6f40b2731efc940ad224415f3f90cc292160f2d143ae1cc0ed608e22119b290c

General

Target

a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
Size

140KB
MD5

26ab8774a53298e8cff9f506852f0e21
SHA1

d5f59cbcc3937c4a43aaeb975eb48cdb89c907b0
SHA256

a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba
SHA512

91db210c73548cd300b9b5fd891d3ace04b385547f9659841e2d28bd0731d04bbd3cf7a45660fb82168702393a55e1877974ce474129a1478e5c95b99ac1cde4
SSDEEP

3072:mTUTfCdO6FFtobh68wKhc/t/ekNaogMewcgsK027u+Olw:mTUTfCdO6FFtobywwQdjw

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

Processes:

a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	a- M"!	2441	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf

description	ioc	process
File opened for reading	/proc/510/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/580/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2445/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/9/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/33/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/48/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/197/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/391/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1124/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2221/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/786/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2101/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2177/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/54/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/258/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/584/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/897/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1767/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1893/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/794/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1069/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1736/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1845/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1898/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/7/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/50/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/419/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1129/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1824/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2200/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2443/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2474/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/17/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/41/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/67/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/828/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/6/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/202/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1046/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1857/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2154/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/3/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/4/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/12/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/51/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/458/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/791/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1649/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1821/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/25/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/34/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/53/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/182/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1843/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/56/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/189/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/1654/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/2378/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/8/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/37/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/71/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/276/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/433/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
File opened for reading	/proc/736/cmdline	a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf

/tmp/a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
/tmp/a86aa91163d16cf7afc3d028d3eecfcdd799f00f24295a7f718f71404932c4ba.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:2441

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads