ed45325003e1efd1a1f7a082fdf132a0bf5dd286978217f7717a5db2fd5eb430

Analysis

max time kernel
0s
max time network
129s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
31/12/2024, 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86.elf
Size

49KB
MD5

85db3d14abf7613384ff7e247a471c81
SHA1

e034962a8d5f5acf7273a61df180b5d83c36c37a
SHA256

ed45325003e1efd1a1f7a082fdf132a0bf5dd286978217f7717a5db2fd5eb430
SHA512

84f52e9867a47e4f5c80061fb79b288778ad02272604d477b3dbab64ffd8131446e0b7249691c1dbda3f4038e015ca2906fd6cb8902ced6799d7e931100275e3
SSDEEP

1536:L58qi4Si4A/qh3EAEI3FjrDTL4P+bSTCYu:L58qi4SiJihBEmFfHo+OCYu

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1551	x86.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	1552	x86.elf
Changes the process name, possibly in an attempt to hide itself	nginx	1553	x86.elf
Changes the process name, possibly in an attempt to hide itself	inetd	1554	x86.elf
Changes the process name, possibly in an attempt to hide itself	sshd	1559	x86.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1/cmdline	x86.elf
File opened for reading	/proc/10/cmdline	x86.elf
File opened for reading	/proc/749/cmdline	x86.elf
File opened for reading	/proc/850/cmdline	x86.elf
File opened for reading	/proc/3/cmdline	x86.elf
File opened for reading	/proc/76/cmdline	x86.elf
File opened for reading	/proc/93/cmdline	x86.elf
File opened for reading	/proc/98/cmdline	x86.elf
File opened for reading	/proc/195/cmdline	x86.elf
File opened for reading	/proc/213/cmdline	x86.elf
File opened for reading	/proc/585/cmdline	x86.elf
File opened for reading	/proc/12/cmdline	x86.elf
File opened for reading	/proc/17/cmdline	x86.elf
File opened for reading	/proc/74/cmdline	x86.elf
File opened for reading	/proc/75/cmdline	x86.elf
File opened for reading	/proc/426/cmdline	x86.elf
File opened for reading	/proc/1065/cmdline	x86.elf
File opened for reading	/proc/1140/cmdline	x86.elf
File opened for reading	/proc/6/cmdline	x86.elf
File opened for reading	/proc/22/cmdline	x86.elf
File opened for reading	/proc/314/cmdline	x86.elf
File opened for reading	/proc/956/cmdline	x86.elf
File opened for reading	/proc/1515/cmdline	x86.elf
File opened for reading	/proc/20/cmdline	x86.elf
File opened for reading	/proc/593/cmdline	x86.elf
File opened for reading	/proc/768/cmdline	x86.elf
File opened for reading	/proc/73/cmdline	x86.elf
File opened for reading	/proc/635/cmdline	x86.elf
File opened for reading	/proc/746/cmdline	x86.elf
File opened for reading	/proc/775/cmdline	x86.elf
File opened for reading	/proc/1487/cmdline	x86.elf
File opened for reading	/proc/219/cmdline	x86.elf
File opened for reading	/proc/225/cmdline	x86.elf
File opened for reading	/proc/867/cmdline	x86.elf
File opened for reading	/proc/1119/cmdline	x86.elf
File opened for reading	/proc/1560/cmdline	x86.elf
File opened for reading	/proc/9/cmdline	x86.elf
File opened for reading	/proc/91/cmdline	x86.elf
File opened for reading	/proc/94/cmdline	x86.elf
File opened for reading	/proc/113/cmdline	x86.elf
File opened for reading	/proc/409/cmdline	x86.elf
File opened for reading	/proc/608/cmdline	x86.elf
File opened for reading	/proc/1032/cmdline	x86.elf
File opened for reading	/proc/1076/cmdline	x86.elf
File opened for reading	/proc/1084/cmdline	x86.elf
File opened for reading	/proc/89/cmdline	x86.elf
File opened for reading	/proc/587/cmdline	x86.elf
File opened for reading	/proc/636/cmdline	x86.elf
File opened for reading	/proc/1378/cmdline	x86.elf
File opened for reading	/proc/1507/cmdline	x86.elf
File opened for reading	/proc/85/cmdline	x86.elf
File opened for reading	/proc/92/cmdline	x86.elf
File opened for reading	/proc/119/cmdline	x86.elf
File opened for reading	/proc/506/cmdline	x86.elf
File opened for reading	/proc/661/cmdline	x86.elf
File opened for reading	/proc/990/cmdline	x86.elf
File opened for reading	/proc/1087/cmdline	x86.elf
File opened for reading	/proc/1124/cmdline	x86.elf
File opened for reading	/proc/1131/cmdline	x86.elf
File opened for reading	/proc/1157/cmdline	x86.elf
File opened for reading	/proc/1162/cmdline	x86.elf
File opened for reading	/proc/1301/cmdline	x86.elf
File opened for reading	/proc/1522/cmdline	x86.elf
File opened for reading	/proc/86/cmdline	x86.elf

/tmp/x86.elf
/tmp/x86.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1551

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads