987197793b510546ae71404e1b94368d82ff874c643f3430508429187e764218

Analysis

max time kernel
148s
max time network
151s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
07/12/2024, 02:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

iwir64.elf
Size

164KB
MD5

f4d0efeac26a54fc80b89808192df4ef
SHA1

319ff7c3b4ca42095c1f8e0699257e470c15dd07
SHA256

987197793b510546ae71404e1b94368d82ff874c643f3430508429187e764218
SHA512

56efd6f5a55d5573ceddbeb5b154f2b431581e15a5eaf4c28f8d7fcf3ff3314ddc131732bda379254852d028e7530aa5faf3f2100c4a7e195501164d37fbca71
SSDEEP

3072:Lm9vRQaLBVxFt4xmjgROVreJQjz/dlKB/rPVyOivmFHxtLNsDVzLGw9c:LmNRQaLBDFt4sgRO0UG7XFGVPGw9

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2818	iwir64.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2817	iwir64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/829/cmdline	iwir64.elf
File opened for reading	/proc/2255/cmdline	iwir64.elf
File opened for reading	/proc/41/cmdline	iwir64.elf
File opened for reading	/proc/53/cmdline	iwir64.elf
File opened for reading	/proc/201/cmdline	iwir64.elf
File opened for reading	/proc/275/cmdline	iwir64.elf
File opened for reading	/proc/377/cmdline	iwir64.elf
File opened for reading	/proc/438/cmdline	iwir64.elf
File opened for reading	/proc/2/cmdline	iwir64.elf
File opened for reading	/proc/38/cmdline	iwir64.elf
File opened for reading	/proc/2036/cmdline	iwir64.elf
File opened for reading	/proc/2143/cmdline	iwir64.elf
File opened for reading	/proc/2311/cmdline	iwir64.elf
File opened for reading	/proc/511/cmdline	iwir64.elf
File opened for reading	/proc/582/cmdline	iwir64.elf
File opened for reading	/proc/51/cmdline	iwir64.elf
File opened for reading	/proc/181/cmdline	iwir64.elf
File opened for reading	/proc/1111/cmdline	iwir64.elf
File opened for reading	/proc/22/cmdline	iwir64.elf
File opened for reading	/proc/28/cmdline	iwir64.elf
File opened for reading	/proc/197/cmdline	iwir64.elf
File opened for reading	/proc/1118/cmdline	iwir64.elf
File opened for reading	/proc/2116/cmdline	iwir64.elf
File opened for reading	/proc/2327/cmdline	iwir64.elf
File opened for reading	/proc/5/cmdline	iwir64.elf
File opened for reading	/proc/194/cmdline	iwir64.elf
File opened for reading	/proc/188/cmdline	iwir64.elf
File opened for reading	/proc/2123/cmdline	iwir64.elf
File opened for reading	/proc/16/cmdline	iwir64.elf
File opened for reading	/proc/26/cmdline	iwir64.elf
File opened for reading	/proc/199/cmdline	iwir64.elf
File opened for reading	/proc/235/cmdline	iwir64.elf
File opened for reading	/proc/2243/cmdline	iwir64.elf
File opened for reading	/proc/10/cmdline	iwir64.elf
File opened for reading	/proc/12/cmdline	iwir64.elf
File opened for reading	/proc/47/cmdline	iwir64.elf
File opened for reading	/proc/54/cmdline	iwir64.elf
File opened for reading	/proc/432/cmdline	iwir64.elf
File opened for reading	/proc/1067/cmdline	iwir64.elf
File opened for reading	/proc/27/cmdline	iwir64.elf
File opened for reading	/proc/40/cmdline	iwir64.elf
File opened for reading	/proc/501/cmdline	iwir64.elf
File opened for reading	/proc/1059/cmdline	iwir64.elf
File opened for reading	/proc/1346/cmdline	iwir64.elf
File opened for reading	/proc/2039/cmdline	iwir64.elf
File opened for reading	/proc/49/cmdline	iwir64.elf
File opened for reading	/proc/357/cmdline	iwir64.elf
File opened for reading	/proc/794/cmdline	iwir64.elf
File opened for reading	/proc/887/cmdline	iwir64.elf
File opened for reading	/proc/1114/cmdline	iwir64.elf
File opened for reading	/proc/1406/cmdline	iwir64.elf
File opened for reading	/proc/2319/cmdline	iwir64.elf
File opened for reading	/proc/17/cmdline	iwir64.elf
File opened for reading	/proc/20/cmdline	iwir64.elf
File opened for reading	/proc/56/cmdline	iwir64.elf
File opened for reading	/proc/2131/cmdline	iwir64.elf
File opened for reading	/proc/2210/cmdline	iwir64.elf
File opened for reading	/proc/6/cmdline	iwir64.elf
File opened for reading	/proc/48/cmdline	iwir64.elf
File opened for reading	/proc/198/cmdline	iwir64.elf
File opened for reading	/proc/512/cmdline	iwir64.elf
File opened for reading	/proc/736/cmdline	iwir64.elf
File opened for reading	/proc/2157/cmdline	iwir64.elf
File opened for reading	/proc/2232/cmdline	iwir64.elf

/tmp/iwir64.elf
/tmp/iwir64.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2817

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads