83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39

Analysis

max time kernel
133s
max time network
144s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
05-01-2025 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
Size

164KB
MD5

8e9a9e01cd97a470bb594ba95e85dbb3
SHA1

5b3c42b4fa697c44c8d9d4ad4e37329029ce55ee
SHA256

83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39
SHA512

47a816ac33c275495fcfd86252bfd93a1b483fd9adb13b1f7f9d66b34ed8a147c0704a1d0645a519dc60642b0d3711cfadfab9fe02e4738375b182afa18f047c
SSDEEP

3072:5cxMiHNGmS6Tz/t/n0Nmr/bUrjTA5JJQ1cx0fn4u/UNbmMryHUq14:5caiHNGmS6Tz/Bn0Ml6Vf/T0q14

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1564	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1563	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/226/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/764/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/77/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/85/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/212/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/221/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/616/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1162/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/86/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/93/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/666/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/740/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/769/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/966/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1155/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/26/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/73/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/223/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/676/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/101/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/113/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/417/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/634/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/10/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/11/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/24/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/75/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/788/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1078/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1156/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/991/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/204/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/589/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/741/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/774/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/413/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/499/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1157/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/4/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/83/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/227/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/263/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/314/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/946/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/20/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/202/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/208/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/935/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1124/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/76/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/164/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/518/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/633/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/15/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/736/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1070/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/19/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/25/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/102/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1178/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/18/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/82/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1061/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
File opened for reading	/proc/1079/cmdline	83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf

/tmp/83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
/tmp/83b70062f56458f4770c6846729a497228ea4130c90b763d9d278803298e2b39.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1563

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads