f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4

Analysis

max time kernel
149s
max time network
148s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
18-12-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.x86_64.elf
Size

140KB
MD5

40441cd25f19fe8f6ab3129f1430dcb5
SHA1

d276d4ba83538119f92cb4144594dd488e4931c3
SHA256

f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4
SHA512

c069a69dfd6f2627e734983f0094d2e946726f90c791277b3ad78d2ec2927d724b0521bc0b08707160e03401a1a1ecbc67261f66bde81772e3a43f52ffe7138a
SSDEEP

3072:mTUTfCdO6FFto6M6EwKhc/t/ekNaogMewcgsK027uPOlM:mTUTfCdO6FFto67wwQdAM

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	2514	bot.x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/4/cmdline	bot.x86_64.elf
File opened for reading	/proc/5/cmdline	bot.x86_64.elf
File opened for reading	/proc/828/cmdline	bot.x86_64.elf
File opened for reading	/proc/1716/cmdline	bot.x86_64.elf
File opened for reading	/proc/2542/cmdline	bot.x86_64.elf
File opened for reading	/proc/9/cmdline	bot.x86_64.elf
File opened for reading	/proc/52/cmdline	bot.x86_64.elf
File opened for reading	/proc/1410/cmdline	bot.x86_64.elf
File opened for reading	/proc/1911/cmdline	bot.x86_64.elf
File opened for reading	/proc/7/cmdline	bot.x86_64.elf
File opened for reading	/proc/11/cmdline	bot.x86_64.elf
File opened for reading	/proc/21/cmdline	bot.x86_64.elf
File opened for reading	/proc/28/cmdline	bot.x86_64.elf
File opened for reading	/proc/275/cmdline	bot.x86_64.elf
File opened for reading	/proc/578/cmdline	bot.x86_64.elf
File opened for reading	/proc/1987/cmdline	bot.x86_64.elf
File opened for reading	/proc/2123/cmdline	bot.x86_64.elf
File opened for reading	/proc/2359/cmdline	bot.x86_64.elf
File opened for reading	/proc/2513/cmdline	bot.x86_64.elf
File opened for reading	/proc/2272/cmdline	bot.x86_64.elf
File opened for reading	/proc/10/cmdline	bot.x86_64.elf
File opened for reading	/proc/24/cmdline	bot.x86_64.elf
File opened for reading	/proc/33/cmdline	bot.x86_64.elf
File opened for reading	/proc/37/cmdline	bot.x86_64.elf
File opened for reading	/proc/41/cmdline	bot.x86_64.elf
File opened for reading	/proc/1909/cmdline	bot.x86_64.elf
File opened for reading	/proc/2031/cmdline	bot.x86_64.elf
File opened for reading	/proc/2322/cmdline	bot.x86_64.elf
File opened for reading	/proc/2512/cmdline	bot.x86_64.elf
File opened for reading	/proc/2515/cmdline	bot.x86_64.elf
File opened for reading	/proc/2/cmdline	bot.x86_64.elf
File opened for reading	/proc/44/cmdline	bot.x86_64.elf
File opened for reading	/proc/1048/cmdline	bot.x86_64.elf
File opened for reading	/proc/1992/cmdline	bot.x86_64.elf
File opened for reading	/proc/2265/cmdline	bot.x86_64.elf
File opened for reading	/proc/60/cmdline	bot.x86_64.elf
File opened for reading	/proc/66/cmdline	bot.x86_64.elf
File opened for reading	/proc/80/cmdline	bot.x86_64.elf
File opened for reading	/proc/190/cmdline	bot.x86_64.elf
File opened for reading	/proc/794/cmdline	bot.x86_64.elf
File opened for reading	/proc/815/cmdline	bot.x86_64.elf
File opened for reading	/proc/1123/cmdline	bot.x86_64.elf
File opened for reading	/proc/1833/cmdline	bot.x86_64.elf
File opened for reading	/proc/2151/cmdline	bot.x86_64.elf
File opened for reading	/proc/43/cmdline	bot.x86_64.elf
File opened for reading	/proc/1125/cmdline	bot.x86_64.elf
File opened for reading	/proc/1127/cmdline	bot.x86_64.elf
File opened for reading	/proc/1352/cmdline	bot.x86_64.elf
File opened for reading	/proc/1933/cmdline	bot.x86_64.elf
File opened for reading	/proc/56/cmdline	bot.x86_64.elf
File opened for reading	/proc/2055/cmdline	bot.x86_64.elf
File opened for reading	/proc/2516/cmdline	bot.x86_64.elf
File opened for reading	/proc/23/cmdline	bot.x86_64.elf
File opened for reading	/proc/49/cmdline	bot.x86_64.elf
File opened for reading	/proc/192/cmdline	bot.x86_64.elf
File opened for reading	/proc/773/cmdline	bot.x86_64.elf
File opened for reading	/proc/2284/cmdline	bot.x86_64.elf
File opened for reading	/proc/2287/cmdline	bot.x86_64.elf
File opened for reading	/proc/45/cmdline	bot.x86_64.elf
File opened for reading	/proc/71/cmdline	bot.x86_64.elf
File opened for reading	/proc/197/cmdline	bot.x86_64.elf
File opened for reading	/proc/584/cmdline	bot.x86_64.elf
File opened for reading	/proc/1887/cmdline	bot.x86_64.elf
File opened for reading	/proc/2216/cmdline	bot.x86_64.elf

/tmp/bot.x86_64.elf
/tmp/bot.x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:2514

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads