ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb

Analysis

max time kernel
130s
max time network
142s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
06-01-2025 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qbfwdbg.elf
Size

152KB
MD5

bc8f5acc05dbb99f165f4e4ba458fda9
SHA1

95780a96f3fe4e2dbb5538ff57c54c90ea2f8a92
SHA256

ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb
SHA512

2af369ae72ced09eefd2e2aff493f83d617ad4001d29f9bb3633aa9a3e52e18d821b11f875453b9a909d5ca46bb994f3f6df1082554faa8709906f912c1cb09c
SSDEEP

3072:YgXKIanRzYzWo5Fz13+wYCIq0T5fuqcQkl+ZXJW0kICzr:YgXKIanRkzWohuJpywZEzr

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2508	qbfwdbg.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	2508	qbfwdbg.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/45/cmdline	qbfwdbg.elf
File opened for reading	/proc/196/cmdline	qbfwdbg.elf
File opened for reading	/proc/1883/cmdline	qbfwdbg.elf
File opened for reading	/proc/3/cmdline	qbfwdbg.elf
File opened for reading	/proc/10/cmdline	qbfwdbg.elf
File opened for reading	/proc/755/cmdline	qbfwdbg.elf
File opened for reading	/proc/791/cmdline	qbfwdbg.elf
File opened for reading	/proc/432/cmdline	qbfwdbg.elf
File opened for reading	/proc/586/cmdline	qbfwdbg.elf
File opened for reading	/proc/1716/cmdline	qbfwdbg.elf
File opened for reading	/proc/1962/cmdline	qbfwdbg.elf
File opened for reading	/proc/1972/cmdline	qbfwdbg.elf
File opened for reading	/proc/130/cmdline	qbfwdbg.elf
File opened for reading	/proc/756/cmdline	qbfwdbg.elf
File opened for reading	/proc/36/cmdline	qbfwdbg.elf
File opened for reading	/proc/39/cmdline	qbfwdbg.elf
File opened for reading	/proc/587/cmdline	qbfwdbg.elf
File opened for reading	/proc/864/cmdline	qbfwdbg.elf
File opened for reading	/proc/1970/cmdline	qbfwdbg.elf
File opened for reading	/proc/7/cmdline	qbfwdbg.elf
File opened for reading	/proc/17/cmdline	qbfwdbg.elf
File opened for reading	/proc/24/cmdline	qbfwdbg.elf
File opened for reading	/proc/1131/cmdline	qbfwdbg.elf
File opened for reading	/proc/1886/cmdline	qbfwdbg.elf
File opened for reading	/proc/1950/cmdline	qbfwdbg.elf
File opened for reading	/proc/20/cmdline	qbfwdbg.elf
File opened for reading	/proc/29/cmdline	qbfwdbg.elf
File opened for reading	/proc/785/cmdline	qbfwdbg.elf
File opened for reading	/proc/1051/cmdline	qbfwdbg.elf
File opened for reading	/proc/1964/cmdline	qbfwdbg.elf
File opened for reading	/proc/1965/cmdline	qbfwdbg.elf
File opened for reading	/proc/15/cmdline	qbfwdbg.elf
File opened for reading	/proc/784/cmdline	qbfwdbg.elf
File opened for reading	/proc/338/cmdline	qbfwdbg.elf
File opened for reading	/proc/580/cmdline	qbfwdbg.elf
File opened for reading	/proc/1078/cmdline	qbfwdbg.elf
File opened for reading	/proc/1119/cmdline	qbfwdbg.elf
File opened for reading	/proc/14/cmdline	qbfwdbg.elf
File opened for reading	/proc/67/cmdline	qbfwdbg.elf
File opened for reading	/proc/1081/cmdline	qbfwdbg.elf
File opened for reading	/proc/1255/cmdline	qbfwdbg.elf
File opened for reading	/proc/1695/cmdline	qbfwdbg.elf
File opened for reading	/proc/1711/cmdline	qbfwdbg.elf
File opened for reading	/proc/1714/cmdline	qbfwdbg.elf
File opened for reading	/proc/27/cmdline	qbfwdbg.elf
File opened for reading	/proc/199/cmdline	qbfwdbg.elf
File opened for reading	/proc/46/cmdline	qbfwdbg.elf
File opened for reading	/proc/47/cmdline	qbfwdbg.elf
File opened for reading	/proc/1068/cmdline	qbfwdbg.elf
File opened for reading	/proc/1905/cmdline	qbfwdbg.elf
File opened for reading	/proc/22/cmdline	qbfwdbg.elf
File opened for reading	/proc/35/cmdline	qbfwdbg.elf
File opened for reading	/proc/1942/cmdline	qbfwdbg.elf
File opened for reading	/proc/202/cmdline	qbfwdbg.elf
File opened for reading	/proc/1123/cmdline	qbfwdbg.elf
File opened for reading	/proc/191/cmdline	qbfwdbg.elf
File opened for reading	/proc/198/cmdline	qbfwdbg.elf
File opened for reading	/proc/777/cmdline	qbfwdbg.elf
File opened for reading	/proc/9/cmdline	qbfwdbg.elf
File opened for reading	/proc/56/cmdline	qbfwdbg.elf
File opened for reading	/proc/1919/cmdline	qbfwdbg.elf
File opened for reading	/proc/54/cmdline	qbfwdbg.elf
File opened for reading	/proc/510/cmdline	qbfwdbg.elf
File opened for reading	/proc/48/cmdline	qbfwdbg.elf

/tmp/qbfwdbg.elf
/tmp/qbfwdbg.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:2508

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads