6d5b419cb9762e22e70be5b83ecfde7f49a28d5e0d00f6f647b61fa3b28bd21d

Analysis

max time kernel
149s
max time network
139s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
15-09-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86_64.elf
Size

167KB
MD5

1bd4eba98882119f9183c0e414167375
SHA1

541df510d99082b8042c3f3025292b9110458203
SHA256

6d5b419cb9762e22e70be5b83ecfde7f49a28d5e0d00f6f647b61fa3b28bd21d
SHA512

212c07eebaa5517ae1c6d162f2b0f3c82e5c7be7f331b98ab0dd5cb60e4b85e49dec3c12549756bdc65daf1f46aa3cd50320cad25a747f8036eed4b7e5278e7a
SSDEEP

3072:Ot5/YtjpMpUnEx0b8kjRpaSpdId94soxuaCXxkimGgX:25/4pMpgEx0b8kRxji1gX

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system
Changes its process name 1 IoCs

Processes:

x86_64.elf

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a- M " 2826 x86_64.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a- M "	2826	x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

x86_64.elf

description	ioc	process
File opened for reading	/proc/22/cmdline	x86_64.elf
File opened for reading	/proc/2763/cmdline	x86_64.elf
File opened for reading	/proc/64/cmdline	x86_64.elf
File opened for reading	/proc/194/cmdline	x86_64.elf
File opened for reading	/proc/391/cmdline	x86_64.elf
File opened for reading	/proc/2210/cmdline	x86_64.elf
File opened for reading	/proc/29/cmdline	x86_64.elf
File opened for reading	/proc/45/cmdline	x86_64.elf
File opened for reading	/proc/417/cmdline	x86_64.elf
File opened for reading	/proc/2467/cmdline	x86_64.elf
File opened for reading	/proc/24/cmdline	x86_64.elf
File opened for reading	/proc/28/cmdline	x86_64.elf
File opened for reading	/proc/2235/cmdline	x86_64.elf
File opened for reading	/proc/2490/cmdline	x86_64.elf
File opened for reading	/proc/19/cmdline	x86_64.elf
File opened for reading	/proc/2573/cmdline	x86_64.elf
File opened for reading	/proc/1120/cmdline	x86_64.elf
File opened for reading	/proc/2185/cmdline	x86_64.elf
File opened for reading	/proc/2333/cmdline	x86_64.elf
File opened for reading	/proc/12/cmdline	x86_64.elf
File opened for reading	/proc/185/cmdline	x86_64.elf
File opened for reading	/proc/2143/cmdline	x86_64.elf
File opened for reading	/proc/2827/cmdline	x86_64.elf
File opened for reading	/proc/2313/cmdline	x86_64.elf
File opened for reading	/proc/2856/cmdline	x86_64.elf
File opened for reading	/proc/31/cmdline	x86_64.elf
File opened for reading	/proc/181/cmdline	x86_64.elf
File opened for reading	/proc/1115/cmdline	x86_64.elf
File opened for reading	/proc/2823/cmdline	x86_64.elf
File opened for reading	/proc/888/cmdline	x86_64.elf
File opened for reading	/proc/1080/cmdline	x86_64.elf
File opened for reading	/proc/2322/cmdline	x86_64.elf
File opened for reading	/proc/2519/cmdline	x86_64.elf
File opened for reading	/proc/8/cmdline	x86_64.elf
File opened for reading	/proc/274/cmdline	x86_64.elf
File opened for reading	/proc/2041/cmdline	x86_64.elf
File opened for reading	/proc/2621/cmdline	x86_64.elf
File opened for reading	/proc/190/cmdline	x86_64.elf
File opened for reading	/proc/436/cmdline	x86_64.elf
File opened for reading	/proc/2647/cmdline	x86_64.elf
File opened for reading	/proc/2833/cmdline	x86_64.elf
File opened for reading	/proc/51/cmdline	x86_64.elf
File opened for reading	/proc/2427/cmdline	x86_64.elf
File opened for reading	/proc/2341/cmdline	x86_64.elf
File opened for reading	/proc/42/cmdline	x86_64.elf
File opened for reading	/proc/792/cmdline	x86_64.elf
File opened for reading	/proc/2213/cmdline	x86_64.elf
File opened for reading	/proc/845/cmdline	x86_64.elf
File opened for reading	/proc/2246/cmdline	x86_64.elf
File opened for reading	/proc/187/cmdline	x86_64.elf
File opened for reading	/proc/273/cmdline	x86_64.elf
File opened for reading	/proc/578/cmdline	x86_64.elf
File opened for reading	/proc/736/cmdline	x86_64.elf
File opened for reading	/proc/793/cmdline	x86_64.elf
File opened for reading	/proc/54/cmdline	x86_64.elf
File opened for reading	/proc/196/cmdline	x86_64.elf
File opened for reading	/proc/2320/cmdline	x86_64.elf
File opened for reading	/proc/2857/cmdline	x86_64.elf
File opened for reading	/proc/46/cmdline	x86_64.elf
File opened for reading	/proc/2257/cmdline	x86_64.elf
File opened for reading	/proc/2613/cmdline	x86_64.elf
File opened for reading	/proc/2828/cmdline	x86_64.elf
File opened for reading	/proc/180/cmdline	x86_64.elf
File opened for reading	/proc/193/cmdline	x86_64.elf

/tmp/x86_64.elf
/tmp/x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:2826

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads