6d5b419cb9762e22e70be5b83ecfde7f49a28d5e0d00f6f647b61fa3b28bd21d

Analysis

max time kernel
149s
max time network
137s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
15-09-2024 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86_64.elf
Size

167KB
MD5

1bd4eba98882119f9183c0e414167375
SHA1

541df510d99082b8042c3f3025292b9110458203
SHA256

6d5b419cb9762e22e70be5b83ecfde7f49a28d5e0d00f6f647b61fa3b28bd21d
SHA512

212c07eebaa5517ae1c6d162f2b0f3c82e5c7be7f331b98ab0dd5cb60e4b85e49dec3c12549756bdc65daf1f46aa3cd50320cad25a747f8036eed4b7e5278e7a
SSDEEP

3072:Ot5/YtjpMpUnEx0b8kjRpaSpdId94soxuaCXxkimGgX:25/4pMpgEx0b8kRxji1gX

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system
Changes its process name 1 IoCs

Processes:

x86_64.elf

description ioc pid process

Changes the process name, possibly in an attempt to hide itself a- M " 2493 x86_64.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a- M "	2493	x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

x86_64.elf

description	ioc	process
File opened for reading	/proc/46/cmdline	x86_64.elf
File opened for reading	/proc/577/cmdline	x86_64.elf
File opened for reading	/proc/823/cmdline	x86_64.elf
File opened for reading	/proc/1986/cmdline	x86_64.elf
File opened for reading	/proc/2038/cmdline	x86_64.elf
File opened for reading	/proc/3/cmdline	x86_64.elf
File opened for reading	/proc/43/cmdline	x86_64.elf
File opened for reading	/proc/192/cmdline	x86_64.elf
File opened for reading	/proc/773/cmdline	x86_64.elf
File opened for reading	/proc/1118/cmdline	x86_64.elf
File opened for reading	/proc/1705/cmdline	x86_64.elf
File opened for reading	/proc/1962/cmdline	x86_64.elf
File opened for reading	/proc/27/cmdline	x86_64.elf
File opened for reading	/proc/188/cmdline	x86_64.elf
File opened for reading	/proc/509/cmdline	x86_64.elf
File opened for reading	/proc/2246/cmdline	x86_64.elf
File opened for reading	/proc/38/cmdline	x86_64.elf
File opened for reading	/proc/2093/cmdline	x86_64.elf
File opened for reading	/proc/2570/cmdline	x86_64.elf
File opened for reading	/proc/189/cmdline	x86_64.elf
File opened for reading	/proc/194/cmdline	x86_64.elf
File opened for reading	/proc/785/cmdline	x86_64.elf
File opened for reading	/proc/25/cmdline	x86_64.elf
File opened for reading	/proc/1115/cmdline	x86_64.elf
File opened for reading	/proc/1874/cmdline	x86_64.elf
File opened for reading	/proc/2037/cmdline	x86_64.elf
File opened for reading	/proc/2500/cmdline	x86_64.elf
File opened for reading	/proc/50/cmdline	x86_64.elf
File opened for reading	/proc/124/cmdline	x86_64.elf
File opened for reading	/proc/1703/cmdline	x86_64.elf
File opened for reading	/proc/2041/cmdline	x86_64.elf
File opened for reading	/proc/15/cmdline	x86_64.elf
File opened for reading	/proc/29/cmdline	x86_64.elf
File opened for reading	/proc/36/cmdline	x86_64.elf
File opened for reading	/proc/357/cmdline	x86_64.elf
File opened for reading	/proc/30/cmdline	x86_64.elf
File opened for reading	/proc/37/cmdline	x86_64.elf
File opened for reading	/proc/2492/cmdline	x86_64.elf
File opened for reading	/proc/2522/cmdline	x86_64.elf
File opened for reading	/proc/784/cmdline	x86_64.elf
File opened for reading	/proc/2153/cmdline	x86_64.elf
File opened for reading	/proc/2196/cmdline	x86_64.elf
File opened for reading	/proc/887/cmdline	x86_64.elf
File opened for reading	/proc/31/cmdline	x86_64.elf
File opened for reading	/proc/47/cmdline	x86_64.elf
File opened for reading	/proc/70/cmdline	x86_64.elf
File opened for reading	/proc/274/cmdline	x86_64.elf
File opened for reading	/proc/2519/cmdline	x86_64.elf
File opened for reading	/proc/2199/cmdline	x86_64.elf
File opened for reading	/proc/2256/cmdline	x86_64.elf
File opened for reading	/proc/2533/cmdline	x86_64.elf
File opened for reading	/proc/9/cmdline	x86_64.elf
File opened for reading	/proc/1392/cmdline	x86_64.elf
File opened for reading	/proc/1953/cmdline	x86_64.elf
File opened for reading	/proc/1976/cmdline	x86_64.elf
File opened for reading	/proc/275/cmdline	x86_64.elf
File opened for reading	/proc/2212/cmdline	x86_64.elf
File opened for reading	/proc/2490/cmdline	x86_64.elf
File opened for reading	/proc/63/cmdline	x86_64.elf
File opened for reading	/proc/1065/cmdline	x86_64.elf
File opened for reading	/proc/1695/cmdline	x86_64.elf
File opened for reading	/proc/1893/cmdline	x86_64.elf
File opened for reading	/proc/2205/cmdline	x86_64.elf
File opened for reading	/proc/41/cmdline	x86_64.elf

/tmp/x86_64.elf
/tmp/x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:2493

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads