bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b

Analysis

max time kernel
149s
max time network
151s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
20/11/2024, 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
Size

167KB
MD5

ac9cbe2b84d8b0012a470c285304d822
SHA1

91b37dd0a8dffa71bafc61a34c35a5c735a15060
SHA256

bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b
SHA512

8292606a7804bfac71e963906a3d0727a629422a8457c315d179b12a356f02692b17e7e18548a4d63148b985484a3feeef9cfed727a7b101f306b453781ada0c
SSDEEP

3072:Ot5/YtjpMpUnEx0b8kjOpaSpdId94soxuaCXxkimGDX:25/4pMpgEx0b8k6xji1DX

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	2494	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/18/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2146/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2432/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/9/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/148/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/756/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/791/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1701/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1967/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/814/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1052/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1972/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1985/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/25/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/39/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/56/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/188/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1706/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/14/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/29/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1096/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1926/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/35/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/37/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1066/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1131/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1960/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2523/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/40/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/192/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/235/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1704/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1965/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2307/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1970/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2107/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/7/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/23/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/24/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/432/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1788/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1931/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/19/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/34/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/196/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/198/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1816/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2495/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1407/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2243/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/4/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/11/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/512/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/767/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/776/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/1083/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2343/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/6/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/51/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/2273/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/8/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/181/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
File opened for reading	/proc/385/cmdline	bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf

/tmp/bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
/tmp/bd383a465be41794638fff2771f92d3136fc081cc7da8e717a73994e956abb1b.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:2494

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads