5e29fb9e0c4fba36b43d1100688051782eb0018897117f9f70d1eb86113e6b06

Analysis

max time kernel
152s
max time network
144s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20230621-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20230621-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
23-08-2023 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

concakhbtandhuy.x86_64.elf
Size

132KB
MD5

0e1c6a921277f032ad93cbe920f2b9ba
SHA1

0f24bb682a1f028f4c99ec8be590835b82f7a0b0
SHA256

5e29fb9e0c4fba36b43d1100688051782eb0018897117f9f70d1eb86113e6b06
SHA512

b6c34b507ca5c4e250c518eae304b0266cd5d947a2d0f99039d534ef7790bdd9d9ea36c3ab5ae4dc80e75a860ac9a090fca496739ae92d3e795096bedae39c1a
SSDEEP

3072:Qs3s0nBTD61AvHo+aogUceHcGxqKcNeKYT4:Qs3snIXcl+T4

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	624	concakhbtandhuy.x86_64.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/84/cmdline
File opened for reading	/proc/127/cmdline
File opened for reading	/proc/171/cmdline
File opened for reading	/proc/370/cmdline
File opened for reading	/proc/657/cmdline
File opened for reading	/proc/659/cmdline
File opened for reading	/proc/675/cmdline
File opened for reading	/proc/34/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/168/cmdline
File opened for reading	/proc/205/cmdline
File opened for reading	/proc/633/cmdline
File opened for reading	/proc/690/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/469/cmdline
File opened for reading	/proc/635/cmdline
File opened for reading	/proc/674/cmdline
File opened for reading	/proc/701/cmdline
File opened for reading	/proc/736/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/81/cmdline
File opened for reading	/proc/115/cmdline
File opened for reading	/proc/647/cmdline
File opened for reading	/proc/698/cmdline
File opened for reading	/proc/735/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/31/cmdline
File opened for reading	/proc/166/cmdline
File opened for reading	/proc/179/cmdline
File opened for reading	/proc/646/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/673/cmdline
File opened for reading	/proc/649/cmdline
File opened for reading	/proc/177/cmdline
File opened for reading	/proc/621/cmdline
File opened for reading	/proc/677/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/702/cmdline
File opened for reading	/proc/83/cmdline
File opened for reading	/proc/369/cmdline
File opened for reading	/proc/640/cmdline
File opened for reading	/proc/666/cmdline
File opened for reading	/proc/742/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/30/cmdline
File opened for reading	/proc/619/cmdline
File opened for reading	/proc/622/cmdline
File opened for reading	/proc/669/cmdline
File opened for reading	/proc/679/cmdline
File opened for reading	/proc/697/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/89/cmdline
File opened for reading	/proc/651/cmdline
File opened for reading	/proc/707/cmdline
File opened for reading	/proc/734/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/82/cmdline
File opened for reading	/proc/85/cmdline

/tmp/concakhbtandhuy.x86_64.elf
/tmp/concakhbtandhuy.x86_64.elf
1⤵
- Changes its process name
PID:624

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads