83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39

Analysis

max time kernel
136s
max time network
147s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
04/01/2025, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jefne64.elf
Size

164KB
MD5

8e9a9e01cd97a470bb594ba95e85dbb3
SHA1

5b3c42b4fa697c44c8d9d4ad4e37329029ce55ee
SHA256

83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39
SHA512

47a816ac33c275495fcfd86252bfd93a1b483fd9adb13b1f7f9d66b34ed8a147c0704a1d0645a519dc60642b0d3711cfadfab9fe02e4738375b182afa18f047c
SSDEEP

3072:5cxMiHNGmS6Tz/t/n0Nmr/bUrjTA5JJQ1cx0fn4u/UNbmMryHUq14:5caiHNGmS6Tz/Bn0Ml6Vf/T0q14

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2493	jefne64.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2492	jefne64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1942/cmdline	jefne64.elf
File opened for reading	/proc/53/cmdline	jefne64.elf
File opened for reading	/proc/1793/cmdline	jefne64.elf
File opened for reading	/proc/1332/cmdline	jefne64.elf
File opened for reading	/proc/1387/cmdline	jefne64.elf
File opened for reading	/proc/1784/cmdline	jefne64.elf
File opened for reading	/proc/21/cmdline	jefne64.elf
File opened for reading	/proc/130/cmdline	jefne64.elf
File opened for reading	/proc/71/cmdline	jefne64.elf
File opened for reading	/proc/502/cmdline	jefne64.elf
File opened for reading	/proc/811/cmdline	jefne64.elf
File opened for reading	/proc/1059/cmdline	jefne64.elf
File opened for reading	/proc/1118/cmdline	jefne64.elf
File opened for reading	/proc/1694/cmdline	jefne64.elf
File opened for reading	/proc/12/cmdline	jefne64.elf
File opened for reading	/proc/56/cmdline	jefne64.elf
File opened for reading	/proc/1864/cmdline	jefne64.elf
File opened for reading	/proc/389/cmdline	jefne64.elf
File opened for reading	/proc/1075/cmdline	jefne64.elf
File opened for reading	/proc/63/cmdline	jefne64.elf
File opened for reading	/proc/192/cmdline	jefne64.elf
File opened for reading	/proc/41/cmdline	jefne64.elf
File opened for reading	/proc/1046/cmdline	jefne64.elf
File opened for reading	/proc/1806/cmdline	jefne64.elf
File opened for reading	/proc/1918/cmdline	jefne64.elf
File opened for reading	/proc/3/cmdline	jefne64.elf
File opened for reading	/proc/5/cmdline	jefne64.elf
File opened for reading	/proc/190/cmdline	jefne64.elf
File opened for reading	/proc/1947/cmdline	jefne64.elf
File opened for reading	/proc/1386/cmdline	jefne64.elf
File opened for reading	/proc/774/cmdline	jefne64.elf
File opened for reading	/proc/822/cmdline	jefne64.elf
File opened for reading	/proc/25/cmdline	jefne64.elf
File opened for reading	/proc/189/cmdline	jefne64.elf
File opened for reading	/proc/1925/cmdline	jefne64.elf
File opened for reading	/proc/13/cmdline	jefne64.elf
File opened for reading	/proc/17/cmdline	jefne64.elf
File opened for reading	/proc/50/cmdline	jefne64.elf
File opened for reading	/proc/514/cmdline	jefne64.elf
File opened for reading	/proc/763/cmdline	jefne64.elf
File opened for reading	/proc/1861/cmdline	jefne64.elf
File opened for reading	/proc/1939/cmdline	jefne64.elf
File opened for reading	/proc/42/cmdline	jefne64.elf
File opened for reading	/proc/45/cmdline	jefne64.elf
File opened for reading	/proc/418/cmdline	jefne64.elf
File opened for reading	/proc/515/cmdline	jefne64.elf
File opened for reading	/proc/757/cmdline	jefne64.elf
File opened for reading	/proc/36/cmdline	jefne64.elf
File opened for reading	/proc/44/cmdline	jefne64.elf
File opened for reading	/proc/788/cmdline	jefne64.elf
File opened for reading	/proc/1116/cmdline	jefne64.elf
File opened for reading	/proc/1119/cmdline	jefne64.elf
File opened for reading	/proc/1702/cmdline	jefne64.elf
File opened for reading	/proc/1912/cmdline	jefne64.elf
File opened for reading	/proc/10/cmdline	jefne64.elf
File opened for reading	/proc/750/cmdline	jefne64.elf
File opened for reading	/proc/39/cmdline	jefne64.elf
File opened for reading	/proc/1769/cmdline	jefne64.elf
File opened for reading	/proc/1908/cmdline	jefne64.elf
File opened for reading	/proc/1953/cmdline	jefne64.elf
File opened for reading	/proc/18/cmdline	jefne64.elf
File opened for reading	/proc/28/cmdline	jefne64.elf
File opened for reading	/proc/235/cmdline	jefne64.elf
File opened for reading	/proc/439/cmdline	jefne64.elf

/tmp/jefne64.elf
/tmp/jefne64.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2492

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads