3c7208b677715b56e5bddf31b58504c0a123118cb5b862b54cbef37ca9098bdb

Analysis

max time kernel
149s
max time network
146s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
24-04-2024 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a297b53ebc020b71cb16439b8dc70e77.elf
Size

140KB
MD5

a297b53ebc020b71cb16439b8dc70e77
SHA1

227b7213e919828c4ba4bd5fb5c439ffd946d945
SHA256

3c7208b677715b56e5bddf31b58504c0a123118cb5b862b54cbef37ca9098bdb
SHA512

32923b8c8d5c19fc3207ee6449322b28b2a0934cbf59e5d2412a71c964aa65d5f817ffef9fafcbc25df07cb0da9d8b7dc6daff271f293a165ecbea3382a3fa31
SSDEEP

3072:mTUTfCdO6FFtoqU6EwKhc/t/ekNaogMewcgsK027uYOlR:mTUTfCdO6FFtoqzwwQdVR

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	1476	a297b53ebc020b71cb16439b8dc70e77.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/1638/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1990/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/118/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/173/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/973/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1575/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1420/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1487/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1505/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2043/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2050/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2058/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/169/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1494/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1700/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2017/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1590/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1977/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1986/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2031/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/86/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/498/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1402/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1443/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2094/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2078/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1510/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1655/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1686/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1718/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2059/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1548/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1639/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1837/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1898/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/84/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1479/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1719/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/636/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1300/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1985/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2022/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/175/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/802/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1409/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1948/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2111/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/161/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/584/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1516/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1854/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/485/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1609/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1794/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2026/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1078/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1470/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1978/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/301/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1666/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1931/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/2005/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1716/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf
File opened for reading	/proc/1721/cmdline	a297b53ebc020b71cb16439b8dc70e77.elf

/tmp/a297b53ebc020b71cb16439b8dc70e77.elf
/tmp/a297b53ebc020b71cb16439b8dc70e77.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1476

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads