e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a

Analysis

max time kernel
140s
max time network
142s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
03-01-2025 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
Size

168KB
MD5

9ffc69285cf6a04f58d59b73b7c993c0
SHA1

8b3d95ed36e9e0264f764724db27a3d7f6d2e302
SHA256

e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a
SHA512

3853a49738fdaca2a04a667e839e6e291dcfa5e08e11b80305df90468f46aaa00b84eeb1e5689d8e7d6d644002dfa54fbf85ef078d4505c2a0a48c29dce7a5a7
SSDEEP

3072:Pa7LbQwLnX4Owq5dYoJanX8JyT4bujP1tLsbvjrgrUp0Tp6VUPtkGU5A:Pa7LswLnX/wq5dDJaQuBEbpUKa

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1414	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1414	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/87/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/71/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1025/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1074/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1076/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1078/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/8/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/72/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/102/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/158/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/176/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/519/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/666/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/781/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/159/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/163/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/171/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/175/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/488/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/2/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/92/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/895/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/946/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/79/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/439/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/951/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1051/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/81/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/483/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/988/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1073/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/499/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/634/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/1072/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/691/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/800/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/855/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/70/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/84/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/395/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/495/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/635/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/75/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/161/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/242/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/442/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/166/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/572/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/898/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/480/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/537/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/673/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/916/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/73/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/172/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/177/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/687/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/759/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/16/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/91/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/440/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/957/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/791/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
File opened for reading	/proc/13/cmdline	e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf

/tmp/e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
/tmp/e8647500a41bda114a197d02f36cb9521f6053b34d5056306324dbfff0c6857a.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1414

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads