ab89dc96234cbd5eef143d732b74ebdc375557139d7d88080701a0897c231653

Analysis

max time kernel
136s
max time network
143s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
21-12-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
Size

164KB
MD5

54b9ab4ddfac7f9e5775ee57d8007fa5
SHA1

89cae32bcd35b0738b12c7cbdb9ee996d87bcd7d
SHA256

dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca
SHA512

ab0d1a71bc59a219d0202be66872a4148a8794dfdd84e0ff4a8e4c4942d7108df1623bf38f2d2a8e6bb7dfe540b4dce09aba217117b91e1888049913ee1e8f38
SSDEEP

3072:/+DuGSfrSgwTt4n3JzYQzdPljfEom6xaERVyVqCiZYSY/NCHVoroJizBj:/+CGSfrSgwTt45zYQs/1iZLVAoJizB

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1400	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1399	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/175/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/496/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/575/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/954/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/17/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/162/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/164/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/165/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1027/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/921/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/4/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/102/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/171/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/785/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/495/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/810/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1069/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/3/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/21/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/85/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/436/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/90/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/454/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1048/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1022/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1068/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/18/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/92/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/169/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/939/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/22/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/82/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/925/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/961/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1087/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/118/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/531/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/892/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/948/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/442/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/642/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/780/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/8/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/77/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/170/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/200/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/91/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/172/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/916/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/988/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/270/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/455/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/480/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/497/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/439/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/501/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/1083/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/6/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/71/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/174/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/242/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/11/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/88/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
File opened for reading	/proc/140/cmdline	dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf

/tmp/dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
/tmp/dca359aa16005da260dac76d5baec9360796211eff6e31341b5112dbc91e7fca.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1399

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads