1b89f0a38b1684cff2e66a4330ea5c78de73e1828da8084b9f61d2702c58d872

Analysis

max time kernel
130s
max time network
132s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
02-01-2025 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jefne64.elf
Size

164KB
MD5

17ef36339428d10118962aaebc78e8dc
SHA1

1afdcb5f5fee08e1aa80d524c48f66cae0842a03
SHA256

1b89f0a38b1684cff2e66a4330ea5c78de73e1828da8084b9f61d2702c58d872
SHA512

6b966b06880b9e644fc72780a8fe83a95e35fa7a9aa21605775322ce16a8fc5e1beedac9c2078a8c43c5b888a5f9ed0ce4970a263663f12f960b791312d977cf
SSDEEP

3072:OhyXl/YETJv+Ut/UtRlI+sHuJAD+aPZ0atqWaIPqaQQLnHFWGZeXC:wy1/YETJvXt/UtnI+s34xawIeXC

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2827	jefne64.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2826	jefne64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/36/cmdline	jefne64.elf
File opened for reading	/proc/188/cmdline	jefne64.elf
File opened for reading	/proc/200/cmdline	jefne64.elf
File opened for reading	/proc/595/cmdline	jefne64.elf
File opened for reading	/proc/3/cmdline	jefne64.elf
File opened for reading	/proc/15/cmdline	jefne64.elf
File opened for reading	/proc/2020/cmdline	jefne64.elf
File opened for reading	/proc/44/cmdline	jefne64.elf
File opened for reading	/proc/494/cmdline	jefne64.elf
File opened for reading	/proc/48/cmdline	jefne64.elf
File opened for reading	/proc/196/cmdline	jefne64.elf
File opened for reading	/proc/1412/cmdline	jefne64.elf
File opened for reading	/proc/7/cmdline	jefne64.elf
File opened for reading	/proc/14/cmdline	jefne64.elf
File opened for reading	/proc/192/cmdline	jefne64.elf
File opened for reading	/proc/199/cmdline	jefne64.elf
File opened for reading	/proc/202/cmdline	jefne64.elf
File opened for reading	/proc/730/cmdline	jefne64.elf
File opened for reading	/proc/1077/cmdline	jefne64.elf
File opened for reading	/proc/2133/cmdline	jefne64.elf
File opened for reading	/proc/21/cmdline	jefne64.elf
File opened for reading	/proc/32/cmdline	jefne64.elf
File opened for reading	/proc/52/cmdline	jefne64.elf
File opened for reading	/proc/56/cmdline	jefne64.elf
File opened for reading	/proc/235/cmdline	jefne64.elf
File opened for reading	/proc/1411/cmdline	jefne64.elf
File opened for reading	/proc/2245/cmdline	jefne64.elf
File opened for reading	/proc/2316/cmdline	jefne64.elf
File opened for reading	/proc/11/cmdline	jefne64.elf
File opened for reading	/proc/13/cmdline	jefne64.elf
File opened for reading	/proc/2125/cmdline	jefne64.elf
File opened for reading	/proc/17/cmdline	jefne64.elf
File opened for reading	/proc/181/cmdline	jefne64.elf
File opened for reading	/proc/759/cmdline	jefne64.elf
File opened for reading	/proc/201/cmdline	jefne64.elf
File opened for reading	/proc/393/cmdline	jefne64.elf
File opened for reading	/proc/190/cmdline	jefne64.elf
File opened for reading	/proc/418/cmdline	jefne64.elf
File opened for reading	/proc/511/cmdline	jefne64.elf
File opened for reading	/proc/71/cmdline	jefne64.elf
File opened for reading	/proc/357/cmdline	jefne64.elf
File opened for reading	/proc/793/cmdline	jefne64.elf
File opened for reading	/proc/2186/cmdline	jefne64.elf
File opened for reading	/proc/35/cmdline	jefne64.elf
File opened for reading	/proc/47/cmdline	jefne64.elf
File opened for reading	/proc/51/cmdline	jefne64.elf
File opened for reading	/proc/66/cmdline	jefne64.elf
File opened for reading	/proc/432/cmdline	jefne64.elf
File opened for reading	/proc/1060/cmdline	jefne64.elf
File opened for reading	/proc/1075/cmdline	jefne64.elf
File opened for reading	/proc/1346/cmdline	jefne64.elf
File opened for reading	/proc/6/cmdline	jefne64.elf
File opened for reading	/proc/49/cmdline	jefne64.elf
File opened for reading	/proc/2234/cmdline	jefne64.elf
File opened for reading	/proc/275/cmdline	jefne64.elf
File opened for reading	/proc/372/cmdline	jefne64.elf
File opened for reading	/proc/510/cmdline	jefne64.elf
File opened for reading	/proc/2155/cmdline	jefne64.elf
File opened for reading	/proc/50/cmdline	jefne64.elf
File opened for reading	/proc/55/cmdline	jefne64.elf
File opened for reading	/proc/1124/cmdline	jefne64.elf
File opened for reading	/proc/2118/cmdline	jefne64.elf
File opened for reading	/proc/2213/cmdline	jefne64.elf
File opened for reading	/proc/42/cmdline	jefne64.elf

/tmp/jefne64.elf
/tmp/jefne64.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2826

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads