43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681

Analysis

max time kernel
130s
max time network
144s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
01-01-2025 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
Size

74KB
MD5

bf9a68b74e954fc383f737c45d290153
SHA1

1bffc9795d707c833e826aa8ed66d6dc4539b82c
SHA256

43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681
SHA512

2f49132a3b7475c77bef156f2f96aba6ee7fdb42c4377e72461c79e4e40722bd0c3bbb591fb0c2b63d80bdc826c2fffd5b2311a12d0b1b0a1678b2418db1698c
SSDEEP

1536:wCy7rRwCMo01sMQ85CJiLBOelOi4QPFwwzxNzhwknlibBFkTVA:ly3RwCMZ1sMpKwBOelnNwWNzhDibBFU2

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2448	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2448	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1909/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/6/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/38/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/51/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1585/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1047/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1391/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1880/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/24/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/200/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/235/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/389/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/883/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1124/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1853/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/2/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/5/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/510/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/823/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/31/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/11/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/52/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1041/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/10/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/418/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/457/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1897/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1056/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1763/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1962/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/4/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/21/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/140/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/833/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/49/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/581/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/886/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/727/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1117/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/7/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/36/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/198/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/385/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1755/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/19/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/35/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/188/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1663/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1060/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/12/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/22/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/728/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/786/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1834/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/14/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/16/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/30/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1660/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/754/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/785/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1831/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/1920/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/20/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
File opened for reading	/proc/27/cmdline	43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf

/tmp/43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
/tmp/43a14ca2d0a6fe82a6342eea248b06fcecd9e24e832eeeecde442ef8a8c9d681.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2448

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads