7c4169afb95dbf9379c0230e1360f6ec398b6e05c62c1f650581b3af3de55a93

Analysis

max time kernel
149s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01/02/2025, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

185.224.0.242-bot.arm5-2025-02-01T192102.elf
Size

126KB
MD5

32c9aad816f35f0a9df8922264a6d508
SHA1

38096117bf3a7f28b5625f47c63316fca39ba132
SHA256

7c4169afb95dbf9379c0230e1360f6ec398b6e05c62c1f650581b3af3de55a93
SHA512

8ac3da86459195852a6200bbfc4dcda971dc2221585810d19252512a4b05d55c75d69324657d4f38561f1c2946b656be3215eabd8a61189874f3741961d2ec0d
SSDEEP

1536:JUvvsE3G5qB/RpR83QYY1XANIK4V02RTV5xTpyHvx6jpChDDclcywyw8FLRXt4Ny:ivvTQORXZ1X44DRR5xTpyJkpCJcBb3

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	655	185.224.0.242-bot.arm5-2025-02-01T192102.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/154/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/653/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/680/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/710/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/726/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/701/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/738/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/758/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/12/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/654/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/659/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/664/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/765/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/783/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/745/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/9/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/281/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/587/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/650/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/652/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/668/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/669/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/760/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/788/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/29/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/675/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/690/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/694/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/770/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/743/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/17/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/663/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/681/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/684/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/686/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/689/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/721/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/6/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/11/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/27/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/671/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/711/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/723/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/782/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/3/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/5/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/717/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/733/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/772/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/781/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/22/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/662/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/667/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/700/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/754/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/13/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/90/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/122/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/676/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/693/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/780/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/18/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/112/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf
File opened for reading	/proc/666/cmdline	185.224.0.242-bot.arm5-2025-02-01T192102.elf

/tmp/185.224.0.242-bot.arm5-2025-02-01T192102.elf
/tmp/185.224.0.242-bot.arm5-2025-02-01T192102.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:655

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads