148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252

Analysis

max time kernel
131s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/03/2025, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
Size

117KB
MD5

2ddf96bae055ccdcff2fdf39ce462448
SHA1

7c5649c2bd5a11519b9b24db14189862c6ec201e
SHA256

148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252
SHA512

54cc5af7f85c4c870c90abb0031e585363b762766f0ce29a99dff162886bdfe7e7a47ef6e5fea0e4aa22210d81121888d9f54313e071ac3fe0b292d4ba455f6a
SSDEEP

3072:FQ23+iQkmK8A0ufWY7qmt7qgY+EuNM/9ME:FQ23nv8A0ufDeivY+E4M/9ME

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	643	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/635/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/636/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/709/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/11/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/14/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/16/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/18/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/299/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/458/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/771/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/5/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/13/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/19/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/23/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/27/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/28/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/41/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/95/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/279/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/43/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/104/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/106/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/141/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/638/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/641/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/717/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/1/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/6/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/10/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/29/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/265/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/642/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/775/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/3/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/8/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/136/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/17/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/280/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/296/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/312/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/647/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/762/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/764/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/15/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/22/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/42/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/74/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/267/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/599/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/753/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/777/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/271/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/306/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/767/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/21/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/162/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/765/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/773/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/4/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/25/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/107/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/410/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/7/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
File opened for reading	/proc/9/cmdline	148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf

/tmp/148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
/tmp/148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:643

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads