436585f696976520b828a69b26d6946441a4a78417d7036df25a08eb33d3dc8e

Analysis

max time kernel
149s
max time network
154s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
28-05-2024 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f4ed78edf8384de42cdbe38c783cebd.elf
Size

207KB
MD5

1f4ed78edf8384de42cdbe38c783cebd
SHA1

dd5ad3bbba83206c1d2e554ac3e4c81b662b3aac
SHA256

436585f696976520b828a69b26d6946441a4a78417d7036df25a08eb33d3dc8e
SHA512

b3a70f738f3246f4f8906330415784e838a2108da27c66a4b726fd4e47a32f1b9688063158db9dc1564c105474c74e65ba7478c3f2ae48b5135514d0dd552924
SSDEEP

3072:Jo7jzzo4lyMX+nkWtIfoGme2LCq3mJpiHVByqqtV2n1:JZ4lyMX+nkzADe2Lp3mJYHvm21

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	1393	1f4ed78edf8384de42cdbe38c783cebd.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/562/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1019/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1449/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/200/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/489/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/533/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/5/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/691/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1392/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/608/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/918/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1343/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/166/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/396/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/446/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/997/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1361/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1366/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1370/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/22/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/759/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/954/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/451/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/852/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1318/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/24/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/71/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/76/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/14/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/82/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/167/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/161/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1080/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1424/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1091/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1415/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/20/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/164/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/4/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/642/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1024/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/853/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/17/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/172/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/609/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/90/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/800/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1391/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/948/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1073/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1394/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1425/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1447/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/85/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/168/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/242/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/798/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/807/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1339/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/9/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/398/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/440/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1050/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf
File opened for reading	/proc/1413/cmdline	1f4ed78edf8384de42cdbe38c783cebd.elf

/tmp/1f4ed78edf8384de42cdbe38c783cebd.elf
/tmp/1f4ed78edf8384de42cdbe38c783cebd.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1393

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads