6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c

General

Target

6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
Size

81KB
MD5

892da2afac49c9f633a707950847eab2
SHA1

f8695e58f895537612a05b2680fc810445eabe1c
SHA256

6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c
SHA512

8d3e0288dc8e4ff52fe84ed2a6669bb19e091e5bdecc4c0038b7e696aec5fb4c43232bfeaf877124901597825c602253af4083a01e01553c38d283c5005d2d00
SSDEEP

1536:sDiTBLlauUI7zFIM5PnfH1z7xKjAxb+fwWDvdYnUWyA4mHuaKL4ZgbeaA:0iTfauf7zKM5n1z7xiAxSfwWWJP4mHum

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

pid

1517
Enumerates running processes
Discovers information about currently running processes on the system

pid
1517

Changes its process name 1 IoCs

Processes:

6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	httpd	1516	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf

description	ioc	process
File opened for reading	/proc/7/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/502/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/662/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1145/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1297/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/14/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/18/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/30/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/89/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/183/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/743/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/974/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1065/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1183/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1512/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/115/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/532/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/685/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1147/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1151/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1164/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/26/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/617/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/952/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1192/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1055/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1069/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1513/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/31/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/32/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/168/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/263/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/492/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/29/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/36/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/177/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1346/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1358/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/556/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/180/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/427/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/550/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/715/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1181/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1305/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1325/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1342/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/13/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/19/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/184/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/426/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/497/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/618/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/961/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1022/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1042/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1319/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/1517/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/27/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/85/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/137/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/172/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/277/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
File opened for reading	/proc/423/cmdline	6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf

/tmp/6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
/tmp/6eb0d6dcb32da21be89856070782374957595e24d1402a8da9f29f25350c3a7c.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1516

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads