp/d5e7b12a71d1e7cdb5f9b5e6b18325fd6389584680903f11607cf4aca59057ca.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:705

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads