14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb

Analysis

max time kernel
148s
max time network
136s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20241127-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20241127-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
01/01/2025, 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
Size

61KB
MD5

d68c83c12a51fd618616376a49943063
SHA1

b39d95e7fa788d7f02c0dbd1285c77a753b269ee
SHA256

14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb
SHA512

62351406b738a9c9590faf6def8207dd2bc385530a51c53e2216e8de2e11ed00cafd1bbfbd1f445dc011aff07ef108a3b6f309a06f358b9848a48df76a912fa8
SSDEEP

1536:NVDKT4UezOte3BGkY/tIlziR2e1pQPpDCCkiiW93wSThYemr:NVDKTWzOQRZYlIlzo2e1pKp2fa3VhYem

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1419	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	1420	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
Changes the process name, possibly in an attempt to hide itself	inetd	1422	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
Changes the process name, possibly in an attempt to hide itself	nginx	1421	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
Changes the process name, possibly in an attempt to hide itself	sshd	1423	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/10/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/311/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/633/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1091/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1368/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1479/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/270/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1159/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/18/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/793/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/969/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1481/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/499/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/560/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1078/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1350/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1364/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/11/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/832/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1472/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1474/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/9/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1041/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/201/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1033/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1037/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/166/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/173/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/164/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/455/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/521/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/81/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/679/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1065/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/72/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/442/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/514/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1002/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1378/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1416/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1476/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/22/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/158/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/639/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/981/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1129/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/91/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/175/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/953/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/959/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1352/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/457/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/666/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1424/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/456/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1103/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1121/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1351/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1359/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1360/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1376/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/1357/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/71/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
File opened for reading	/proc/87/cmdline	14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf

/tmp/14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
/tmp/14d10df40a75805c1efed1320cb2c298ae0b307708817db6be2e9fe4658fabfb.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1419

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads