4ee6fc39c565289ba7659d15a3e773cb6ce8602e233ba29048a46f6c5cc8d156

Analysis

max time kernel
149s
max time network
145s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
05-04-2024 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ee6fc39c565289ba7659d15a3e773cb6ce8602e233ba29048a46f6c5cc8d156.elf
Size

61KB
MD5

931def4833a0dd417683fffdee7fc426
SHA1

276f0d1628e5d81fde00839a6d82862d9f481bd8
SHA256

4ee6fc39c565289ba7659d15a3e773cb6ce8602e233ba29048a46f6c5cc8d156
SHA512

936a40197d1a92c21e3e3691243fad37075038420e4551cbb5bbe8ad77883a98de593a53d079e096e8ae8b90dc8c56d87f97a418bf99e8cc7991efb5b531ffa2
SSDEEP

1536:aDlRfj6RN1yYzpkx6vJd6ASl+WRi5atkT1:aDlhjkTy+eUJIAmDRQT

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

4ee6fc39c565289ba7659d15a3e773cb6ce8602e233ba29048a46f6c5cc8d156.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a	1521	4ee6fc39c565289ba7659d15a3e773cb6ce8602e233ba29048a46f6c5cc8d156.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/1003/cmdline
File opened for reading	/proc/1133/cmdline
File opened for reading	/proc/1513/cmdline
File opened for reading	/proc/1535/cmdline
File opened for reading	/proc/941/cmdline
File opened for reading	/proc/936/cmdline
File opened for reading	/proc/1051/cmdline
File opened for reading	/proc/1053/cmdline
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/85/cmdline
File opened for reading	/proc/18/cmdline
File opened for reading	/proc/1124/cmdline
File opened for reading	/proc/1129/cmdline
File opened for reading	/proc/1177/cmdline
File opened for reading	/proc/1228/cmdline
File opened for reading	/proc/1536/cmdline
File opened for reading	/proc/432/cmdline
File opened for reading	/proc/164/cmdline
File opened for reading	/proc/457/cmdline
File opened for reading	/proc/944/cmdline
File opened for reading	/proc/1116/cmdline
File opened for reading	/proc/1179/cmdline
File opened for reading	/proc/1519/cmdline
File opened for reading	/proc/26/cmdline
File opened for reading	/proc/22/cmdline
File opened for reading	/proc/158/cmdline
File opened for reading	/proc/171/cmdline
File opened for reading	/proc/467/cmdline
File opened for reading	/proc/474/cmdline
File opened for reading	/proc/1108/cmdline
File opened for reading	/proc/1112/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/1524/cmdline
File opened for reading	/proc/1279/cmdline
File opened for reading	/proc/155/cmdline
File opened for reading	/proc/545/cmdline
File opened for reading	/proc/1034/cmdline
File opened for reading	/proc/1138/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/30/cmdline
File opened for reading	/proc/169/cmdline
File opened for reading	/proc/1134/cmdline
File opened for reading	/proc/1168/cmdline
File opened for reading	/proc/1240/cmdline
File opened for reading	/proc/1248/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/156/cmdline
File opened for reading	/proc/161/cmdline
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/452/cmdline
File opened for reading	/proc/592/cmdline
File opened for reading	/proc/9/cmdline
File opened for reading	/proc/1170/cmdline
File opened for reading	/proc/198/cmdline
File opened for reading	/proc/458/cmdline
File opened for reading	/proc/566/cmdline
File opened for reading	/proc/631/cmdline
File opened for reading	/proc/667/cmdline
File opened for reading	/proc/1094/cmdline
File opened for reading	/proc/1505/cmdline
File opened for reading	/proc/1/maps
File opened for reading	/proc/6/cmdline

/tmp/4ee6fc39c565289ba7659d15a3e773cb6ce8602e233ba29048a46f6c5cc8d156.elf
/tmp/4ee6fc39c565289ba7659d15a3e773cb6ce8602e233ba29048a46f6c5cc8d156.elf
1⤵
- Changes its process name
PID:1521

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads