c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc

Analysis

max time kernel
130s
max time network
141s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
30-12-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
Size

61KB
MD5

915ce9f9442ae0184ce34437bd8e611c
SHA1

0ffc260e86706684de14ab075bc0b4f4b71e23a9
SHA256

c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc
SHA512

e9f7bbc2393063dceb7295cd24ed3e1a514bbb342137f9d172fab4e4ce3d1ad72a69af1a5892130553a0a3d894e52940308c3e88a2ed10d4bab0b4c51915622c
SSDEEP

1536:MOf6FP7mQT9+CgAf92NJcJjtEUznSzdvPcifVd7c/4CSQ3:ff6BaQT9+EMc1tdzS9Pfn7q

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1566	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1565	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/635/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/790/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1061/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1159/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/21/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/102/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/417/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/499/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/587/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/683/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/732/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/963/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/25/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/78/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/907/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/86/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/413/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/216/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/427/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/764/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1157/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/75/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/85/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/208/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/263/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/315/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/520/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/680/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/74/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/80/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/799/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1092/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/377/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/788/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/96/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/198/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/722/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/736/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/15/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/76/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/775/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/901/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1104/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/22/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/740/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/23/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/77/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1052/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1155/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/3/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/4/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1156/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/19/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/93/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1053/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1124/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/641/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/993/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/1144/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/10/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/73/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/79/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/90/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
File opened for reading	/proc/101/cmdline	c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf

/tmp/c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
/tmp/c4294ee54021f0ffae62208fd9614f73e20e6ee13a8cd48c211180ffd0f3fbcc.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1565

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads