00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361

Analysis

max time kernel
137s
max time network
156s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
20-11-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
Size

113KB
MD5

3329500212cf488f1cbb93191685ea3d
SHA1

5e314c10cdd9f8760e813e3164b4ccd4b9a8e5e8
SHA256

00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361
SHA512

dd0757f9b697b7b368abbb887b8507b040815219776c989a1a73eaf8fc4b2dbd2a009c4e3630d5f910615f37c38ee7aab16a2b489510037a7841d92b3ef23980
SSDEEP

3072:4UWRi5paJh1ocp6c2GCtjh4iZvVXLC4Lqbz:4UWk5kJHoGz2ttGMq/

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1564	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1563	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/83/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/202/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/587/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/741/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/774/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/2/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/15/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/82/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/452/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/722/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1123/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/81/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/96/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/216/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/633/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/638/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1052/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1170/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1083/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/5/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/24/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/85/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/218/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/263/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/413/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1053/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/25/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/214/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/409/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/585/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1155/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/26/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/77/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/73/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/92/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/93/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1159/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/10/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/16/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/198/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/736/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/769/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/6/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/9/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/113/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/411/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/608/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/689/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/691/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/804/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/970/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1103/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1160/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1169/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/4/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/79/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/88/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/808/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/1161/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/22/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/86/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/101/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/613/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
File opened for reading	/proc/790/cmdline	00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf

/tmp/00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
/tmp/00a4a41c529729e8d763c186db6faba1750efd1893112b1ac01737b6f1087361.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1563

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads