a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737

Analysis

max time kernel
148s
max time network
150s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
31/12/2024, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
Size

58KB
MD5

bf0e1ee689ffe3473103a7c67c55c936
SHA1

19f42093ca6c3b6b921858c663ec04bf2ddd34d5
SHA256

a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737
SHA512

de85dd5eb56040ba4d02049e4269389b4f2fee6a5543f904f225f0863c2debbb1b603aebf90e7919e54937d51a388fe1054e3e934d5178ff97d181bd83ee1b77
SSDEEP

1536:C1FXEl+pSHyjhqIP5kZJrQ/9tHRk4VaUU2unh0fIh87nCYv:4hEUpSH28IBkZJrQ/HG8aUU/uA87nCYv

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1401	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	1402	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
Changes the process name, possibly in an attempt to hide itself	inetd	1404	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
Changes the process name, possibly in an attempt to hide itself	nginx	1403	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
Changes the process name, possibly in an attempt to hide itself	sshd	1405	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/963/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1056/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1347/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1395/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1399/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/177/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/900/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1047/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1401/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/167/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/670/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/921/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1377/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/595/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1453/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/397/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/12/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/71/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/75/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/172/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/24/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/584/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1456/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/23/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/70/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/90/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/174/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/17/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1345/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/663/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1090/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/163/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/445/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/8/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/578/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/510/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/927/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1454/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/7/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/93/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1105/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/2/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/91/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/398/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1076/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/618/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/73/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/159/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/175/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/456/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/85/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/503/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/634/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/686/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/9/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/21/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/201/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/619/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/776/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/956/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1149/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/1205/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/82/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
File opened for reading	/proc/140/cmdline	a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf

/tmp/a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
/tmp/a54bdceeffd63e5d4cb98b5d825662259357b1b6f0711e884049ae70d71e1737.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1401

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads