756aaa19767ae0507856a840d6971e6a1c30588f582f43c78585625489dad406

Analysis

max time kernel
149s
max time network
151s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
05-03-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

756aaa19767ae0507856a840d6971e6a1c30588f582f43c78585625489dad406.elf
Size

136KB
MD5

5b53afc6741cd6c75576cd6152e49f2a
SHA1

332f12e6ebbd1432ef9251ed65fa15db30448eb8
SHA256

756aaa19767ae0507856a840d6971e6a1c30588f582f43c78585625489dad406
SHA512

d37314ff633ee682b79fba54d96d63f0f4822cebe59e81719e6b006fc49d6941360808a415ad844cc8035d8c78b340354cb7a289e9817ac2d02661008a3ac67b
SSDEEP

3072:KmhXw3d2a+lFTO1S1ET9ojALsROaogf12SBVsGCG5xAZYPd:KmhXw3d2a+lFTXDfbL0ZYPd

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

756aaa19767ae0507856a840d6971e6a1c30588f582f43c78585625489dad406.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a- M, =	1575	756aaa19767ae0507856a840d6971e6a1c30588f582f43c78585625489dad406.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/80/cmdline
File opened for reading	/proc/439/cmdline
File opened for reading	/proc/607/cmdline
File opened for reading	/proc/1117/cmdline
File opened for reading	/proc/1165/cmdline
File opened for reading	/proc/1345/cmdline
File opened for reading	/proc/1372/cmdline
File opened for reading	/proc/34/cmdline
File opened for reading	/proc/115/cmdline
File opened for reading	/proc/353/cmdline
File opened for reading	/proc/1109/cmdline
File opened for reading	/proc/1573/cmdline
File opened for reading	/proc/4/cmdline
File opened for reading	/proc/180/cmdline
File opened for reading	/proc/185/cmdline
File opened for reading	/proc/1026/cmdline
File opened for reading	/proc/1555/cmdline
File opened for reading	/proc/1152/cmdline
File opened for reading	/proc/1167/cmdline
File opened for reading	/proc/1286/cmdline
File opened for reading	/proc/83/cmdline
File opened for reading	/proc/182/cmdline
File opened for reading	/proc/183/cmdline
File opened for reading	/proc/189/cmdline
File opened for reading	/proc/175/cmdline
File opened for reading	/proc/177/cmdline
File opened for reading	/proc/971/cmdline
File opened for reading	/proc/982/cmdline
File opened for reading	/proc/1098/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/192/cmdline
File opened for reading	/proc/1127/cmdline
File opened for reading	/proc/1140/cmdline
File opened for reading	/proc/1196/cmdline
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/17/cmdline
File opened for reading	/proc/85/cmdline
File opened for reading	/proc/352/cmdline
File opened for reading	/proc/722/cmdline
File opened for reading	/proc/947/cmdline
File opened for reading	/proc/1031/cmdline
File opened for reading	/proc/186/cmdline
File opened for reading	/proc/729/cmdline
File opened for reading	/proc/894/cmdline
File opened for reading	/proc/1172/cmdline
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/81/cmdline
File opened for reading	/proc/288/cmdline
File opened for reading	/proc/1135/cmdline
File opened for reading	/proc/1570/cmdline
File opened for reading	/proc/179/cmdline
File opened for reading	/proc/268/cmdline
File opened for reading	/proc/465/cmdline
File opened for reading	/proc/480/cmdline
File opened for reading	/proc/678/cmdline
File opened for reading	/proc/1577/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/1271/cmdline
File opened for reading	/proc/1305/cmdline
File opened for reading	/proc/1311/cmdline
File opened for reading	/proc/1571/cmdline
File opened for reading	/proc/16/cmdline
File opened for reading	/proc/78/cmdline

/tmp/756aaa19767ae0507856a840d6971e6a1c30588f582f43c78585625489dad406.elf
/tmp/756aaa19767ae0507856a840d6971e6a1c30588f582f43c78585625489dad406.elf
1⤵
- Changes its process name
PID:1575

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads