148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252

Analysis

max time kernel
131s
max time network
149s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
07/03/2025, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

blah.arm7.elf
Size

117KB
MD5

2ddf96bae055ccdcff2fdf39ce462448
SHA1

7c5649c2bd5a11519b9b24db14189862c6ec201e
SHA256

148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252
SHA512

54cc5af7f85c4c870c90abb0031e585363b762766f0ce29a99dff162886bdfe7e7a47ef6e5fea0e4aa22210d81121888d9f54313e071ac3fe0b292d4ba455f6a
SSDEEP

3072:FQ23+iQkmK8A0ufWY7qmt7qgY+EuNM/9ME:FQ23nv8A0ufDeivY+E4M/9ME

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	638	blah.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/25/cmdline	blah.arm7.elf
File opened for reading	/proc/137/cmdline	blah.arm7.elf
File opened for reading	/proc/760/cmdline	blah.arm7.elf
File opened for reading	/proc/29/cmdline	blah.arm7.elf
File opened for reading	/proc/635/cmdline	blah.arm7.elf
File opened for reading	/proc/768/cmdline	blah.arm7.elf
File opened for reading	/proc/4/cmdline	blah.arm7.elf
File opened for reading	/proc/5/cmdline	blah.arm7.elf
File opened for reading	/proc/11/cmdline	blah.arm7.elf
File opened for reading	/proc/17/cmdline	blah.arm7.elf
File opened for reading	/proc/144/cmdline	blah.arm7.elf
File opened for reading	/proc/214/cmdline	blah.arm7.elf
File opened for reading	/proc/272/cmdline	blah.arm7.elf
File opened for reading	/proc/590/cmdline	blah.arm7.elf
File opened for reading	/proc/107/cmdline	blah.arm7.elf
File opened for reading	/proc/637/cmdline	blah.arm7.elf
File opened for reading	/proc/766/cmdline	blah.arm7.elf
File opened for reading	/proc/572/cmdline	blah.arm7.elf
File opened for reading	/proc/18/cmdline	blah.arm7.elf
File opened for reading	/proc/24/cmdline	blah.arm7.elf
File opened for reading	/proc/97/cmdline	blah.arm7.elf
File opened for reading	/proc/630/cmdline	blah.arm7.elf
File opened for reading	/proc/762/cmdline	blah.arm7.elf
File opened for reading	/proc/772/cmdline	blah.arm7.elf
File opened for reading	/proc/1/cmdline	blah.arm7.elf
File opened for reading	/proc/12/cmdline	blah.arm7.elf
File opened for reading	/proc/163/cmdline	blah.arm7.elf
File opened for reading	/proc/314/cmdline	blah.arm7.elf
File opened for reading	/proc/624/cmdline	blah.arm7.elf
File opened for reading	/proc/633/cmdline	blah.arm7.elf
File opened for reading	/proc/758/cmdline	blah.arm7.elf
File opened for reading	/proc/8/cmdline	blah.arm7.elf
File opened for reading	/proc/105/cmdline	blah.arm7.elf
File opened for reading	/proc/749/cmdline	blah.arm7.elf
File opened for reading	/proc/764/cmdline	blah.arm7.elf
File opened for reading	/proc/770/cmdline	blah.arm7.elf
File opened for reading	/proc/10/cmdline	blah.arm7.elf
File opened for reading	/proc/588/cmdline	blah.arm7.elf
File opened for reading	/proc/2/cmdline	blah.arm7.elf
File opened for reading	/proc/7/cmdline	blah.arm7.elf
File opened for reading	/proc/9/cmdline	blah.arm7.elf
File opened for reading	/proc/142/cmdline	blah.arm7.elf
File opened for reading	/proc/631/cmdline	blah.arm7.elf
File opened for reading	/proc/636/cmdline	blah.arm7.elf
File opened for reading	/proc/303/cmdline	blah.arm7.elf
File opened for reading	/proc/6/cmdline	blah.arm7.elf
File opened for reading	/proc/22/cmdline	blah.arm7.elf
File opened for reading	/proc/27/cmdline	blah.arm7.elf
File opened for reading	/proc/42/cmdline	blah.arm7.elf
File opened for reading	/proc/108/cmdline	blah.arm7.elf
File opened for reading	/proc/269/cmdline	blah.arm7.elf
File opened for reading	/proc/271/cmdline	blah.arm7.elf
File opened for reading	/proc/14/cmdline	blah.arm7.elf
File opened for reading	/proc/19/cmdline	blah.arm7.elf
File opened for reading	/proc/275/cmdline	blah.arm7.elf
File opened for reading	/proc/592/cmdline	blah.arm7.elf
File opened for reading	/proc/754/cmdline	blah.arm7.elf
File opened for reading	/proc/15/cmdline	blah.arm7.elf
File opened for reading	/proc/21/cmdline	blah.arm7.elf
File opened for reading	/proc/41/cmdline	blah.arm7.elf
File opened for reading	/proc/301/cmdline	blah.arm7.elf
File opened for reading	/proc/593/cmdline	blah.arm7.elf
File opened for reading	/proc/747/cmdline	blah.arm7.elf
File opened for reading	/proc/756/cmdline	blah.arm7.elf

/tmp/blah.arm7.elf
/tmp/blah.arm7.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:638

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads