83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39

Analysis

max time kernel
139s
max time network
151s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
05-01-2025 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
Size

164KB
MD5

8e9a9e01cd97a470bb594ba95e85dbb3
SHA1

5b3c42b4fa697c44c8d9d4ad4e37329029ce55ee
SHA256

83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39
SHA512

47a816ac33c275495fcfd86252bfd93a1b483fd9adb13b1f7f9d66b34ed8a147c0704a1d0645a519dc60642b0d3711cfadfab9fe02e4738375b182afa18f047c
SSDEEP

3072:5cxMiHNGmS6Tz/t/n0Nmr/bUrjTA5JJQ1cx0fn4u/UNbmMryHUq14:5caiHNGmS6Tz/Bn0Ml6Vf/T0q14

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2578	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2577	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/784/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/800/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1781/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/2038/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/357/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/438/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/790/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1396/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1895/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/2029/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1/cgroup	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/594/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/595/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/759/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/199/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/26/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/383/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/587/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/2032/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/9/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/188/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1126/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1791/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/13/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/191/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1069/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1858/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/18/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/47/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/193/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1049/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1055/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1773/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/23/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1088/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/2013/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/25/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/46/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/54/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/79/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1096/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/2031/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/43/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1059/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/192/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/194/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/198/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/418/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/513/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1865/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/2051/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/35/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1949/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/181/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/201/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/274/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/36/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/11/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/190/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/2054/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/7/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/27/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/38/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/131/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf

/tmp/83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
/tmp/83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2577

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads