17a9006407950ecd9c50c24a7cda4bf2536d683eb84c4266c0aa9838197ebae4

Analysis

max time kernel
145s
max time network
146s
platform
debian-12_armhf
resource
debian12-armhf-20240418-en
resource tags

arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
03-02-2025 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm7.elf
Size

176KB
MD5

2adcf51c154124e1c564c5e2960d00d8
SHA1

6401e24f02e2aa7c1738c50b8d0d84ca542293ef
SHA256

17a9006407950ecd9c50c24a7cda4bf2536d683eb84c4266c0aa9838197ebae4
SHA512

8f816475810579bd8a495bc3d4588b1176a32677e075663847cfffa1cd90aa42520e20bd7a5de0fd319000089993a8751f3b2052a13d014b44a83861d0810cc6
SSDEEP

3072:pfs7sBn0yiKjlzaZAQimt6pbvmA1gGXK+XPSorM/RzXCptk:pfRn0B2NaZAQimtkSAqGXK+fTrM/RuC

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself		705	arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/51/status	arm7.elf
File opened for reading	/proc/73/status	arm7.elf
File opened for reading	/proc/142/status	arm7.elf
File opened for reading	/proc/665/status	arm7.elf
File opened for reading	/proc/13/status	arm7.elf
File opened for reading	/proc/22/status	arm7.elf
File opened for reading	/proc/36/status	arm7.elf
File opened for reading	/proc/42/status	arm7.elf
File opened for reading	/proc/770/status	arm7.elf
File opened for reading	/proc/10/status	arm7.elf
File opened for reading	/proc/56/status	arm7.elf
File opened for reading	/proc/701/status	arm7.elf
File opened for reading	/proc/765/status	arm7.elf
File opened for reading	/proc/8/status	arm7.elf
File opened for reading	/proc/57/status	arm7.elf
File opened for reading	/proc/309/status	arm7.elf
File opened for reading	/proc/647/status	arm7.elf
File opened for reading	/proc/768/status	arm7.elf
File opened for reading	/proc/3/status	arm7.elf
File opened for reading	/proc/193/status	arm7.elf
File opened for reading	/proc/697/status	arm7.elf
File opened for reading	/proc/706/status	arm7.elf
File opened for reading	/proc/28/status	arm7.elf
File opened for reading	/proc/702/status	arm7.elf
File opened for reading	/proc/2/status	arm7.elf
File opened for reading	/proc/6/status	arm7.elf
File opened for reading	/proc/25/status	arm7.elf
File opened for reading	/proc/26/status	arm7.elf
File opened for reading	/proc/44/status	arm7.elf
File opened for reading	/proc/143/status	arm7.elf
File opened for reading	/proc/317/status	arm7.elf
File opened for reading	/proc/327/status	arm7.elf
File opened for reading	/proc/9/status	arm7.elf
File opened for reading	/proc/11/status	arm7.elf
File opened for reading	/proc/19/status	arm7.elf
File opened for reading	/proc/33/status	arm7.elf
File opened for reading	/proc/710/status	arm7.elf
File opened for reading	/proc/27/status	arm7.elf
File opened for reading	/proc/31/status	arm7.elf
File opened for reading	/proc/342/status	arm7.elf
File opened for reading	/proc/344/status	arm7.elf
File opened for reading	/proc/15/status	arm7.elf
File opened for reading	/proc/18/status	arm7.elf
File opened for reading	/proc/23/status	arm7.elf
File opened for reading	/proc/24/status	arm7.elf
File opened for reading	/proc/357/status	arm7.elf
File opened for reading	/proc/709/status	arm7.elf
File opened for reading	/proc/35/status	arm7.elf
File opened for reading	/proc/708/status	arm7.elf
File opened for reading	/proc/325/status	arm7.elf
File opened for reading	/proc/703/status	arm7.elf
File opened for reading	/proc/7/status	arm7.elf
File opened for reading	/proc/16/status	arm7.elf
File opened for reading	/proc/34/status	arm7.elf
File opened for reading	/proc/253/status	arm7.elf
File opened for reading	/proc/12/status	arm7.elf
File opened for reading	/proc/17/status	arm7.elf
File opened for reading	/proc/45/status	arm7.elf
File opened for reading	/proc/221/status	arm7.elf
File opened for reading	/proc/5/status	arm7.elf
File opened for reading	/proc/646/status	arm7.elf
File opened for reading	/proc/679/status	arm7.elf
File opened for reading	/proc/764/status	arm7.elf
File opened for reading	/proc/318/status	arm7.elf

/tmp/arm7.elf
/tmp/arm7.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:705

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads