f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f

Analysis

max time kernel
137s
max time network
145s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29-01-2025 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
Size

146KB
MD5

57032bb5337045319abc46bad73db049
SHA1

b3f6120417a80023d69cc8d31859f340cdb4cb54
SHA256

f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f
SHA512

26fd3164f9548fe3d76a888434e854abaf83fb739fbe1d968f71d2f3595712de2b806930bc656079382d2316ccf1117201bcd653664aba6d61313638d54dd378
SSDEEP

1536:ljOcDf+lZvghba+RvXSFRV2nS14VVMAVT15uqBGKOTivqAKxpHE/SlqSwyw52uXh:ljOcKkFZaRVd44Sh5uIKTTHGz/N

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
649	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	648	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf

Reads runtime system information 56 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/307/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/12/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/16/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/2/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/5/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/145/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/213/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/274/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/17/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/108/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/15/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/42/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/11/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/18/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/21/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/587/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/9/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/23/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/24/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/151/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/297/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/26/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/98/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/140/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/332/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/591/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/41/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/20/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/25/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/28/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/22/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/109/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/139/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/8/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/10/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/19/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/278/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/262/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/277/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/7/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/14/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/166/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/263/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/594/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/3/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/29/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/143/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/4/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/13/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/27/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/43/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/76/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/6/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/106/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/295/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
File opened for reading	/proc/599/cmdline	f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf

/tmp/f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
/tmp/f0baff81c648dbcb10c758da8a2236bca1665637c639de713e773730b66ed78f.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:648

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads