b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4

General

Target

b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
Size

61KB
MD5

3023eaf453a136a0b72de7d45ec57abf
SHA1

5b482b248863fcb84ccc6fa6efc5e4a0807d36e3
SHA256

b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4
SHA512

02b236b2ae7ed98edcad540756b8a78cc9e534242677e38756d6ceee01946965805ec311dacac0424a59c72d622a06e0c3f392e353ebe232c2d6c45c96ecb9d9
SSDEEP

1536:MOf6FP7mQT9+CgAf92NJcJjmXUnTO3dvPcifVd7c/4CSQqS:ff6BaQT9+EMc1mETOhPfn7lS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

pid

1557
Enumerates running processes
Discovers information about currently running processes on the system

pid
1557

Changes its process name 1 IoCs

Processes:

b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	httpd	1556	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf

description	ioc	process
File opened for reading	/proc/8/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/34/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/172/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/318/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/958/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/18/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/36/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/83/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/170/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/177/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1149/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/167/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/324/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/683/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1144/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/655/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1077/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1128/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/2/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/972/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/89/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/479/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1073/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/23/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/85/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/164/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/173/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/175/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/165/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/563/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1136/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/80/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/460/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/6/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/15/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/445/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1153/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/24/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/455/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1071/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1132/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/11/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/611/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1019/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/161/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/579/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1024/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/32/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/171/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/971/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1091/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1155/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/28/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/487/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1158/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/16/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/84/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/456/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/504/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/607/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/166/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/948/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1044/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
File opened for reading	/proc/1119/cmdline	b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf

/tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
/tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1556

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads