21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc

Analysis

max time kernel
147s
max time network
148s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
26-12-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
Size

70KB
MD5

a3a91d4d7b1a2a5ae8220ca1b8cc836b
SHA1

76a2fff69bde33fb736b5c36e6ee5248f434cacb
SHA256

21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc
SHA512

3fe6799d7b4b3ca9ce58162c713f956abef7f6026618b757d0e45a9dc7c03c759e5e99fc0725693b8d92d786db75c94e90a5ab10f1276f0c024f3edac7c42f31
SSDEEP

1536:GBEtqb9a7oY6uHhK0ygRZKbBqAFcVfP57atD9kuQTGJ0OGjnR:htYQsYFwERYVqAFcxPctD6TGOO+R

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2465	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2464	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1939/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/4/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/18/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/19/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/199/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1791/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1930/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/24/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1060/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1674/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1896/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1932/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1946/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/22/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/26/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/38/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/41/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1657/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/888/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1055/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/8/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/9/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/15/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/31/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/514/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/572/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1936/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/17/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/192/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/583/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1391/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/11/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/33/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/34/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/235/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/418/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/515/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/5/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/70/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/196/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/197/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/190/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/202/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/386/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/765/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1085/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/3/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/39/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/49/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/53/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1882/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/30/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/55/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/123/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/390/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/759/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/782/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/16/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/198/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/40/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/43/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/458/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/1687/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
File opened for reading	/proc/45/cmdline	21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf

/tmp/21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
/tmp/21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2464

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads