1ea61821746ea0677e2edb12a3994d37535619311ebbb617787897dd5393e34e

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
22-12-2024 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vlxx.x86_64.elf
Size

136KB
MD5

3cd2b8773d2b4015d8ebdbfbc958f05a
SHA1

54c5b7145840890f623bdba0cec2cec106ed0825
SHA256

1ea61821746ea0677e2edb12a3994d37535619311ebbb617787897dd5393e34e
SHA512

e26222a1ff4261ae5d2262bb3e2c883041fd89759dc4a50c0efc68fe20c101b74faac665974eecf3ca71d0e4c67b8d877f79f96e36f368fc80669704291ece34
SSDEEP

3072:DX+wXNsuOXWYmqnQsk11TosPipRlOaogXk72IElN7Ccy3wEymPd:DX+wXNsuOXWYmC0Puk7urEymPd

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	-"6	1571	vlxx.x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1163/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1191/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1193/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1387/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/11/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/15/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/206/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/659/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/645/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/851/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/995/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1057/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/4/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/12/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/204/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/540/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1261/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1107/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1240/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1573/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/79/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/81/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/99/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/667/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/745/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1097/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1129/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/16/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/90/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/222/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/408/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/76/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/428/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/505/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/534/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1095/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1512/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1561/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/83/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/96/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/629/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/731/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/410/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/585/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1168/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1572/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/871/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/6/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/110/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/212/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/632/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/18/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1036/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1102/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1169/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/587/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/593/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1056/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1113/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/10/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/13/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/77/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/226/cmdline	vlxx.x86_64.elf
File opened for reading	/proc/1161/cmdline	vlxx.x86_64.elf

/tmp/vlxx.x86_64.elf
/tmp/vlxx.x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1571

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads