c0853bcd3dbad9c90f9a36777bfa8267b826be4c9bcc648ae8970283b8d9a61f

Analysis

max time kernel
148s
max time network
149s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
15/12/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86_64.elf
Size

69KB
MD5

62cd44df9418a39562b7b095fa85dc77
SHA1

e36804186928c90fdbf42228db853ab6eaad1e6d
SHA256

c0853bcd3dbad9c90f9a36777bfa8267b826be4c9bcc648ae8970283b8d9a61f
SHA512

7dc0f4ba6997867fb8fa0cb99cb53ed793b05e7e2bbedd6a106918dac315017e65e15d3f0e86647ebf6ed02f0cb75c852a5da3f681e9acca9b3155c4b208c992
SSDEEP

1536:9EgMexI2A0O8ImDQ5uuCr6s7FMt+cz0ALwwO05/pAM7wVCY6:9zMeq2A0tImDQ5uuCr6s7FKzz025O07J

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1558	x86_64.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	1559	x86_64.elf
Changes the process name, possibly in an attempt to hide itself	nginx	1560	x86_64.elf
Changes the process name, possibly in an attempt to hide itself	inetd	1561	x86_64.elf
Changes the process name, possibly in an attempt to hide itself	sshd	1562	x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/772/cmdline	x86_64.elf
File opened for reading	/proc/1307/cmdline	x86_64.elf
File opened for reading	/proc/27/cmdline	x86_64.elf
File opened for reading	/proc/86/cmdline	x86_64.elf
File opened for reading	/proc/98/cmdline	x86_64.elf
File opened for reading	/proc/643/cmdline	x86_64.elf
File opened for reading	/proc/1134/cmdline	x86_64.elf
File opened for reading	/proc/93/cmdline	x86_64.elf
File opened for reading	/proc/414/cmdline	x86_64.elf
File opened for reading	/proc/629/cmdline	x86_64.elf
File opened for reading	/proc/1080/cmdline	x86_64.elf
File opened for reading	/proc/22/cmdline	x86_64.elf
File opened for reading	/proc/868/cmdline	x86_64.elf
File opened for reading	/proc/1244/cmdline	x86_64.elf
File opened for reading	/proc/3/cmdline	x86_64.elf
File opened for reading	/proc/74/cmdline	x86_64.elf
File opened for reading	/proc/660/cmdline	x86_64.elf
File opened for reading	/proc/10/cmdline	x86_64.elf
File opened for reading	/proc/17/cmdline	x86_64.elf
File opened for reading	/proc/1259/cmdline	x86_64.elf
File opened for reading	/proc/1269/cmdline	x86_64.elf
File opened for reading	/proc/1499/cmdline	x86_64.elf
File opened for reading	/proc/1096/cmdline	x86_64.elf
File opened for reading	/proc/1170/cmdline	x86_64.elf
File opened for reading	/proc/1213/cmdline	x86_64.elf
File opened for reading	/proc/1262/cmdline	x86_64.elf
File opened for reading	/proc/739/cmdline	x86_64.elf
File opened for reading	/proc/1094/cmdline	x86_64.elf
File opened for reading	/proc/1382/cmdline	x86_64.elf
File opened for reading	/proc/1453/cmdline	x86_64.elf
File opened for reading	/proc/9/cmdline	x86_64.elf
File opened for reading	/proc/195/cmdline	x86_64.elf
File opened for reading	/proc/524/cmdline	x86_64.elf
File opened for reading	/proc/656/cmdline	x86_64.elf
File opened for reading	/proc/205/cmdline	x86_64.elf
File opened for reading	/proc/1108/cmdline	x86_64.elf
File opened for reading	/proc/1217/cmdline	x86_64.elf
File opened for reading	/proc/1218/cmdline	x86_64.elf
File opened for reading	/proc/858/cmdline	x86_64.elf
File opened for reading	/proc/1163/cmdline	x86_64.elf
File opened for reading	/proc/1165/cmdline	x86_64.elf
File opened for reading	/proc/81/cmdline	x86_64.elf
File opened for reading	/proc/82/cmdline	x86_64.elf
File opened for reading	/proc/200/cmdline	x86_64.elf
File opened for reading	/proc/426/cmdline	x86_64.elf
File opened for reading	/proc/1219/cmdline	x86_64.elf
File opened for reading	/proc/1241/cmdline	x86_64.elf
File opened for reading	/proc/1336/cmdline	x86_64.elf
File opened for reading	/proc/4/cmdline	x86_64.elf
File opened for reading	/proc/19/cmdline	x86_64.elf
File opened for reading	/proc/75/cmdline	x86_64.elf
File opened for reading	/proc/1167/cmdline	x86_64.elf
File opened for reading	/proc/197/cmdline	x86_64.elf
File opened for reading	/proc/209/cmdline	x86_64.elf
File opened for reading	/proc/498/cmdline	x86_64.elf
File opened for reading	/proc/735/cmdline	x86_64.elf
File opened for reading	/proc/13/cmdline	x86_64.elf
File opened for reading	/proc/14/cmdline	x86_64.elf
File opened for reading	/proc/83/cmdline	x86_64.elf
File opened for reading	/proc/96/cmdline	x86_64.elf
File opened for reading	/proc/1111/cmdline	x86_64.elf
File opened for reading	/proc/23/cmdline	x86_64.elf
File opened for reading	/proc/76/cmdline	x86_64.elf
File opened for reading	/proc/89/cmdline	x86_64.elf

/tmp/x86_64.elf
/tmp/x86_64.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1558

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads