d2122c41d49284ef9342d203a2bffe9ab352aceaad857c444b56db62c8667c20

Analysis

max time kernel
149s
max time network
137s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
24-12-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
Size

140KB
MD5

949645a3b626bed43c941e3f28d529e1
SHA1

7dbd12e0860813e87a7023fe44bd6b212ec2f9bf
SHA256

8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd
SHA512

235e9c1d9a1c974c193178593cf511c8f21c75e2b30e60cccbfa6c9ea0c9fd4702a16fdf07791ff39850b7e3075d9ba563e69d42bf3c49c63e276d3b4d98fbb4
SSDEEP

3072:mTUTfCdO6FFto6z6EwKhc/t/ekNaogMewcgsK027uPOlM:mTUTfCdO6FFto6cwwQdAM

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	1577	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/221/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/311/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/425/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1172/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1421/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/17/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/23/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/216/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/222/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/310/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/777/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1158/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1279/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/4/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/82/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1405/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/590/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/606/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1176/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1408/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/93/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/211/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/692/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1291/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1324/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1461/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1591/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/3/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/602/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/675/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1201/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/7/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/19/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/20/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/21/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/582/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/747/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/767/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/779/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/12/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/864/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1171/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/738/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/987/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1094/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/75/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/80/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/405/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/589/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/772/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/988/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1077/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1090/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/26/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/101/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1156/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/1397/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/218/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/599/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/631/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/25/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/109/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
File opened for reading	/proc/585/cmdline	8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf

/tmp/8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
/tmp/8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1577

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads