27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259

Analysis

max time kernel
149s
max time network
147s
platform
debian-12_armhf
resource
debian12-armhf-20240729-en
resource tags

arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
02-02-2025 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
Size

175KB
MD5

12a676781324a2973e5ee8a8339dfe68
SHA1

baae449a176a72bb78b3af15a5efa30f71af871c
SHA256

27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259
SHA512

db9bb61b7e9363700602165cfd15f0e0ce24e992b9a85aa4d517cb4543227a0da97f3d76379469a2d221360d3b2babd119c71d01c799d12b4d70f04a32c4164f
SSDEEP

3072:WVjc5ezlTERakAajYFyiskJibXCUBpJv/1Jso0M/RCg0:OjRlT89AajYFybkAZBPv/jx0M/RCR

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	706	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/18/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/29/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/45/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/720/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/753/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/271/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/351/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/668/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/19/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/758/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/13/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/293/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/363/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/731/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/746/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/755/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/25/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/634/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/4/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/73/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/714/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/739/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/741/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/1/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/5/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/215/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/46/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/374/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/709/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/730/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/14/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/735/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/736/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/682/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/710/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/725/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/748/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/27/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/723/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/724/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/754/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/269/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/349/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/357/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/711/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/21/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/44/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/281/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/752/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/6/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/143/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/750/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/757/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/8/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/23/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/650/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/681/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/704/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/727/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/733/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/9/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/209/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/713/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
File opened for reading	/proc/719/cmdline	27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf

/tmp/27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
/tmp/27f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:706

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads