1017ce1d1546fa206cb1c699d1cdf3271591e8e57e72a44e11e9ff620ab5981c

Analysis

max time kernel
139s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
06-12-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
Size

168KB
MD5

9d9b06ad1c145757a00b353a4efc8e26
SHA1

1d8d16d5c3c7a81673a0cf9e554a56a0b9d46fc2
SHA256

13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0
SHA512

2b56d075b4317f122c9ab5e5c8d727814b71ce0aa663ea7d2e561c0cac2b28a80d71cd57758dd3307c94e50945290ad36cff8df604c7f22bf53436633ad91fae
SSDEEP

3072:kpg03bw4agXbZ/iF1uZqEXGrqHINBzZUXSrxAq8qC/Cd04qe8PmFVD:kpg03bw4aQbZ/iFnEXGrFUIR7W4ND

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2822	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2822	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1084/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2202/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/46/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/50/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/193/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2300/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/1078/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2038/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2295/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/35/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/49/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/55/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/747/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/3/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/18/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/20/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/735/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/1066/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/1118/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2284/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2299/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/190/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/194/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/356/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2142/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/186/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/509/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/825/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2131/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/7/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/436/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/771/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/782/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/1060/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/1254/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/25/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/508/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/580/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/52/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/56/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/274/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/371/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/1115/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/5/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/16/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/38/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/273/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/1129/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/1776/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/19/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/184/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/189/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/8/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2249/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/80/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/185/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/456/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2220/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2307/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/10/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/47/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/192/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
File opened for reading	/proc/2030/cmdline	13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf

/tmp/13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
/tmp/13dd4fa6a557a32c7c47553c50bb84427747ae3d2844ff29b9de98ad3aa80ec0.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2822

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads