3c50ef708fd72b96187e91c30cd80fb3eddd8cc6530e1e81dfaefbe6bc50ef34

Analysis

max time kernel
0s
max time network
131s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
16-09-2024 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
Size

4.8MB
MD5

f9885aafa7048958174e73489acff182
SHA1

c87d050c55054b658d531fc9b522b02660319593
SHA256

3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d
SHA512

fc543d7d3404bd95b325c12afe16aa2c0cd569a900a5eac65631579529e20adb8e4ad5daf76a3d4bf55e4efdf21009ef420a5d77a58fcbe496124b82387477f3
SSDEEP

98304:sZCRScDTjTiNLOGcsFZcXaM/iVWr3y1fLqN7+xQejD+u1qdnz+J:5NuLOGcsvBuiVB1fMKxQejD+Tz+

Score

3^/10

discovery

Malware Config

Signatures

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf

description	ioc	process
File opened for reading	/proc/self/status	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for reading	/proc/mounts	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf

Writes file to tmp directory 26 IoCs

Malware often drops required files in the /tmp directory.

Processes:

3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf

description	ioc	process
File opened for modification	/tmp/_MEIbR6kXr/termios.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_ssl.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libpython2.7.so.1.0	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_codecs_tw.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_multiprocessing.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/bz2.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libexpat.so.1	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libffi.so.7	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libtinfo.so.6	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libz.so.1	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_codecs_iso2022.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_ctypes.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/pyexpat.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libbz2.so.1.0	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_codecs_cn.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libreadline.so.8	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/resource.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_codecs_hk.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_codecs_jp.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/mmap.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_hashlib.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_multibytecodec.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libcrypto.so.1.1	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/libssl.so.1.1	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/readline.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
File opened for modification	/tmp/_MEIbR6kXr/_codecs_kr.x86_64-linux-gnu.so	3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf

/tmp/3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
/tmp/3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
1⤵
- Writes file to tmp directory
PID:1551
- /tmp/3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
  /tmp/3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
  2⤵
  - Reads runtime system information
  PID:1552
- - /sbin/ldconfig
    /sbin/ldconfig -p
    3⤵
    PID:1553
- - /sbin/ldconfig.real
    /sbin/ldconfig.real -p
    3⤵
    PID:1553

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/_MEIbR6kXr/_codecs_cn.x86_64-linux-gnu.so

Filesize
150KB

MD5
0d0ff0725992d2c6a3445cdad3d2d332

SHA1
006177f8f0e3be3a2ed62420a7a6c01c01ff5672

SHA256
6f002d2a66f18da93256cdee72d6dca7cd43c788356508d6b782c7f2d7a08052

SHA512
7d4b9f00a058667fd683f533434f2955901d22b8d389bf3aaf1cced6b4410fd78b489e18590259982aad7f1c739812ec8eb39342b16c07a3547abf9c3316733a

Download Submit
/tmp/_MEIbR6kXr/_codecs_hk.x86_64-linux-gnu.so

Filesize
154KB

MD5
96e57fa1616efc45004d7b5a2601c0bb

SHA1
8ecc12e3787b099b6cc5f25c64e129a90387221f

SHA256
41efd7513ecd754dc0442d149b9a0cc924f04119ebd162cad6a09004e1071a67

SHA512
42f84a8073f76393abc787beb90a723a80214b2f55335fb68d38bcab508163c131b79250096cd26e10abe3596c4170421082ebf4b1edc0322d57efc692412532

Download Submit
/tmp/_MEIbR6kXr/_codecs_iso2022.x86_64-linux-gnu.so

Filesize
30KB

MD5
d8ae0c5d759ce2e7690c31867c4c3759

SHA1
6a9c870711801bff3db1c8f1b71e8ed3b37838f3

SHA256
9b9a713b83b12159a836f2b8922fa5fa661f4e723508725d1fd7b5d56b9e1b8f

SHA512
01b750eac41ec6d8e1a47c2a4ed0ea50d47a641051958a619d27e9328f26c1011e2aea55655b04bd705cc17acc30ef1f79da2cc4946678f79ab036ddeda04176

Download Submit
/tmp/_MEIbR6kXr/_codecs_jp.x86_64-linux-gnu.so

Filesize
262KB

MD5
27a2bec9818c595277c3ee154d540709

SHA1
10cd1364e48b0a934ef5af47f4a3538ddebc141e

SHA256
099f60f5d7afd4c4e8a2545f9aed73d9568cc000bed13858e79e48901b483a8f

SHA512
a6044ca8b3194f69cc0239f0a7ad600ef0d657f718bcc797332339da160465dfed9ca06ec280f83286500580eab4865f643533404a5f15a325a05c6f0cef2bf4

Download Submit
/tmp/_MEIbR6kXr/_codecs_kr.x86_64-linux-gnu.so

Filesize
138KB

MD5
7d373c605292f3faf617a037ebffeeb4

SHA1
4aa1c746b0bf7cc6ec122e5fe0179d7317f9d5c1

SHA256
fbc3e108ef575785399fe11da713a0e4151ccf3481616a3f170ee2bdaf84989c

SHA512
18320ddf53ce54024d422306adf747b04212731142925109dde31d0632aa828dc54877ce9077b543e80efaadf901e7324f1af0bc26f50508df5743b158cde32a

Download Submit
/tmp/_MEIbR6kXr/_codecs_tw.x86_64-linux-gnu.so

Filesize
110KB

MD5
9e62e246212c2d05fb01489dd57189d2

SHA1
d5c2ae54214574ceef6d5a6ccd103a473468ef48

SHA256
404c366d03016ba39a68437f948471143d2c210e5dca3a3a594547c5d5db589b

SHA512
f92f274b025684887b9f6b381a92f19a2a68ccd0c0b8054b5a3fc06fead0d65dfc3c3cdd400ad27ab4c200bfcc505ae9cd557fc8922af2d62eef49345970df74

Download Submit
/tmp/_MEIbR6kXr/_ctypes.x86_64-linux-gnu.so

Filesize
132KB

MD5
1f926b98516ce320c5f8fae9c907d0fd

SHA1
9f92c4d3205a977e602482bf9aa72175e2cde0a4

SHA256
ef24bd084b56ce36d62ed3a4a1c042c237683f9485d4207534e756155b7f0d26

SHA512
eeb41515a63f1c1292431d1fa196b64b575b9c0b75725d2fd209471c729e92462c9b1443c7674e8ee2755ad310801543a98f421581c1596adf4576cbd56b9908

Download Submit
/tmp/_MEIbR6kXr/_hashlib.x86_64-linux-gnu.so

Filesize
24KB

MD5
db8876341697ac0fd9b722ead299ecf3

SHA1
ed6743d4843fbc813452aaa13634a8781ca9adb7

SHA256
e1f41d50dbb2748a337f8f166da905e52ca7db0a2389a1687f38fd59f5910af5

SHA512
fe90d84f585805aaca099498f42c42f2c7c983d45dbb67c5c587cbe54b35e9da95e942150fd171dea858d3dae8d634c4cb9e45b23d4cca022d851efbc5ac8b67

Download Submit
/tmp/_MEIbR6kXr/_multibytecodec.x86_64-linux-gnu.so

Filesize
46KB

MD5
96a5b988bff8f4aac236db7edcd8010c

SHA1
f9756c35fac577263edb0d6defc209aa00b18c49

SHA256
6a193b29537d75978b8c090d0961408920b4a97226a8bfae828f9d69ecc7aad9

SHA512
e505464fbc8c8c44e2349370322901667ec661dd220857de9a22e8c0d90c2e538974cde70dfbcbbc0076164f7af973ce36541bbfd1f1bf427590197236b59543

Download Submit
/tmp/_MEIbR6kXr/_multiprocessing.x86_64-linux-gnu.so

Filesize
32KB

MD5
3b2b09b6a443e30e5c0ca5804ea92113

SHA1
6a222b1725847a5c1283841bdd7bdacddc4637a4

SHA256
de0b470ecf11614cf91318b675a88643f567dadccd8949c52197aa1ba4b7bb3e

SHA512
f1e1c2a1bb1afea99d650c4d54e0b77835739b6f8d5ce70c26975f9ecf33370a2c60c23a85dd14be89d318dc9b2947054af101424e83b85adfe912c04e80b4d8

Download Submit
/tmp/_MEIbR6kXr/_ssl.x86_64-linux-gnu.so

Filesize
107KB

MD5
c75e1dd675d444c90b4ede8a09c91752

SHA1
a251f1387213a0d94eaa0ce5af7441ed5f50f91b

SHA256
0fac7540e58ddb7c3774c41e322635f6053bb142d0f10bebdd219abcac8bcbac

SHA512
ce2790f48cc2898e83cf4314cf11b229c1ed09933e215da9e08e55f367d95549aed81370d8667f78e791aa313d36a96f1501f2d0520f93c581b9cc957e581583

Download Submit
/tmp/_MEIbR6kXr/bz2.x86_64-linux-gnu.so

Filesize
45KB

MD5
006f04c1801fcc9e92369a7351e935bd

SHA1
865985633d5a9f9cbb2c5d9aa136c80a0924eb8d

SHA256
f543b91893c4f0a2ee3f4c0d9e3f12b1c5dc01b887fe229762f39aabe2946762

SHA512
85466c1dbe0624f3de39277cbcd93d998b213d91fefe79de40e55349890d52a2e990f7a312f539b170e085cff3db61da4f722f118672fa4b60bb82870c3fcc8c

Download Submit
/tmp/_MEIbR6kXr/libbz2.so.1.0

Filesize
73KB

MD5
7fe842b2b26ad6eef33cd4bd8ed280b3

SHA1
ee42ca256c6feb7412c37313e1935d2e31a0a1de

SHA256
4488544d0a32b1e38d369342f219677ee621a2f16e64f529e4776c7322bc86d3

SHA512
03933e91268c7b9f3814e2b76d4dd35a720f057407bae9b3475b611835782291a4fc56ed0086ea120e7e007ac1683ba092227447f8861d21a1273e91822e8313

Download Submit
/tmp/_MEIbR6kXr/libcrypto.so.1.1

Filesize
2.8MB

MD5
2c7bbb78dacbe0a03fe90e93356adc7c

SHA1
773abe7321454a758cbe37a9b9d36e67e3894c7b

SHA256
e2ce222f70fa87048124d07ee7b084a9e2f5fe0658a9e04b7e24b11276418f1a

SHA512
241aa738b103649369be6bf4b4d214d35d44fe17b179e46e1c3d7fb6c899f619a14eb00e794c29b60ed154b2ade30bb20217e2323331d23092067da24e0143cf

Download Submit
/tmp/_MEIbR6kXr/libexpat.so.1

Filesize
178KB

MD5
952c5948bcd2a1824bc78f815176bc52

SHA1
e35093b682cbed186b459917d7c9e704bbeb7f65

SHA256
99dc36c9745304fc7fbade11e4ca8cc1e2472ec2e97fa28d4b020d119b35aed2

SHA512
0e4117f729331c38ba7e28786ad9a02dfe34fe9268783f8373dea345fc9f2a3c7d5408642918f8031389e697e0c24d2cd02aa1727fa2308e3639ac44409fe0c4

Download Submit
/tmp/_MEIbR6kXr/libffi.so.7

Filesize
42KB

MD5
9fa9dd63d62116e6815ac44c3a746d70

SHA1
eed5fd0e75f9d8aee3098c84c835c2360070804f

SHA256
e49fdd8e80867abe9f0f6062272b0838570467066f8cf270badf1567ca49fba6

SHA512
b49696ff2ebe60b00112dfb2ca74defd8cf9e36358882426ed5b7ce86e820316cde45ad212595ab6b810ee88040033ec30aeff036aee1f400f8741967537ebfb

Download Submit
/tmp/_MEIbR6kXr/libpython2.7.so.1.0

Filesize
3.3MB

MD5
b2aa8b932c19d38c63f143eac6c6aff5

SHA1
833bec13b484e6d31a74e0b57b724ee199ff6362

SHA256
ad45b545dfff6c4018e4ab7f2383ac20e66fd34507d6e4a1ba62f233c17be059

SHA512
d347013e71ffa6a23af395c4168ec29f1f74095bf214322655e47a236ff371faad1f7b1821bae6fa46a2ca8cf9f9457e49c75d18b8a5cd442b515d668c119a95

Download Submit
/tmp/_MEIbR6kXr/libreadline.so.8

Filesize
312KB

MD5
07386d6beb4361731c5f6ff1c460c6d7

SHA1
da21222fd899e911e5a294faa6927e71a473b117

SHA256
ec45cd672d0236a8b5249e3b351cb9f69d1580073fb359ffc5792a60ba132db6

SHA512
212072aa5f00372a20d18b9033606d90359afd7475ea670354ca50be3809c52b11d3b33fe7c7deb64744c22db75bafcf73e29b128a571456fa4e8c302c3c2e9e

Download Submit
/tmp/_MEIbR6kXr/libssl.so.1.1

Filesize
584KB

MD5
e7405402d2aafd6419fd5dfe223c545f

SHA1
6456ddc30784698a91f837ababe5a41e3b399bad

SHA256
cf041da3151f8c307e9e8668d874704241187c05c89fb8af0c2c2698c748e718

SHA512
446e7efa5a4d9dc068c6b8162e136db8dce2783a2a19f077aebf5ee08aa408bae9b6c9a3b1f07ddcf28e0d2b4d93140332e30ad67478d90c1ebcd27d4bfcbe64

Download Submit
/tmp/_MEIbR6kXr/libtinfo.so.6

Filesize
187KB

MD5
8ecaf82d3dcb197495924d038014c175

SHA1
db05aa3c95a397af27269d42ab64a89072e6e399

SHA256
425378a1cfa4f5f2f8a847d4828f0dfc92c2b7d75e5f8f5207a4c0a42b2ee6fa

SHA512
259984614627717e3fd53b201b9d429820a6cd86008d3d92a789f01ac6bb1ddaff0336f5bdd4fa9af52453b04bbd8252c7ad25baad8f6da5984495ef0cb9f21c

Download Submit
/tmp/_MEIbR6kXr/libz.so.1

Filesize
106KB

MD5
00be2c43ac0ac93f0de3fec761529a99

SHA1
1c5fcbe97e9b9f4e366360b955679029540b7b2a

SHA256
251f20bdf98b26a4f2318792f75850ca0f32175b3a003e7f5b5964545ce2c57a

SHA512
7748acd98bc5e79a14744cfefd23595092fe91610ce9266271419fa1e45d209a8df65218c5b5207731596b7a72bee8a5bcc6d270882ef71d0a7e3fba6ee4c262

Download Submit
/tmp/_MEIbR6kXr/mmap.x86_64-linux-gnu.so

Filesize
32KB

MD5
d7613cb55fd61758122069d39e298c10

SHA1
c45d35d4f01af6b1478a6ecf8011f9e8a8fe496a

SHA256
900a4d531d41fa5500dae16335211eb6a708654c4056a786cfe6aa73a223f616

SHA512
c93a161989866f59a9d7b23abc98cd6713b74974f371f51f7c97df2e5164590a5c4511cb041b21f3e5014a33492e9f3f6f8b02924b82ead78d28d17d9df37d46

Download Submit
/tmp/_MEIbR6kXr/pyexpat.x86_64-linux-gnu.so

Filesize
59KB

MD5
92364da165e468057a9e3e20f4e17ec4

SHA1
de925a90f15d4aa5284784c20a18737a4c7e8bd5

SHA256
11bfed9c30eb9e418769e44e1fdeda338f9d39b90fcd0402f80f9410a4c80572

SHA512
312e28f9cce3983edcff325efd79efc07fdf84691274d7a1b279b0796080fce31bb6fac7b946b93ba42ae063ca4fa8865d569fe1b02783ef7bb8d2522217ecb4

Download Submit
/tmp/_MEIbR6kXr/readline.x86_64-linux-gnu.so

Filesize
30KB

MD5
58a70d09e652ba3b34c1dfad22ba5567

SHA1
6bcaa8306dd95aad76797798cbe64fcdd43bc65c

SHA256
821edb635c25418489c74e1a4861d4048d0e67bf84292d85b8e95fecae9ba4ca

SHA512
be25bd8d992f914c9c1d680088805adace8b78f8c9c3975af42f019deee4e156de5017b779e18b326a69c9082aea92e33ec1638cac323f8fe3e10d48151e0e0b

Download Submit
/tmp/_MEIbR6kXr/resource.x86_64-linux-gnu.so

Filesize
14KB

MD5
2d213c29841453b7181cc89ad2b123f1

SHA1
c383e31f211bbe0857fe656d092f6f1bf2a3adca

SHA256
e425fefd5c49e6d410b11e2eba56e01ae4cd0e1c80a72a96cb8e66f1cc278ca1

SHA512
e3b443d1aca94762e9460aa246f6f2d8b96547ef172fccd831a8b5063f412470a525b4efb1726a33adb1e7ad27a6408b3d92ec54cf902bdbd3d32d5aad420397

Download Submit
/tmp/_MEIbR6kXr/termios.x86_64-linux-gnu.so

Filesize
28KB

MD5
30a74da4fe0e1d7005717a7b18982b5f

SHA1
5bacb1a7752175441c770c246d0a35c9b18d25bf

SHA256
ab02a78d156ebf46dd50d1bb6a71af35d1103b85c0a20dbb7a5cf4cda7ad8844

SHA512
8ed86400c42431bb4c507c2bce8a8031b5a313a150bf694d5033cc6caf8f2a2a41dd5a41ac13b8c5adb1023f82edaa090d178925fd1bdbafb588bfd2f29bb6cb

Download Submit