5f612b06a6807b8e5be3470a5fffe2341278910fd5b04fc558bb263ee9217fa9

Analysis

max time kernel
139s
max time network
140s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07/03/2025, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

blah.arm.elf
Size

45KB
MD5

71355abf052797d01af55b04d9a946b2
SHA1

2de6c29f7bb46c72743f78770ab55c7f7c051dd2
SHA256

5f612b06a6807b8e5be3470a5fffe2341278910fd5b04fc558bb263ee9217fa9
SHA512

33a5aa4d8320e04c6d74eef71066aed75017b5b3228a29f6de2585684925e7cd8274b8f60b58f0bd672b2578aca1b7e0e77326c56ef311862372882141b5d028
SSDEEP

768:plT3kFv9sOvAZo3tmvqKZhn9Om/8a9E/PoVGP/N+WfDZb7LYw:D3kFvCOvco8VAZ/TPrFt

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	637	blah.arm.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/7/cmdline	blah.arm.elf
File opened for reading	/proc/13/cmdline	blah.arm.elf
File opened for reading	/proc/15/cmdline	blah.arm.elf
File opened for reading	/proc/28/cmdline	blah.arm.elf
File opened for reading	/proc/318/cmdline	blah.arm.elf
File opened for reading	/proc/23/cmdline	blah.arm.elf
File opened for reading	/proc/81/cmdline	blah.arm.elf
File opened for reading	/proc/278/cmdline	blah.arm.elf
File opened for reading	/proc/1/cmdline	blah.arm.elf
File opened for reading	/proc/308/cmdline	blah.arm.elf
File opened for reading	/proc/587/cmdline	blah.arm.elf
File opened for reading	/proc/755/cmdline	blah.arm.elf
File opened for reading	/proc/113/cmdline	blah.arm.elf
File opened for reading	/proc/591/cmdline	blah.arm.elf
File opened for reading	/proc/641/cmdline	blah.arm.elf
File opened for reading	/proc/14/cmdline	blah.arm.elf
File opened for reading	/proc/25/cmdline	blah.arm.elf
File opened for reading	/proc/292/cmdline	blah.arm.elf
File opened for reading	/proc/746/cmdline	blah.arm.elf
File opened for reading	/proc/4/cmdline	blah.arm.elf
File opened for reading	/proc/29/cmdline	blah.arm.elf
File opened for reading	/proc/138/cmdline	blah.arm.elf
File opened for reading	/proc/149/cmdline	blah.arm.elf
File opened for reading	/proc/571/cmdline	blah.arm.elf
File opened for reading	/proc/748/cmdline	blah.arm.elf
File opened for reading	/proc/17/cmdline	blah.arm.elf
File opened for reading	/proc/24/cmdline	blah.arm.elf
File opened for reading	/proc/161/cmdline	blah.arm.elf
File opened for reading	/proc/629/cmdline	blah.arm.elf
File opened for reading	/proc/753/cmdline	blah.arm.elf
File opened for reading	/proc/759/cmdline	blah.arm.elf
File opened for reading	/proc/10/cmdline	blah.arm.elf
File opened for reading	/proc/592/cmdline	blah.arm.elf
File opened for reading	/proc/623/cmdline	blah.arm.elf
File opened for reading	/proc/767/cmdline	blah.arm.elf
File opened for reading	/proc/27/cmdline	blah.arm.elf
File opened for reading	/proc/276/cmdline	blah.arm.elf
File opened for reading	/proc/142/cmdline	blah.arm.elf
File opened for reading	/proc/274/cmdline	blah.arm.elf
File opened for reading	/proc/765/cmdline	blah.arm.elf
File opened for reading	/proc/769/cmdline	blah.arm.elf
File opened for reading	/proc/773/cmdline	blah.arm.elf
File opened for reading	/proc/2/cmdline	blah.arm.elf
File opened for reading	/proc/5/cmdline	blah.arm.elf
File opened for reading	/proc/8/cmdline	blah.arm.elf
File opened for reading	/proc/12/cmdline	blah.arm.elf
File opened for reading	/proc/19/cmdline	blah.arm.elf
File opened for reading	/proc/103/cmdline	blah.arm.elf
File opened for reading	/proc/152/cmdline	blah.arm.elf
File opened for reading	/proc/223/cmdline	blah.arm.elf
File opened for reading	/proc/6/cmdline	blah.arm.elf
File opened for reading	/proc/110/cmdline	blah.arm.elf
File opened for reading	/proc/273/cmdline	blah.arm.elf
File opened for reading	/proc/761/cmdline	blah.arm.elf
File opened for reading	/proc/11/cmdline	blah.arm.elf
File opened for reading	/proc/18/cmdline	blah.arm.elf
File opened for reading	/proc/22/cmdline	blah.arm.elf
File opened for reading	/proc/170/cmdline	blah.arm.elf
File opened for reading	/proc/306/cmdline	blah.arm.elf
File opened for reading	/proc/588/cmdline	blah.arm.elf
File opened for reading	/proc/668/cmdline	blah.arm.elf
File opened for reading	/proc/745/cmdline	blah.arm.elf
File opened for reading	/proc/26/cmdline	blah.arm.elf
File opened for reading	/proc/42/cmdline	blah.arm.elf

/tmp/blah.arm.elf
/tmp/blah.arm.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:637

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads