2d2207e453ec92dc1174c3dab2c7d5885de3d33ffdb13d2f26b7733140cb75e3

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
24-07-2024 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
Size

91KB
MD5

3843758b0f005f46a897ee789b2241fb
SHA1

82757f4592e82bd378447e101bd642ccfac75fc0
SHA256

0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861
SHA512

65cfdc9eba296d8d6d8a01c90ab5712e00c5e8cd77a2f226b385dac2f81d10ac1fd0d7179c5ababca611359d429595daebdabce16f67c4b12e26e06c19db427e
SSDEEP

1536:oFd1IRgCXUzx7t0fMqlFgQEiyhcg+7ju72wPZnWhZS5xtY+b:oFdmR9XUzxh0fMgFgQEimEjLAdew5bb

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	1395	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/858/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1417/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/177/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/486/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/848/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1317/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/19/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1069/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1107/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1398/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1451/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/17/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/168/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/444/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1068/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1182/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/70/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/169/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/975/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/796/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1070/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1116/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1447/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/23/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/170/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1077/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/5/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/140/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/86/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1153/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1335/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/105/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/242/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/576/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1367/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/85/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/820/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1028/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/943/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1343/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/201/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/265/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/560/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1099/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/14/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/87/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/174/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/20/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/585/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1441/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/491/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/494/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1421/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/437/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/676/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1397/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/1076/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/22/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/393/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/802/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/581/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/657/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/948/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
File opened for reading	/proc/954/cmdline	0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf

/tmp/0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
/tmp/0a1ca3395a767fe7c0221efec79b7ae14011bdc00aea142313c93389cae9d861.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1395

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads