6d43cfea8041a95bbe199948922894fd38e4f3e09dec111a1970aa0e0ea0cc0a

Analysis

max time kernel
131s
max time network
137s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
13-12-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
Size

168KB
MD5

e90fe2a6dd20cd7cca1f438595fe3906
SHA1

5775adb8b1cc52ba68c78a2bbf71e5df0eac0329
SHA256

e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15
SHA512

224ed7728ae59e7a50af518171773bb2045e27990467c98401cf45ef22850b7cf995b6e4d20168eb8e4ec56b3d8032c0765ab642f1189f7e14599f660ed9f79e
SSDEEP

3072:mPggUlLwIKjKOzPHlyHEXGXJXewzZEvCL2AWaC/Cnm0oFeMPm/lM:mIgUlLwIKNzPHlqEXGXo3U3ouM

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2524	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2524	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/17/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/37/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/196/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/789/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1736/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/39/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/48/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/53/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1121/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1127/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1749/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1711/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/10/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/16/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/42/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/590/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1072/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1099/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/15/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/199/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/440/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1396/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1831/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1992/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1252/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1739/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/8/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/32/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/56/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/191/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/510/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1071/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1851/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/38/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1928/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/200/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/386/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/786/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1056/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/6/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/193/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1090/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/192/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/385/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/13/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/20/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/22/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/40/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/51/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/189/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/417/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/817/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1118/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/35/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/198/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/2001/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/43/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/45/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/71/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/432/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/774/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1731/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/511/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
File opened for reading	/proc/1956/cmdline	e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf

/tmp/e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
/tmp/e269623e4ffc0248a8d272b2b7956d60d291739a6d0c351587a7952f4c6cea15.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2524

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads