987197793b510546ae71404e1b94368d82ff874c643f3430508429187e764218

Analysis

max time kernel
139s
max time network
142s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
07-12-2024 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iwir64.elf
Size

164KB
MD5

f4d0efeac26a54fc80b89808192df4ef
SHA1

319ff7c3b4ca42095c1f8e0699257e470c15dd07
SHA256

987197793b510546ae71404e1b94368d82ff874c643f3430508429187e764218
SHA512

56efd6f5a55d5573ceddbeb5b154f2b431581e15a5eaf4c28f8d7fcf3ff3314ddc131732bda379254852d028e7530aa5faf3f2100c4a7e195501164d37fbca71
SSDEEP

3072:Lm9vRQaLBVxFt4xmjgROVreJQjz/dlKB/rPVyOivmFHxtLNsDVzLGw9c:LmNRQaLBDFt4sgRO0UG7XFGVPGw9

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1588	iwir64.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1587	iwir64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/600/cmdline	iwir64.elf
File opened for reading	/proc/634/cmdline	iwir64.elf
File opened for reading	/proc/13/cmdline	iwir64.elf
File opened for reading	/proc/308/cmdline	iwir64.elf
File opened for reading	/proc/210/cmdline	iwir64.elf
File opened for reading	/proc/1097/cmdline	iwir64.elf
File opened for reading	/proc/90/cmdline	iwir64.elf
File opened for reading	/proc/772/cmdline	iwir64.elf
File opened for reading	/proc/833/cmdline	iwir64.elf
File opened for reading	/proc/838/cmdline	iwir64.elf
File opened for reading	/proc/953/cmdline	iwir64.elf
File opened for reading	/proc/15/cmdline	iwir64.elf
File opened for reading	/proc/85/cmdline	iwir64.elf
File opened for reading	/proc/597/cmdline	iwir64.elf
File opened for reading	/proc/1116/cmdline	iwir64.elf
File opened for reading	/proc/80/cmdline	iwir64.elf
File opened for reading	/proc/93/cmdline	iwir64.elf
File opened for reading	/proc/1130/cmdline	iwir64.elf
File opened for reading	/proc/1177/cmdline	iwir64.elf
File opened for reading	/proc/16/cmdline	iwir64.elf
File opened for reading	/proc/840/cmdline	iwir64.elf
File opened for reading	/proc/213/cmdline	iwir64.elf
File opened for reading	/proc/678/cmdline	iwir64.elf
File opened for reading	/proc/91/cmdline	iwir64.elf
File opened for reading	/proc/767/cmdline	iwir64.elf
File opened for reading	/proc/779/cmdline	iwir64.elf
File opened for reading	/proc/968/cmdline	iwir64.elf
File opened for reading	/proc/1142/cmdline	iwir64.elf
File opened for reading	/proc/18/cmdline	iwir64.elf
File opened for reading	/proc/88/cmdline	iwir64.elf
File opened for reading	/proc/780/cmdline	iwir64.elf
File opened for reading	/proc/1009/cmdline	iwir64.elf
File opened for reading	/proc/24/cmdline	iwir64.elf
File opened for reading	/proc/259/cmdline	iwir64.elf
File opened for reading	/proc/503/cmdline	iwir64.elf
File opened for reading	/proc/582/cmdline	iwir64.elf
File opened for reading	/proc/745/cmdline	iwir64.elf
File opened for reading	/proc/79/cmdline	iwir64.elf
File opened for reading	/proc/82/cmdline	iwir64.elf
File opened for reading	/proc/584/cmdline	iwir64.elf
File opened for reading	/proc/762/cmdline	iwir64.elf
File opened for reading	/proc/1176/cmdline	iwir64.elf
File opened for reading	/proc/409/cmdline	iwir64.elf
File opened for reading	/proc/527/cmdline	iwir64.elf
File opened for reading	/proc/502/cmdline	iwir64.elf
File opened for reading	/proc/650/cmdline	iwir64.elf
File opened for reading	/proc/1081/cmdline	iwir64.elf
File opened for reading	/proc/6/cmdline	iwir64.elf
File opened for reading	/proc/11/cmdline	iwir64.elf
File opened for reading	/proc/81/cmdline	iwir64.elf
File opened for reading	/proc/446/cmdline	iwir64.elf
File opened for reading	/proc/4/cmdline	iwir64.elf
File opened for reading	/proc/14/cmdline	iwir64.elf
File opened for reading	/proc/94/cmdline	iwir64.elf
File opened for reading	/proc/118/cmdline	iwir64.elf
File opened for reading	/proc/219/cmdline	iwir64.elf
File opened for reading	/proc/425/cmdline	iwir64.elf
File opened for reading	/proc/1090/cmdline	iwir64.elf
File opened for reading	/proc/1174/cmdline	iwir64.elf
File opened for reading	/proc/2/cmdline	iwir64.elf
File opened for reading	/proc/21/cmdline	iwir64.elf
File opened for reading	/proc/89/cmdline	iwir64.elf
File opened for reading	/proc/92/cmdline	iwir64.elf
File opened for reading	/proc/112/cmdline	iwir64.elf

/tmp/iwir64.elf
/tmp/iwir64.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1587

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads