d87011b7f64eb9f8b3037d5e43e144d5376cab45fdfcb1333ef4607f497157d2

Analysis

max time kernel
150s
max time network
159s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
31-01-2025 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.arm5.elf
Size

130KB
MD5

86843fcf9c771c43016ad2f35ddf9979
SHA1

9a3453e196d065a9997b2fb796574841d929de96
SHA256

d87011b7f64eb9f8b3037d5e43e144d5376cab45fdfcb1333ef4607f497157d2
SHA512

8d6c3e5cfc37ac33cfc6edfb6d7cc10b3823eaa406c5c12a81d71f34fa321005ba71ea502c33afeda49d5f43c5e65a0f48d437e4e0c359f2bc00cbd37d3077f4
SSDEEP

1536:KP8h2C+JG5RHKdC6E0Y/beL1qA1R94V7PqT8yVozO3C96q+vrZgl0bwywaFpOETK:K0CGP0sw1qK4dq4yVozmq+jWgQD

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	648	bot.arm5.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/731/cmdline	bot.arm5.elf
File opened for reading	/proc/745/cmdline	bot.arm5.elf
File opened for reading	/proc/23/cmdline	bot.arm5.elf
File opened for reading	/proc/95/cmdline	bot.arm5.elf
File opened for reading	/proc/585/cmdline	bot.arm5.elf
File opened for reading	/proc/645/cmdline	bot.arm5.elf
File opened for reading	/proc/704/cmdline	bot.arm5.elf
File opened for reading	/proc/725/cmdline	bot.arm5.elf
File opened for reading	/proc/776/cmdline	bot.arm5.elf
File opened for reading	/proc/780/cmdline	bot.arm5.elf
File opened for reading	/proc/20/cmdline	bot.arm5.elf
File opened for reading	/proc/43/cmdline	bot.arm5.elf
File opened for reading	/proc/217/cmdline	bot.arm5.elf
File opened for reading	/proc/596/cmdline	bot.arm5.elf
File opened for reading	/proc/659/cmdline	bot.arm5.elf
File opened for reading	/proc/753/cmdline	bot.arm5.elf
File opened for reading	/proc/19/cmdline	bot.arm5.elf
File opened for reading	/proc/106/cmdline	bot.arm5.elf
File opened for reading	/proc/666/cmdline	bot.arm5.elf
File opened for reading	/proc/727/cmdline	bot.arm5.elf
File opened for reading	/proc/777/cmdline	bot.arm5.elf
File opened for reading	/proc/651/cmdline	bot.arm5.elf
File opened for reading	/proc/748/cmdline	bot.arm5.elf
File opened for reading	/proc/759/cmdline	bot.arm5.elf
File opened for reading	/proc/771/cmdline	bot.arm5.elf
File opened for reading	/proc/11/cmdline	bot.arm5.elf
File opened for reading	/proc/672/cmdline	bot.arm5.elf
File opened for reading	/proc/669/cmdline	bot.arm5.elf
File opened for reading	/proc/16/cmdline	bot.arm5.elf
File opened for reading	/proc/29/cmdline	bot.arm5.elf
File opened for reading	/proc/104/cmdline	bot.arm5.elf
File opened for reading	/proc/667/cmdline	bot.arm5.elf
File opened for reading	/proc/726/cmdline	bot.arm5.elf
File opened for reading	/proc/752/cmdline	bot.arm5.elf
File opened for reading	/proc/779/cmdline	bot.arm5.elf
File opened for reading	/proc/7/cmdline	bot.arm5.elf
File opened for reading	/proc/681/cmdline	bot.arm5.elf
File opened for reading	/proc/684/cmdline	bot.arm5.elf
File opened for reading	/proc/696/cmdline	bot.arm5.elf
File opened for reading	/proc/719/cmdline	bot.arm5.elf
File opened for reading	/proc/749/cmdline	bot.arm5.elf
File opened for reading	/proc/693/cmdline	bot.arm5.elf
File opened for reading	/proc/6/cmdline	bot.arm5.elf
File opened for reading	/proc/314/cmdline	bot.arm5.elf
File opened for reading	/proc/674/cmdline	bot.arm5.elf
File opened for reading	/proc/709/cmdline	bot.arm5.elf
File opened for reading	/proc/26/cmdline	bot.arm5.elf
File opened for reading	/proc/658/cmdline	bot.arm5.elf
File opened for reading	/proc/670/cmdline	bot.arm5.elf
File opened for reading	/proc/721/cmdline	bot.arm5.elf
File opened for reading	/proc/770/cmdline	bot.arm5.elf
File opened for reading	/proc/42/cmdline	bot.arm5.elf
File opened for reading	/proc/660/cmdline	bot.arm5.elf
File opened for reading	/proc/673/cmdline	bot.arm5.elf
File opened for reading	/proc/715/cmdline	bot.arm5.elf
File opened for reading	/proc/765/cmdline	bot.arm5.elf
File opened for reading	/proc/772/cmdline	bot.arm5.elf
File opened for reading	/proc/5/cmdline	bot.arm5.elf
File opened for reading	/proc/646/cmdline	bot.arm5.elf
File opened for reading	/proc/664/cmdline	bot.arm5.elf
File opened for reading	/proc/686/cmdline	bot.arm5.elf
File opened for reading	/proc/695/cmdline	bot.arm5.elf
File opened for reading	/proc/760/cmdline	bot.arm5.elf
File opened for reading	/proc/284/cmdline	bot.arm5.elf

/tmp/bot.arm5.elf
/tmp/bot.arm5.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:648

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads