c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb

General

Target

c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
Size

193KB
MD5

5cc75a2f68170f6c97c6760a75162b38
SHA1

af525c11b74d82615db1774d85b2f844d2cddad9
SHA256

c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb
SHA512

b9af17d83c5857801cc8dca912db6b005c63d2b6fdb5d8b11e8340d60162808c942a041a7db4787a20c85f7762897c6fae0f2c1fc2a9a83afcf63382a489fb28
SSDEEP

3072:jf7iWCJ/Y9UvxLQyrCf2RG4hrNWlqmOUUH5Msqc:jf7vCJ/rQjmpBMl6Uo5M9c

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (75880) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

Processes:

c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	)5+	702	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf

description	ioc	process
File opened for reading	/proc/37/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/775/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/727/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/754/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/758/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/767/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/774/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/7/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/36/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/704/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/794/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/6/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/710/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/723/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/747/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/762/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/777/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/778/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/792/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/2/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/5/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/717/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/721/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/788/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/21/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/729/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/739/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/70/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/706/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/724/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/782/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/796/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/807/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/809/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/75/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/391/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/708/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/730/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/742/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/750/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/336/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/404/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/711/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/797/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/16/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/22/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/707/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/732/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/785/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/801/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/811/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/694/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/709/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/737/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/743/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/19/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/700/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/716/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/734/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/760/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/9/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/14/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/15/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
File opened for reading	/proc/89/cmdline	c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf

/tmp/c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
/tmp/c2fd2b944074cf5f7f871b7802e97fe2b1e25336a4af0ba050d237f7255155eb.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:702

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

2

T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads