34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a

Analysis

max time kernel
149s
max time network
159s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
04/02/2025, 03:52

Target

34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a.elf
Size

177KB
MD5

0272b30dfa9e5757e0ddb8238b4bc524
SHA1

2cbfef6b3ee11c035c1a4fd3475029952341269c
SHA256

34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a
SHA512

d979c768ee3af8ada100e33fa68e98153dd351647a8c454afa77c209dfd7551e5ca79e851caa0ecd3d2e8e90f17b878d5091ac8e8abf6ee1689c5c4116ddbe71
SSDEEP

3072:OLe6vhN1QIruCee+asuTuRebU7IVILVZQy38YhTfYo+M/Rvs1tlLn:ee6vhQIr1r+asuTuReAvLV738+x+M/RO

Score

7^/10

Deletes itself 1 IoCs

pid	Process
650	34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a.elf

Traces itself 2 IoCs

Traces itself to prevent debugging attempts

pid	Process
650	34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a.elf
651	34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	650	34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a.elf	34191ccc45bf0595ad8bcfed0749c3203cf5d06f73822ecf12972a52c6a3b07a.elf