07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984

Analysis

max time kernel
134s
max time network
152s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
07/05/2024, 17:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
Size

140KB
MD5

954f197268ee34446c11d97f48e7429a
SHA1

b4c39c39b9ac113e01f8b0cc791c02a629c6c5fd
SHA256

07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984
SHA512

d12fbe58cc70d6f09a3a59436fe90e80892b7e56c809b302a4c56c2d45f3273b4a39ae697768a74cdaf5292f187ded6eaeb8278e55aefdfa104da772ce176986
SSDEEP

3072:mTUTfCdO6FFto6O68wKhc/t/ekNaogMewcgsK027uTOlX:mTUTfCdO6FFto6VwwQdkX

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	1575	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/22/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/34/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/608/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1167/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1196/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/25/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/465/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/467/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/682/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1204/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/2/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/173/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/464/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1103/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/971/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1090/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1109/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/8/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/21/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/288/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/947/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1587/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/545/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1152/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1207/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1269/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/192/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/433/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/678/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1203/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/79/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/959/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1074/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1181/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/84/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/185/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/452/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/559/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1205/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1449/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1571/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/9/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/24/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/188/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1161/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/456/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/672/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1232/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1355/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/17/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/180/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/182/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/183/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/28/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/78/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/184/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1088/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1098/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1183/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/1286/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/32/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/175/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/463/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
File opened for reading	/proc/530/cmdline	07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf

/tmp/07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
/tmp/07199802a39574e6a28e2967db181d69a93a92b464fc0e45f6bba0cab68bb984.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1575

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads