f25e2b85a17e4efd8b57435380074e72757180d07039de49344669be398d3d63

Analysis

max time kernel
133s
max time network
142s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
06-12-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
Size

120KB
MD5

37175a58f80f758776ea056e64ce4bbe
SHA1

0ded3a98a6b262f48b97d8017c38e34b61512282
SHA256

db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b
SHA512

65af3245ba600031d31f7f2ba277f534b6653afae637478ce0cc0c697788fd8400391a009729cc9cd7fcf6015776496e62512f1cc419c228e4f2e88a3e6600cd
SSDEEP

3072:r2F5V5zk/+yaJQ/0rK6tMNkgt8BiEMbwyUPbmmmmmmmmmmmmmmh4mmmmmmemmomX:r2F5V5zk/+9JQMr5yBUPbmmmmmmmmmmp

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1597	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1596	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1109/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1114/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/92/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/218/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/13/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/78/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/499/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1010/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1093/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1167/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/6/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/8/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1176/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/210/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/221/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/19/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/209/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/772/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1152/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/27/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/77/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/446/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/584/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1041/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1070/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/373/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/409/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/89/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/213/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/588/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/602/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/663/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/11/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/85/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/767/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/987/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/405/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/762/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/632/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/634/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/838/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/413/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/589/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/863/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1140/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1171/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/88/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/158/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/753/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/1156/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/74/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/745/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/16/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/18/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/23/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/582/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/15/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/24/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/82/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/112/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/212/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/606/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/5/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
File opened for reading	/proc/9/cmdline	db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf

/tmp/db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
/tmp/db377226cfb8e4afd5610fe6b8b42d347824f1d81b5f75f9318a14dd6ca4641b.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1596

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads