e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15

Analysis

max time kernel
134s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
12-12-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
Size

168KB
MD5

e90fe2a6dd20cd7cca1f438595fe3906
SHA1

5775adb8b1cc52ba68c78a2bbf71e5df0eac0329
SHA256

e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15
SHA512

224ed7728ae59e7a50af518171773bb2045e27990467c98401cf45ef22850b7cf995b6e4d20168eb8e4ec56b3d8032c0765ab642f1189f7e14599f660ed9f79e
SSDEEP

3072:mPggUlLwIKjKOzPHlyHEXGXJXewzZEvCL2AWaC/Cnm0oFeMPm/lM:mIgUlLwIKNzPHlqEXGXo3U3ouM

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2494	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2494	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/51/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/814/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1407/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1704/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/191/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/338/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/384/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/589/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1126/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/45/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/63/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/756/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1875/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/2/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/7/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/52/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/148/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1849/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/11/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/23/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/418/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1959/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/3/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/19/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/21/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1095/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1348/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/47/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/189/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1948/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1969/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/43/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/50/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1125/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/70/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/190/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1926/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/24/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/29/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/42/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/46/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/49/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1965/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/79/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/188/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1961/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1967/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/37/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/41/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/56/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/436/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1894/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/752/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1706/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1896/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1809/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1968/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/25/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/53/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/54/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1060/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1083/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/778/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/791/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf

/tmp/e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
/tmp/e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2494

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads