Malware Analysis Report

2024-10-16 05:29

Sample ID 240630-mvxmjawfrh
Target 45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf
SHA256 45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549
Tags
miner xmrig antivm persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549

Threat Level: Known bad

The file 45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf was found to be: Known bad.

Malicious Activity Summary

miner xmrig antivm persistence

XMRig Miner payload

Xmrig family

Enumerates running processes

Reads hardware information

Checks hardware identifiers (DMI)

Creates/modifies Cron job

Reads CPU attributes

Changes its process name

Checks CPU configuration

Reads runtime system information

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-30 10:47

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-30 10:47

Reported

2024-06-30 10:48

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

46s

Max time network

43s

Command Line

[/tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf]

Signatures

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Creates/modifies Cron job

persistence
Description Indicator Process Target
File opened for modification /var/spool/cron/crontabs/tmp.Uph3OR /usr/bin/crontab N/A

Enumerates running processes

Reads hardware information

Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_serial /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself systemd N/A N/A
Changes the process name, possibly in an attempt to hide itself watchdogd N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/online /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/possible /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/devices/system/node/online /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/meminfo /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/virtual/dmi/id /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/fs/cgroup/cpuset.mems.effective /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/cpu /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/bus/dax/devices /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/fs/cgroup/cgroup.controllers /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/cpumap /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access1/initiators /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/fs/cgroup/cpuset.cpus.effective /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /sys/kernel/mm/hugepages /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/75/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/969/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/91/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/695/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1154/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/2/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/606/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/763/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/631/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/839/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1425/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/75/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/214/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1173/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/211/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1194/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/78/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/209/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/221/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/409/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/768/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1084/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1200/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1328/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/23/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1059/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1084/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1157/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/11/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/82/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/603/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1052/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1178/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/5/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/73/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/98/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/210/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/446/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/590/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1194/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1394/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/86/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/773/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1363/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1458/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/679/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/27/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/766/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/868/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/8/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/20/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/768/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/779/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1081/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1129/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/219/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/502/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/648/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1206/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/14/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/99/cmdline /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/163/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/585/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A
File opened for reading /proc/1122/exe /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf N/A

Processes

/tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf

[/tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf]

/bin/sh

[sh -c crontab -l]

/usr/bin/crontab

[crontab -l]

/bin/sh

[sh -c echo "@reboot /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf" | crontab -]

/usr/bin/crontab

[crontab -]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cnc.ohuyal.xyz udp
NL 45.95.147.236:43782 tcp
US 1.1.1.1:53 cnc.ohuyal.xyz udp
US 8.8.8.8:53 cnc.ohuyal.xyz udp

Files

/var/spool/cron/crontabs/tmp.Uph3OR

MD5 da9f2b860fff6b0b7da0d2632350113d
SHA1 f741ca321f7966809bca7e1dc5a5eb23f53b189d
SHA256 bee2238cf6e9dbf06aaf4dc4911ff4e8063133cac85bafad2de78af26c106c45
SHA512 2b8d44946350e6fe2e595ac55964823c78a1638d11c761684835fe75924b412545841ef68c33866c3ba48e9f8b92dbe4bdf89b8569313352d29774e8a201e1ca