dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca

Analysis

max time kernel
135s
max time network
151s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
20/12/2024, 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
Size

164KB
MD5

54b9ab4ddfac7f9e5775ee57d8007fa5
SHA1

89cae32bcd35b0738b12c7cbdb9ee996d87bcd7d
SHA256

dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca
SHA512

ab0d1a71bc59a219d0202be66872a4148a8794dfdd84e0ff4a8e4c4942d7108df1623bf38f2d2a8e6bb7dfe540b4dce09aba217117b91e1888049913ee1e8f38
SSDEEP

3072:/+DuGSfrSgwTt4n3JzYQzdPljfEom6xaERVyVqCiZYSY/NCHVoroJizBj:/+CGSfrSgwTt45zYQs/1iZLVAoJizB

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3639	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	3638	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/14/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1255/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/440/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1068/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1124/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/2977/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/3004/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/2/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/18/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/586/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1084/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1047/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/3050/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/12/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/17/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/67/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/762/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/23/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/24/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/191/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/3141/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/19/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/45/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/51/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/805/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/2830/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/2951/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/3091/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/65/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/182/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/201/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/274/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/2835/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/383/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/779/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/853/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1838/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/3001/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/20/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/53/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/194/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/2811/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/418/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/514/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/593/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1053/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/3/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/15/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/32/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/389/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/6/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/2825/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/3134/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/432/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1121/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/2944/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/4/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/5/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/8/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/195/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/757/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/21/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/37/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/50/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf

/tmp/dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
/tmp/dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:3638

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads