9c1dfb2a8b833fb3e634b6cab44c3341572c4bbd3357ee0db5e3b76bb2201dd2

Analysis

max time kernel
149s
max time network
147s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
06/10/2024, 09:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bot.x86_64.elf
Size

136KB
MD5

7b879239ab348e993f03d0ec1230a5b3
SHA1

5a0812097f809d6d2ac49819f2ebe481eb23acfb
SHA256

9c1dfb2a8b833fb3e634b6cab44c3341572c4bbd3357ee0db5e3b76bb2201dd2
SHA512

03f031837d8174526efe4547323eed0eb0bbb9592fdad5a526f7b26577ce4146c4f55fca0b076072f054378051d9d2e329c0ddce1de007bc74fcec9443279549
SSDEEP

3072:tGtwnNiaOnUTkFKPT9OSQ7AOaogjV2iZlBWCgCiADQPdL:tGtwnNiaOnUT2uLyqDQPd

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	1517	bot.x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1179/cmdline	bot.x86_64.elf
File opened for reading	/proc/3/cmdline	bot.x86_64.elf
File opened for reading	/proc/84/cmdline	bot.x86_64.elf
File opened for reading	/proc/168/cmdline	bot.x86_64.elf
File opened for reading	/proc/555/cmdline	bot.x86_64.elf
File opened for reading	/proc/1092/cmdline	bot.x86_64.elf
File opened for reading	/proc/1187/cmdline	bot.x86_64.elf
File opened for reading	/proc/1216/cmdline	bot.x86_64.elf
File opened for reading	/proc/239/cmdline	bot.x86_64.elf
File opened for reading	/proc/472/cmdline	bot.x86_64.elf
File opened for reading	/proc/474/cmdline	bot.x86_64.elf
File opened for reading	/proc/1085/cmdline	bot.x86_64.elf
File opened for reading	/proc/1151/cmdline	bot.x86_64.elf
File opened for reading	/proc/432/cmdline	bot.x86_64.elf
File opened for reading	/proc/496/cmdline	bot.x86_64.elf
File opened for reading	/proc/1035/cmdline	bot.x86_64.elf
File opened for reading	/proc/1125/cmdline	bot.x86_64.elf
File opened for reading	/proc/30/cmdline	bot.x86_64.elf
File opened for reading	/proc/34/cmdline	bot.x86_64.elf
File opened for reading	/proc/552/cmdline	bot.x86_64.elf
File opened for reading	/proc/662/cmdline	bot.x86_64.elf
File opened for reading	/proc/682/cmdline	bot.x86_64.elf
File opened for reading	/proc/1170/cmdline	bot.x86_64.elf
File opened for reading	/proc/98/cmdline	bot.x86_64.elf
File opened for reading	/proc/161/cmdline	bot.x86_64.elf
File opened for reading	/proc/178/cmdline	bot.x86_64.elf
File opened for reading	/proc/319/cmdline	bot.x86_64.elf
File opened for reading	/proc/19/cmdline	bot.x86_64.elf
File opened for reading	/proc/89/cmdline	bot.x86_64.elf
File opened for reading	/proc/611/cmdline	bot.x86_64.elf
File opened for reading	/proc/1193/cmdline	bot.x86_64.elf
File opened for reading	/proc/1204/cmdline	bot.x86_64.elf
File opened for reading	/proc/78/cmdline	bot.x86_64.elf
File opened for reading	/proc/81/cmdline	bot.x86_64.elf
File opened for reading	/proc/420/cmdline	bot.x86_64.elf
File opened for reading	/proc/1185/cmdline	bot.x86_64.elf
File opened for reading	/proc/170/cmdline	bot.x86_64.elf
File opened for reading	/proc/173/cmdline	bot.x86_64.elf
File opened for reading	/proc/1168/cmdline	bot.x86_64.elf
File opened for reading	/proc/1205/cmdline	bot.x86_64.elf
File opened for reading	/proc/14/cmdline	bot.x86_64.elf
File opened for reading	/proc/22/cmdline	bot.x86_64.elf
File opened for reading	/proc/29/cmdline	bot.x86_64.elf
File opened for reading	/proc/137/cmdline	bot.x86_64.elf
File opened for reading	/proc/1207/cmdline	bot.x86_64.elf
File opened for reading	/proc/85/cmdline	bot.x86_64.elf
File opened for reading	/proc/205/cmdline	bot.x86_64.elf
File opened for reading	/proc/1164/cmdline	bot.x86_64.elf
File opened for reading	/proc/1088/cmdline	bot.x86_64.elf
File opened for reading	/proc/1147/cmdline	bot.x86_64.elf
File opened for reading	/proc/1280/cmdline	bot.x86_64.elf
File opened for reading	/proc/1311/cmdline	bot.x86_64.elf
File opened for reading	/proc/11/cmdline	bot.x86_64.elf
File opened for reading	/proc/569/cmdline	bot.x86_64.elf
File opened for reading	/proc/744/cmdline	bot.x86_64.elf
File opened for reading	/proc/978/cmdline	bot.x86_64.elf
File opened for reading	/proc/1518/cmdline	bot.x86_64.elf
File opened for reading	/proc/1078/cmdline	bot.x86_64.elf
File opened for reading	/proc/5/cmdline	bot.x86_64.elf
File opened for reading	/proc/27/cmdline	bot.x86_64.elf
File opened for reading	/proc/80/cmdline	bot.x86_64.elf
File opened for reading	/proc/930/cmdline	bot.x86_64.elf
File opened for reading	/proc/971/cmdline	bot.x86_64.elf
File opened for reading	/proc/1049/cmdline	bot.x86_64.elf

/tmp/bot.x86_64.elf
/tmp/bot.x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1517

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads