987197793b510546ae71404e1b94368d82ff874c643f3430508429187e764218

Analysis

max time kernel
0s
max time network
16s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
11-12-2024 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iwir64
Size

164KB
MD5

f4d0efeac26a54fc80b89808192df4ef
SHA1

319ff7c3b4ca42095c1f8e0699257e470c15dd07
SHA256

987197793b510546ae71404e1b94368d82ff874c643f3430508429187e764218
SHA512

56efd6f5a55d5573ceddbeb5b154f2b431581e15a5eaf4c28f8d7fcf3ff3314ddc131732bda379254852d028e7530aa5faf3f2100c4a7e195501164d37fbca71
SSDEEP

3072:Lm9vRQaLBVxFt4xmjgROVreJQjz/dlKB/rPVyOivmFHxtLNsDVzLGw9c:LmNRQaLBDFt4sgRO0UG7XFGVPGw9

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2528	iwir64

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2527	iwir64

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/71/cmdline	iwir64
File opened for reading	/proc/192/cmdline	iwir64
File opened for reading	/proc/195/cmdline	iwir64
File opened for reading	/proc/780/cmdline	iwir64
File opened for reading	/proc/16/cmdline	iwir64
File opened for reading	/proc/46/cmdline	iwir64
File opened for reading	/proc/49/cmdline	iwir64
File opened for reading	/proc/1389/cmdline	iwir64
File opened for reading	/proc/1391/cmdline	iwir64
File opened for reading	/proc/1731/cmdline	iwir64
File opened for reading	/proc/1900/cmdline	iwir64
File opened for reading	/proc/27/cmdline	iwir64
File opened for reading	/proc/36/cmdline	iwir64
File opened for reading	/proc/189/cmdline	iwir64
File opened for reading	/proc/1084/cmdline	iwir64
File opened for reading	/proc/1936/cmdline	iwir64
File opened for reading	/proc/1947/cmdline	iwir64
File opened for reading	/proc/1975/cmdline	iwir64
File opened for reading	/proc/6/cmdline	iwir64
File opened for reading	/proc/182/cmdline	iwir64
File opened for reading	/proc/201/cmdline	iwir64
File opened for reading	/proc/887/cmdline	iwir64
File opened for reading	/proc/1047/cmdline	iwir64
File opened for reading	/proc/1701/cmdline	iwir64
File opened for reading	/proc/44/cmdline	iwir64
File opened for reading	/proc/54/cmdline	iwir64
File opened for reading	/proc/786/cmdline	iwir64
File opened for reading	/proc/4/cmdline	iwir64
File opened for reading	/proc/14/cmdline	iwir64
File opened for reading	/proc/18/cmdline	iwir64
File opened for reading	/proc/502/cmdline	iwir64
File opened for reading	/proc/1993/cmdline	iwir64
File opened for reading	/proc/1078/cmdline	iwir64
File opened for reading	/proc/1117/cmdline	iwir64
File opened for reading	/proc/51/cmdline	iwir64
File opened for reading	/proc/65/cmdline	iwir64
File opened for reading	/proc/821/cmdline	iwir64
File opened for reading	/proc/512/cmdline	iwir64
File opened for reading	/proc/759/cmdline	iwir64
File opened for reading	/proc/784/cmdline	iwir64
File opened for reading	/proc/825/cmdline	iwir64
File opened for reading	/proc/1120/cmdline	iwir64
File opened for reading	/proc/15/cmdline	iwir64
File opened for reading	/proc/200/cmdline	iwir64
File opened for reading	/proc/235/cmdline	iwir64
File opened for reading	/proc/1999/cmdline	iwir64
File opened for reading	/proc/384/cmdline	iwir64
File opened for reading	/proc/732/cmdline	iwir64
File opened for reading	/proc/1989/cmdline	iwir64
File opened for reading	/proc/38/cmdline	iwir64
File opened for reading	/proc/43/cmdline	iwir64
File opened for reading	/proc/196/cmdline	iwir64
File opened for reading	/proc/1062/cmdline	iwir64
File opened for reading	/proc/1729/cmdline	iwir64
File opened for reading	/proc/2/cmdline	iwir64
File opened for reading	/proc/10/cmdline	iwir64
File opened for reading	/proc/45/cmdline	iwir64
File opened for reading	/proc/729/cmdline	iwir64
File opened for reading	/proc/1876/cmdline	iwir64
File opened for reading	/proc/1951/cmdline	iwir64
File opened for reading	/proc/21/cmdline	iwir64
File opened for reading	/proc/23/cmdline	iwir64
File opened for reading	/proc/30/cmdline	iwir64
File opened for reading	/proc/1995/cmdline	iwir64

/tmp/iwir64
/tmp/iwir64
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2527

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads