4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441

General

Target

4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
Size

60KB
MD5

ec84c82d80438bdf306e7b6811d13aa1
SHA1

bffbe294ac5d78ffb0aeb3770f9f148acd10585f
SHA256

4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441
SHA512

eb11e086c76fde9277dc4d14927ac89959753ab533e1b90fbdb10d7d0a439e88bf317289cc79599d3a999eb6981df268a2cb132763c001073442069bd74c109e
SSDEEP

768:lXlW6Ur9L3itzOL1++vLoIX22mSAeao6fYkeUo6LEz3BvyPwXnVrUAM31g2yXMDJ:hqL3i9OQsLnmSn9UoIwrU531g2y7Ar

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

Processes:

4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf

description	pid	process
Changes the process name, possibly in an attempt to hide itself	1472	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf

description	ioc	process
File opened for reading	/proc/14/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/18/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/970/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/7/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/21/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/115/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/477/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1099/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/13/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1069/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1185/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1363/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/82/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/155/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/438/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/698/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1155/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1179/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1474/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1473/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/32/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/98/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1017/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1056/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1076/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1295/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1470/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/4/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/432/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1242/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1161/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/78/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/89/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/940/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1153/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/31/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/159/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/195/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/505/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/547/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1285/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/15/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/653/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1062/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1472/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/3/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/12/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/27/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/164/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/471/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1166/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1186/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1475/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/455/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/680/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/250/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/2/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/19/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/23/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1163/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/1334/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/25/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/80/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
File opened for reading	/proc/434/cmdline	4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf

/tmp/4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
/tmp/4b167734c0c88f218fc51db7597322c7b0bc9fad0c275e7f64c791470e92f441.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1472

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads