7215ff558e5a4c905c9c4afe64ed4b59a3d2e64b166b25c864cb6ba10ff320e4

Analysis

max time kernel
121s
max time network
147s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231221-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231221-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
12-02-2024 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7215ff558e5a4c905c9c4afe64ed4b59a3d2e64b166b25c864cb6ba10ff320e4.elf
Size

140KB
MD5

2a712272f4d9b3eab7420bf0e808a1c5
SHA1

7f7583fdb19d536c46eaebac7916c8933414e6ef
SHA256

7215ff558e5a4c905c9c4afe64ed4b59a3d2e64b166b25c864cb6ba10ff320e4
SHA512

48c78c7914d68b87819a12c450091b03ab97759235614cd50b20ceb6dc2373bac19abd1ddf6acc56e89e506802f668b36a864ade8267ea16b8f8cd27cd803f11
SSDEEP

3072:mTUTfCdO6FFtoqV68wKhc/t/ekNaogMewcgsK027u9OlR:mTUTfCdO6FFtoq+wwQdWR

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	1545	7215ff558e5a4c905c9c4afe64ed4b59a3d2e64b166b25c864cb6ba10ff320e4.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/89/cmdline
File opened for reading	/proc/592/cmdline
File opened for reading	/proc/997/cmdline
File opened for reading	/proc/1134/cmdline
File opened for reading	/proc/35/cmdline
File opened for reading	/proc/84/cmdline
File opened for reading	/proc/1046/cmdline
File opened for reading	/proc/1148/cmdline
File opened for reading	/proc/1151/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/448/cmdline
File opened for reading	/proc/1521/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/1286/cmdline
File opened for reading	/proc/316/cmdline
File opened for reading	/proc/427/cmdline
File opened for reading	/proc/452/cmdline
File opened for reading	/proc/576/cmdline
File opened for reading	/proc/1059/cmdline
File opened for reading	/proc/1126/cmdline
File opened for reading	/proc/82/cmdline
File opened for reading	/proc/163/cmdline
File opened for reading	/proc/1522/cmdline
File opened for reading	/proc/1525/cmdline
File opened for reading	/proc/1087/cmdline
File opened for reading	/proc/177/cmdline
File opened for reading	/proc/575/cmdline
File opened for reading	/proc/174/cmdline
File opened for reading	/proc/461/cmdline
File opened for reading	/proc/462/cmdline
File opened for reading	/proc/1063/cmdline
File opened for reading	/proc/1083/cmdline
File opened for reading	/proc/1122/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/1523/cmdline
File opened for reading	/proc/1073/cmdline
File opened for reading	/proc/1545/cmdline
File opened for reading	/proc/1548/cmdline
File opened for reading	/proc/169/cmdline
File opened for reading	/proc/179/cmdline
File opened for reading	/proc/499/cmdline
File opened for reading	/proc/609/cmdline
File opened for reading	/proc/994/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/173/cmdline
File opened for reading	/proc/629/cmdline
File opened for reading	/proc/723/cmdline
File opened for reading	/proc/838/cmdline
File opened for reading	/proc/1026/cmdline
File opened for reading	/proc/1297/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/168/cmdline
File opened for reading	/proc/696/cmdline
File opened for reading	/proc/987/cmdline
File opened for reading	/proc/1438/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/165/cmdline
File opened for reading	/proc/1130/cmdline
File opened for reading	/proc/1377/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/1040/cmdline
File opened for reading	/proc/491/cmdline

/tmp/7215ff558e5a4c905c9c4afe64ed4b59a3d2e64b166b25c864cb6ba10ff320e4.elf
/tmp/7215ff558e5a4c905c9c4afe64ed4b59a3d2e64b166b25c864cb6ba10ff320e4.elf
1⤵
- Changes its process name
PID:1545

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads