e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a

Analysis

max time kernel
136s
max time network
147s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
03-01-2025 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
Size

168KB
MD5

9ffc69285cf6a04f58d59b73b7c993c0
SHA1

8b3d95ed36e9e0264f764724db27a3d7f6d2e302
SHA256

e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a
SHA512

3853a49738fdaca2a04a667e839e6e291dcfa5e08e11b80305df90468f46aaa00b84eeb1e5689d8e7d6d644002dfa54fbf85ef078d4505c2a0a48c29dce7a5a7
SSDEEP

3072:Pa7LbQwLnX4Owq5dYoJanX8JyT4bujP1tLsbvjrgrUp0Tp6VUPtkGU5A:Pa7LswLnX/wq5dDJaQuBEbpUKa

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2766	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2766	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1982/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/4/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/9/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/35/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/71/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/837/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1081/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1980/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1900/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/33/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/34/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/44/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/52/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/195/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/201/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/511/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/13/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/189/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/202/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/384/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1097/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2224/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2238/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/6/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/10/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/193/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/830/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/24/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/32/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/47/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/194/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/15/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/26/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/48/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/747/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/901/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/20/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/192/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/196/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/200/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1977/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2172/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2256/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/793/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2153/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/46/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/275/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/419/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1990/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/54/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1123/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2094/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2243/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2247/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/30/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/55/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/123/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1101/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1125/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2214/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/18/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/37/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/63/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/582/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf

/tmp/e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
/tmp/e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2766

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads