82163d9ae1ca07377cdbe4c1e3cd4a64aca1023bf82f93b2e46efb5a85db7891

Analysis

max time kernel
155s
max time network
133s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
12-02-2024 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82163d9ae1ca07377cdbe4c1e3cd4a64aca1023bf82f93b2e46efb5a85db7891.elf
Size

128KB
MD5

28e2aca8332fcf56d8eb8ce1d5744298
SHA1

86c11bacc127128b0b62a1bd77829ac8fe2dcc99
SHA256

82163d9ae1ca07377cdbe4c1e3cd4a64aca1023bf82f93b2e46efb5a85db7891
SHA512

b745961b89a2846c5824f40c9c9324d206a90c66ad0e1e46ce1a13c9dbdc49670a9ac9e85b02a844f73b5bc50a3e80d91b3c4c1169d3583855ea824f1ca08aa3
SSDEEP

3072:PntXhNt6wQ4MyuaogvXpmQ3xzJMAbl4f:PntXVjXZ9M

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	1530	82163d9ae1ca07377cdbe4c1e3cd4a64aca1023bf82f93b2e46efb5a85db7891.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/471/cmdline
File opened for reading	/proc/641/cmdline
File opened for reading	/proc/1133/cmdline
File opened for reading	/proc/1447/cmdline
File opened for reading	/proc/1518/cmdline
File opened for reading	/proc/32/cmdline
File opened for reading	/proc/239/cmdline
File opened for reading	/proc/155/cmdline
File opened for reading	/proc/1170/cmdline
File opened for reading	/proc/1342/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/132/cmdline
File opened for reading	/proc/446/cmdline
File opened for reading	/proc/1018/cmdline
File opened for reading	/proc/1532/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/85/cmdline
File opened for reading	/proc/646/cmdline
File opened for reading	/proc/1237/cmdline
File opened for reading	/proc/161/cmdline
File opened for reading	/proc/169/cmdline
File opened for reading	/proc/513/cmdline
File opened for reading	/proc/569/cmdline
File opened for reading	/proc/931/cmdline
File opened for reading	/proc/1052/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/98/cmdline
File opened for reading	/proc/1491/cmdline
File opened for reading	/proc/24/cmdline
File opened for reading	/proc/1305/cmdline
File opened for reading	/proc/165/cmdline
File opened for reading	/proc/415/cmdline
File opened for reading	/proc/994/cmdline
File opened for reading	/proc/1059/cmdline
File opened for reading	/proc/21/cmdline
File opened for reading	/proc/35/cmdline
File opened for reading	/proc/199/cmdline
File opened for reading	/proc/306/cmdline
File opened for reading	/proc/449/cmdline
File opened for reading	/proc/662/cmdline
File opened for reading	/proc/1514/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/79/cmdline
File opened for reading	/proc/622/cmdline
File opened for reading	/proc/1148/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/28/cmdline
File opened for reading	/proc/83/cmdline
File opened for reading	/proc/160/cmdline
File opened for reading	/proc/163/cmdline
File opened for reading	/proc/1164/cmdline
File opened for reading	/proc/1316/cmdline
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/82/cmdline
File opened for reading	/proc/445/cmdline
File opened for reading	/proc/705/cmdline
File opened for reading	/proc/1100/cmdline
File opened for reading	/proc/12/cmdline
File opened for reading	/proc/436/cmdline
File opened for reading	/proc/34/cmdline
File opened for reading	/proc/89/cmdline
File opened for reading	/proc/851/cmdline
File opened for reading	/proc/999/cmdline

/tmp/82163d9ae1ca07377cdbe4c1e3cd4a64aca1023bf82f93b2e46efb5a85db7891.elf
/tmp/82163d9ae1ca07377cdbe4c1e3cd4a64aca1023bf82f93b2e46efb5a85db7891.elf
1⤵
- Changes its process name
PID:1530

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads