Malware Analysis Report

2024-10-16 05:30

Sample ID 240630-m3q5qawgqg
Target 45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf
SHA256 45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549
Tags
antivm persistence miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549

Threat Level: Known bad

The file 45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf was found to be: Known bad.

Malicious Activity Summary

antivm persistence miner xmrig

XMRig Miner payload

Xmrig family

Enumerates running processes

Checks hardware identifiers (DMI)

Creates/modifies Cron job

Reads hardware information

Reads CPU attributes

Changes its process name

Checks CPU configuration

Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-30 10:59

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-30 10:59

Reported

2024-06-30 11:00

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

0s

Max time network

9s

Command Line

[/tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf]

Signatures

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Creates/modifies Cron job

persistence
Description Indicator Process Target
File opened for modification /var/spool/cron/crontabs/tmp.Jqgs56 /usr/bin/crontab N/A

Enumerates running processes

Reads hardware information

Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself sshd N/A N/A
Changes the process name, possibly in an attempt to hide itself watchdogd N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/online /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/cpuset.mems.effective /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/fs/cgroup/cpuset.cpus.effective /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access1/initiators /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/fs/cgroup/cgroup.controllers /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/online /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/bus/dax/devices /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/13/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1241/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1275/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1434/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1163/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1363/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1546/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/682/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/18/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/416/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/735/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1160/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/119/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/845/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1493/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/110/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1159/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1180/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/74/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/212/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/796/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/229/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/5/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/427/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1551/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/962/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1555/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/82/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/226/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/521/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/740/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/993/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1170/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/222/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1106/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1157/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1179/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1232/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/meminfo /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/731/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1085/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/3/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/79/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/612/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1554/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/789/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1163/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1183/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1434/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1537/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/80/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1039/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1181/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1336/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/27/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/93/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1144/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/98/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/119/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/206/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/416/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1014/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/19/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/24/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Processes

/tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf

[/tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf]

/bin/sh

[sh -c crontab -l]

/usr/bin/crontab

[crontab -l]

/bin/sh

[sh -c echo "@reboot /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf" | crontab -]

/usr/bin/crontab

[crontab -]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cnc.ohuyal.xyz udp
NL 45.95.147.236:43782 tcp

Files

/var/spool/cron/crontabs/tmp.Jqgs56

MD5 74ee4328ac6ade08fea272f14dedb32f
SHA1 a6d424464cee764106af124c80495b3edd8c3ba9
SHA256 e9a0249af6b1b3853aa60a2cf6cb5a7bf952a5b352244227ca9e60c195527f67
SHA512 1bb2f8c35480e6d9c565a096e3a2dcabcf4fb8162fe527fdfb99e859b57adcb286befae06cc13b02448cd877fa1891e7e4d84a36028827a4ae5b43dbaa5ace66