c097147068b8e77748c532848c30f57b43477f0e32e47115301ad458d98fc303

Analysis

max time kernel
152s
max time network
152s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20230831-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
05-09-2023 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0feca0dbf4af01c2e2d646017f723aef72b137c7da17b329d6e6886aa073071.elf
Size

136KB
MD5

afaef9d9f4d8ef445009fcc41c1ac4e9
SHA1

9b4a4d45b45c843623fe9b6624d970c2ab78a3dc
SHA256

a0feca0dbf4af01c2e2d646017f723aef72b137c7da17b329d6e6886aa073071
SHA512

02d8928a34956dc46443acc9bccc3d6168fc4538ead435cbd643ef8d89f4a72597d5e96c5fe426d520480cca71efe87d31187c6216091771dcf5a122033ddddc
SSDEEP

3072:pGtwnNiaOnUTKFiPT9OSQ7AOaogjV2iZlBWCgPiAJWPdL:pGtwnNiaOnUTwuLyNJWPd

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

a0feca0dbf4af01c2e2d646017f723aef72b137c7da17b329d6e6886aa073071.elf

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M}!	598	a0feca0dbf4af01c2e2d646017f723aef72b137c7da17b329d6e6886aa073071.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/250/cmdline
File opened for reading	/proc/374/cmdline
File opened for reading	/proc/611/cmdline
File opened for reading	/proc/632/cmdline
File opened for reading	/proc/658/cmdline
File opened for reading	/proc/659/cmdline
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/316/cmdline
File opened for reading	/proc/610/cmdline
File opened for reading	/proc/633/cmdline
File opened for reading	/proc/705/cmdline
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/671/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/343/cmdline
File opened for reading	/proc/403/cmdline
File opened for reading	/proc/608/cmdline
File opened for reading	/proc/656/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/563/cmdline
File opened for reading	/proc/641/cmdline
File opened for reading	/proc/696/cmdline
File opened for reading	/proc/690/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/85/cmdline
File opened for reading	/proc/598/cmdline
File opened for reading	/proc/635/cmdline
File opened for reading	/proc/657/cmdline
File opened for reading	/proc/692/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/404/cmdline
File opened for reading	/proc/618/cmdline
File opened for reading	/proc/626/cmdline
File opened for reading	/proc/628/cmdline
File opened for reading	/proc/673/cmdline
File opened for reading	/proc/686/cmdline
File opened for reading	/proc/587/cmdline
File opened for reading	/proc/599/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/35/cmdline
File opened for reading	/proc/84/cmdline
File opened for reading	/proc/98/cmdline
File opened for reading	/proc/164/cmdline
File opened for reading	/proc/171/cmdline
File opened for reading	/proc/650/cmdline
File opened for reading	/proc/651/cmdline
File opened for reading	/proc/665/cmdline
File opened for reading	/proc/699/cmdline
File opened for reading	/proc/712/cmdline
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/172/cmdline
File opened for reading	/proc/178/cmdline
File opened for reading	/proc/607/cmdline
File opened for reading	/proc/653/cmdline
File opened for reading	/proc/682/cmdline
File opened for reading	/proc/700/cmdline
File opened for reading	/proc/78/cmdline
File opened for reading	/proc/593/cmdline
File opened for reading	/proc/613/cmdline
File opened for reading	/proc/620/cmdline
File opened for reading	/proc/668/cmdline

/tmp/a0feca0dbf4af01c2e2d646017f723aef72b137c7da17b329d6e6886aa073071.elf
/tmp/a0feca0dbf4af01c2e2d646017f723aef72b137c7da17b329d6e6886aa073071.elf
1⤵
- Changes its process name
PID:598

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads