91c26ea3c23ce864d6285d0db3e80333b3c58adab6e3e85e5d527fd0776ecf7b

Analysis

max time kernel
148s
max time network
159s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
03/02/2025, 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm.elf
Size

126KB
MD5

3386cf067cbe0461740920d58c615382
SHA1

59c19f4067ea431a9753d64e44738ebcb6b22644
SHA256

91c26ea3c23ce864d6285d0db3e80333b3c58adab6e3e85e5d527fd0776ecf7b
SHA512

bd475e64b3637a0e4620f86368d48c022b8d4d4bc247f059fef396ee058ffe08cb93df85454bdc5bde0d448d03d216b7b8b3194d65836bdfee3072cd200d5d84
SSDEEP

3072:nBghDFIy4C6D6VC0uvNKaNvHEpNVoWNj:nBglGy4Cw6VC0uvNH1EpNVoWNj

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself		656	arm.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/789/status	arm.elf
File opened for reading	/proc/8/status	arm.elf
File opened for reading	/proc/14/status	arm.elf
File opened for reading	/proc/25/status	arm.elf
File opened for reading	/proc/29/status	arm.elf
File opened for reading	/proc/133/status	arm.elf
File opened for reading	/proc/145/status	arm.elf
File opened for reading	/proc/106/status	arm.elf
File opened for reading	/proc/597/status	arm.elf
File opened for reading	/proc/603/status	arm.elf
File opened for reading	/proc/699/status	arm.elf
File opened for reading	/proc/75/status	arm.elf
File opened for reading	/proc/136/status	arm.elf
File opened for reading	/proc/270/status	arm.elf
File opened for reading	/proc/599/status	arm.elf
File opened for reading	/proc/653/status	arm.elf
File opened for reading	/proc/4/status	arm.elf
File opened for reading	/proc/764/status	arm.elf
File opened for reading	/proc/776/status	arm.elf
File opened for reading	/proc/783/status	arm.elf
File opened for reading	/proc/2/status	arm.elf
File opened for reading	/proc/9/status	arm.elf
File opened for reading	/proc/17/status	arm.elf
File opened for reading	/proc/97/status	arm.elf
File opened for reading	/proc/274/status	arm.elf
File opened for reading	/proc/651/status	arm.elf
File opened for reading	/proc/788/status	arm.elf
File opened for reading	/proc/800/status	arm.elf
File opened for reading	/proc/20/status	arm.elf
File opened for reading	/proc/22/status	arm.elf
File opened for reading	/proc/24/status	arm.elf
File opened for reading	/proc/164/status	arm.elf
File opened for reading	/proc/781/status	arm.elf
File opened for reading	/proc/769/status	arm.elf
File opened for reading	/proc/5/status	arm.elf
File opened for reading	/proc/10/status	arm.elf
File opened for reading	/proc/15/status	arm.elf
File opened for reading	/proc/26/status	arm.elf
File opened for reading	/proc/273/status	arm.elf
File opened for reading	/proc/658/status	arm.elf
File opened for reading	/proc/307/status	arm.elf
File opened for reading	/proc/588/status	arm.elf
File opened for reading	/proc/648/status	arm.elf
File opened for reading	/proc/791/status	arm.elf
File opened for reading	/proc/7/status	arm.elf
File opened for reading	/proc/12/status	arm.elf
File opened for reading	/proc/143/status	arm.elf
File opened for reading	/proc/271/status	arm.elf
File opened for reading	/proc/775/status	arm.elf
File opened for reading	/proc/792/status	arm.elf
File opened for reading	/proc/661/status	arm.elf
File opened for reading	/proc/28/status	arm.elf
File opened for reading	/proc/42/status	arm.elf
File opened for reading	/proc/316/status	arm.elf
File opened for reading	/proc/334/status	arm.elf
File opened for reading	/proc/649/status	arm.elf
File opened for reading	/proc/659/status	arm.elf
File opened for reading	/proc/212/status	arm.elf
File opened for reading	/proc/642/status	arm.elf
File opened for reading	/proc/657/status	arm.elf
File opened for reading	/proc/796/status	arm.elf
File opened for reading	/proc/655/status	arm.elf
File opened for reading	/proc/773/status	arm.elf
File opened for reading	/proc/276/status	arm.elf

/tmp/arm.elf
/tmp/arm.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:656

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads