17eae48b524af62595052f8854e14d1c9271aae36375f75fdeb6a940ead77f57

Analysis

max time kernel
149s
max time network
153s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
27-11-2024 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.x86_64.elf
Size

141KB
MD5

da58289be6761af8b39e4c9fbd3d1dbc
SHA1

ba011598b29ddb7fe3d11c1725e1a6e7ef6cdf33
SHA256

17eae48b524af62595052f8854e14d1c9271aae36375f75fdeb6a940ead77f57
SHA512

5ae97ad79d003b2f4dde0b1b905b12338ab2755b7c5d5434195ab5971cc123c31555dca9c389d3f31cbc9b836070d190b081c94c27c6b5fbd5e33a3a8091e8d5
SSDEEP

3072:myLCpsoIEtrhrjJZEvjjk3UaogYykEbpaeDdzrmt1F:myLCpsoIEtrUNUb96F

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M "	1558	bot.x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/262/cmdline	bot.x86_64.elf
File opened for reading	/proc/407/cmdline	bot.x86_64.elf
File opened for reading	/proc/594/cmdline	bot.x86_64.elf
File opened for reading	/proc/867/cmdline	bot.x86_64.elf
File opened for reading	/proc/1259/cmdline	bot.x86_64.elf
File opened for reading	/proc/1330/cmdline	bot.x86_64.elf
File opened for reading	/proc/1359/cmdline	bot.x86_64.elf
File opened for reading	/proc/23/cmdline	bot.x86_64.elf
File opened for reading	/proc/25/cmdline	bot.x86_64.elf
File opened for reading	/proc/114/cmdline	bot.x86_64.elf
File opened for reading	/proc/213/cmdline	bot.x86_64.elf
File opened for reading	/proc/1150/cmdline	bot.x86_64.elf
File opened for reading	/proc/1161/cmdline	bot.x86_64.elf
File opened for reading	/proc/1181/cmdline	bot.x86_64.elf
File opened for reading	/proc/1413/cmdline	bot.x86_64.elf
File opened for reading	/proc/4/cmdline	bot.x86_64.elf
File opened for reading	/proc/22/cmdline	bot.x86_64.elf
File opened for reading	/proc/101/cmdline	bot.x86_64.elf
File opened for reading	/proc/110/cmdline	bot.x86_64.elf
File opened for reading	/proc/686/cmdline	bot.x86_64.elf
File opened for reading	/proc/1423/cmdline	bot.x86_64.elf
File opened for reading	/proc/1444/cmdline	bot.x86_64.elf
File opened for reading	/proc/77/cmdline	bot.x86_64.elf
File opened for reading	/proc/79/cmdline	bot.x86_64.elf
File opened for reading	/proc/224/cmdline	bot.x86_64.elf
File opened for reading	/proc/1075/cmdline	bot.x86_64.elf
File opened for reading	/proc/1241/cmdline	bot.x86_64.elf
File opened for reading	/proc/1499/cmdline	bot.x86_64.elf
File opened for reading	/proc/17/cmdline	bot.x86_64.elf
File opened for reading	/proc/75/cmdline	bot.x86_64.elf
File opened for reading	/proc/631/cmdline	bot.x86_64.elf
File opened for reading	/proc/633/cmdline	bot.x86_64.elf
File opened for reading	/proc/1102/cmdline	bot.x86_64.elf
File opened for reading	/proc/1090/cmdline	bot.x86_64.elf
File opened for reading	/proc/13/cmdline	bot.x86_64.elf
File opened for reading	/proc/200/cmdline	bot.x86_64.elf
File opened for reading	/proc/314/cmdline	bot.x86_64.elf
File opened for reading	/proc/586/cmdline	bot.x86_64.elf
File opened for reading	/proc/668/cmdline	bot.x86_64.elf
File opened for reading	/proc/1192/cmdline	bot.x86_64.elf
File opened for reading	/proc/20/cmdline	bot.x86_64.elf
File opened for reading	/proc/96/cmdline	bot.x86_64.elf
File opened for reading	/proc/559/cmdline	bot.x86_64.elf
File opened for reading	/proc/589/cmdline	bot.x86_64.elf
File opened for reading	/proc/654/cmdline	bot.x86_64.elf
File opened for reading	/proc/994/cmdline	bot.x86_64.elf
File opened for reading	/proc/1114/cmdline	bot.x86_64.elf
File opened for reading	/proc/1184/cmdline	bot.x86_64.elf
File opened for reading	/proc/6/cmdline	bot.x86_64.elf
File opened for reading	/proc/8/cmdline	bot.x86_64.elf
File opened for reading	/proc/94/cmdline	bot.x86_64.elf
File opened for reading	/proc/452/cmdline	bot.x86_64.elf
File opened for reading	/proc/636/cmdline	bot.x86_64.elf
File opened for reading	/proc/1041/cmdline	bot.x86_64.elf
File opened for reading	/proc/1203/cmdline	bot.x86_64.elf
File opened for reading	/proc/16/cmdline	bot.x86_64.elf
File opened for reading	/proc/76/cmdline	bot.x86_64.elf
File opened for reading	/proc/205/cmdline	bot.x86_64.elf
File opened for reading	/proc/215/cmdline	bot.x86_64.elf
File opened for reading	/proc/416/cmdline	bot.x86_64.elf
File opened for reading	/proc/739/cmdline	bot.x86_64.elf
File opened for reading	/proc/1077/cmdline	bot.x86_64.elf
File opened for reading	/proc/1206/cmdline	bot.x86_64.elf
File opened for reading	/proc/73/cmdline	bot.x86_64.elf

/tmp/bot.x86_64.elf
/tmp/bot.x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1558

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads