56e5f149a383ad69260ac6c6fd4a7a917b614c560b7d1018ad82c9e546a859f5

Analysis

max time kernel
150s
max time network
139s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
04-07-2024 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
Size

177KB
MD5

86aee2d678d15c10126ba8f608135b43
SHA1

38daaea08e0b2989e18c45c11afd44b0b0aca362
SHA256

a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1
SHA512

a185fa33596a12c2800a9677f61a884fc158e348ca915f2f7ffcc3d1265541b7e0c05914c9306c3bb458145c57539a340a18913c4092cc8f60d6ef24235cf6c3
SSDEEP

3072:f6uSXvJnzjP0jSozpyi579Yxy52tIen9A6qewZQehaMh:f6uSXvJnvP0+ozYigAEnfqnZNhaa

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system
Changes its process name 1 IoCs

Processes:

a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a- M " 702 a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a- M "	702	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf

description	ioc	process
File opened for reading	/proc/785/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/799/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/3/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/16/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/719/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/726/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/784/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/68/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/116/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/772/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/801/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/748/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/37/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/71/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/82/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/729/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/740/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/775/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/800/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/21/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/710/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/711/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/746/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/757/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/11/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/115/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/715/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/773/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/741/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/759/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/765/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/10/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/79/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/703/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/722/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/739/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/768/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/792/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/794/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/2/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/22/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/24/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/426/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/725/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/789/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/4/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/326/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/679/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/733/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/735/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/20/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/770/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/787/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/802/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/781/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/804/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/805/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/105/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/655/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/666/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/734/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/750/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/17/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
File opened for reading	/proc/716/cmdline	a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf

/tmp/a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
/tmp/a1b44eb01f5e7f3502647a92f42ae9fdd9f0f785f97ceb3b326fd1dcf525c4e1.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:702

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads