9153da04008cd5e97675d9963cf98d07425186ac7692398a22b3aa10b441a90f

Analysis

max time kernel
150s
max time network
142s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20241127-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20241127-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
07-12-2024 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.x86.elf
Size

91KB
MD5

9c3def6ee1129b432371d09812e804e0
SHA1

4d531c64564940d35520a84294b5787b717765c2
SHA256

9153da04008cd5e97675d9963cf98d07425186ac7692398a22b3aa10b441a90f
SHA512

e007735ec779ffbc71aa9c3c23f67ee04d8dc45142320cb8377436b81ca67add99763b7caaa99aad3d4dbd049f3995578ff31e46a9cf7e0deeeea7b8fefae9d1
SSDEEP

1536:oFd1IRgCXUzx7t0fMbxqgQEiyhcg+7ju72wPZnWhZS5xtY+v:oFdmR9XUzxh0fMdqgQEimEjLAdew5bv

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	1418	bot.x86.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/163/cmdline	bot.x86.elf
File opened for reading	/proc/1462/cmdline	bot.x86.elf
File opened for reading	/proc/1093/cmdline	bot.x86.elf
File opened for reading	/proc/1434/cmdline	bot.x86.elf
File opened for reading	/proc/1455/cmdline	bot.x86.elf
File opened for reading	/proc/1459/cmdline	bot.x86.elf
File opened for reading	/proc/87/cmdline	bot.x86.elf
File opened for reading	/proc/790/cmdline	bot.x86.elf
File opened for reading	/proc/906/cmdline	bot.x86.elf
File opened for reading	/proc/1037/cmdline	bot.x86.elf
File opened for reading	/proc/1487/cmdline	bot.x86.elf
File opened for reading	/proc/1452/cmdline	bot.x86.elf
File opened for reading	/proc/311/cmdline	bot.x86.elf
File opened for reading	/proc/73/cmdline	bot.x86.elf
File opened for reading	/proc/443/cmdline	bot.x86.elf
File opened for reading	/proc/18/cmdline	bot.x86.elf
File opened for reading	/proc/19/cmdline	bot.x86.elf
File opened for reading	/proc/1129/cmdline	bot.x86.elf
File opened for reading	/proc/1467/cmdline	bot.x86.elf
File opened for reading	/proc/23/cmdline	bot.x86.elf
File opened for reading	/proc/176/cmdline	bot.x86.elf
File opened for reading	/proc/670/cmdline	bot.x86.elf
File opened for reading	/proc/1054/cmdline	bot.x86.elf
File opened for reading	/proc/2/cmdline	bot.x86.elf
File opened for reading	/proc/76/cmdline	bot.x86.elf
File opened for reading	/proc/639/cmdline	bot.x86.elf
File opened for reading	/proc/895/cmdline	bot.x86.elf
File opened for reading	/proc/1405/cmdline	bot.x86.elf
File opened for reading	/proc/1482/cmdline	bot.x86.elf
File opened for reading	/proc/171/cmdline	bot.x86.elf
File opened for reading	/proc/270/cmdline	bot.x86.elf
File opened for reading	/proc/633/cmdline	bot.x86.elf
File opened for reading	/proc/1360/cmdline	bot.x86.elf
File opened for reading	/proc/162/cmdline	bot.x86.elf
File opened for reading	/proc/877/cmdline	bot.x86.elf
File opened for reading	/proc/1364/cmdline	bot.x86.elf
File opened for reading	/proc/1490/cmdline	bot.x86.elf
File opened for reading	/proc/1386/cmdline	bot.x86.elf
File opened for reading	/proc/1421/cmdline	bot.x86.elf
File opened for reading	/proc/1436/cmdline	bot.x86.elf
File opened for reading	/proc/118/cmdline	bot.x86.elf
File opened for reading	/proc/167/cmdline	bot.x86.elf
File opened for reading	/proc/768/cmdline	bot.x86.elf
File opened for reading	/proc/995/cmdline	bot.x86.elf
File opened for reading	/proc/201/cmdline	bot.x86.elf
File opened for reading	/proc/492/cmdline	bot.x86.elf
File opened for reading	/proc/16/cmdline	bot.x86.elf
File opened for reading	/proc/105/cmdline	bot.x86.elf
File opened for reading	/proc/158/cmdline	bot.x86.elf
File opened for reading	/proc/175/cmdline	bot.x86.elf
File opened for reading	/proc/1444/cmdline	bot.x86.elf
File opened for reading	/proc/1486/cmdline	bot.x86.elf
File opened for reading	/proc/1449/cmdline	bot.x86.elf
File opened for reading	/proc/10/cmdline	bot.x86.elf
File opened for reading	/proc/77/cmdline	bot.x86.elf
File opened for reading	/proc/515/cmdline	bot.x86.elf
File opened for reading	/proc/1121/cmdline	bot.x86.elf
File opened for reading	/proc/81/cmdline	bot.x86.elf
File opened for reading	/proc/490/cmdline	bot.x86.elf
File opened for reading	/proc/773/cmdline	bot.x86.elf
File opened for reading	/proc/1479/cmdline	bot.x86.elf
File opened for reading	/proc/449/cmdline	bot.x86.elf
File opened for reading	/proc/504/cmdline	bot.x86.elf
File opened for reading	/proc/1028/cmdline	bot.x86.elf

/tmp/bot.x86.elf
/tmp/bot.x86.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1418

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads