e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a

Analysis

max time kernel
134s
max time network
145s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
02-01-2025 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qbfwdbg.elf
Size

168KB
MD5

9ffc69285cf6a04f58d59b73b7c993c0
SHA1

8b3d95ed36e9e0264f764724db27a3d7f6d2e302
SHA256

e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a
SHA512

3853a49738fdaca2a04a667e839e6e291dcfa5e08e11b80305df90468f46aaa00b84eeb1e5689d8e7d6d644002dfa54fbf85ef078d4505c2a0a48c29dce7a5a7
SSDEEP

3072:Pa7LbQwLnX4Owq5dYoJanX8JyT4bujP1tLsbvjrgrUp0Tp6VUPtkGU5A:Pa7LswLnX/wq5dDJaQuBEbpUKa

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2499	qbfwdbg.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2499	qbfwdbg.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/26/cmdline	qbfwdbg.elf
File opened for reading	/proc/65/cmdline	qbfwdbg.elf
File opened for reading	/proc/791/cmdline	qbfwdbg.elf
File opened for reading	/proc/1710/cmdline	qbfwdbg.elf
File opened for reading	/proc/22/cmdline	qbfwdbg.elf
File opened for reading	/proc/70/cmdline	qbfwdbg.elf
File opened for reading	/proc/188/cmdline	qbfwdbg.elf
File opened for reading	/proc/202/cmdline	qbfwdbg.elf
File opened for reading	/proc/1851/cmdline	qbfwdbg.elf
File opened for reading	/proc/1952/cmdline	qbfwdbg.elf
File opened for reading	/proc/63/cmdline	qbfwdbg.elf
File opened for reading	/proc/24/cmdline	qbfwdbg.elf
File opened for reading	/proc/28/cmdline	qbfwdbg.elf
File opened for reading	/proc/785/cmdline	qbfwdbg.elf
File opened for reading	/proc/1055/cmdline	qbfwdbg.elf
File opened for reading	/proc/1059/cmdline	qbfwdbg.elf
File opened for reading	/proc/1929/cmdline	qbfwdbg.elf
File opened for reading	/proc/1949/cmdline	qbfwdbg.elf
File opened for reading	/proc/18/cmdline	qbfwdbg.elf
File opened for reading	/proc/1958/cmdline	qbfwdbg.elf
File opened for reading	/proc/196/cmdline	qbfwdbg.elf
File opened for reading	/proc/763/cmdline	qbfwdbg.elf
File opened for reading	/proc/1121/cmdline	qbfwdbg.elf
File opened for reading	/proc/1792/cmdline	qbfwdbg.elf
File opened for reading	/proc/1898/cmdline	qbfwdbg.elf
File opened for reading	/proc/11/cmdline	qbfwdbg.elf
File opened for reading	/proc/17/cmdline	qbfwdbg.elf
File opened for reading	/proc/513/cmdline	qbfwdbg.elf
File opened for reading	/proc/1049/cmdline	qbfwdbg.elf
File opened for reading	/proc/1052/cmdline	qbfwdbg.elf
File opened for reading	/proc/15/cmdline	qbfwdbg.elf
File opened for reading	/proc/38/cmdline	qbfwdbg.elf
File opened for reading	/proc/41/cmdline	qbfwdbg.elf
File opened for reading	/proc/189/cmdline	qbfwdbg.elf
File opened for reading	/proc/190/cmdline	qbfwdbg.elf
File opened for reading	/proc/514/cmdline	qbfwdbg.elf
File opened for reading	/proc/756/cmdline	qbfwdbg.elf
File opened for reading	/proc/1077/cmdline	qbfwdbg.elf
File opened for reading	/proc/3/cmdline	qbfwdbg.elf
File opened for reading	/proc/1635/cmdline	qbfwdbg.elf
File opened for reading	/proc/13/cmdline	qbfwdbg.elf
File opened for reading	/proc/181/cmdline	qbfwdbg.elf
File opened for reading	/proc/200/cmdline	qbfwdbg.elf
File opened for reading	/proc/1718/cmdline	qbfwdbg.elf
File opened for reading	/proc/5/cmdline	qbfwdbg.elf
File opened for reading	/proc/27/cmdline	qbfwdbg.elf
File opened for reading	/proc/1124/cmdline	qbfwdbg.elf
File opened for reading	/proc/1900/cmdline	qbfwdbg.elf
File opened for reading	/proc/1912/cmdline	qbfwdbg.elf
File opened for reading	/proc/19/cmdline	qbfwdbg.elf
File opened for reading	/proc/79/cmdline	qbfwdbg.elf
File opened for reading	/proc/814/cmdline	qbfwdbg.elf
File opened for reading	/proc/863/cmdline	qbfwdbg.elf
File opened for reading	/proc/1822/cmdline	qbfwdbg.elf
File opened for reading	/proc/1985/cmdline	qbfwdbg.elf
File opened for reading	/proc/1991/cmdline	qbfwdbg.elf
File opened for reading	/proc/56/cmdline	qbfwdbg.elf
File opened for reading	/proc/432/cmdline	qbfwdbg.elf
File opened for reading	/proc/1043/cmdline	qbfwdbg.elf
File opened for reading	/proc/1974/cmdline	qbfwdbg.elf
File opened for reading	/proc/1997/cmdline	qbfwdbg.elf
File opened for reading	/proc/42/cmdline	qbfwdbg.elf
File opened for reading	/proc/1261/cmdline	qbfwdbg.elf
File opened for reading	/proc/198/cmdline	qbfwdbg.elf

/tmp/qbfwdbg.elf
/tmp/qbfwdbg.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2499

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads