ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb

Analysis

max time kernel
136s
max time network
142s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
07/01/2025, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
Size

152KB
MD5

bc8f5acc05dbb99f165f4e4ba458fda9
SHA1

95780a96f3fe4e2dbb5538ff57c54c90ea2f8a92
SHA256

ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb
SHA512

2af369ae72ced09eefd2e2aff493f83d617ad4001d29f9bb3633aa9a3e52e18d821b11f875453b9a909d5ca46bb994f3f6df1082554faa8709906f912c1cb09c
SSDEEP

3072:YgXKIanRzYzWo5Fz13+wYCIq0T5fuqcQkl+ZXJW0kICzr:YgXKIanRkzWohuJpywZEzr

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1569	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1569	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/160/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1166/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/9/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/119/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1145/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/15/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/670/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/314/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/416/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1157/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/8/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/89/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/210/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1159/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/12/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/90/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/585/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/499/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/587/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1064/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1161/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1165/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/13/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/79/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/204/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/959/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1163/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/3/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/202/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/868/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/421/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/772/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1164/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/25/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/96/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/97/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/98/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/206/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/638/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1035/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1126/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/6/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/19/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/83/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/75/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/586/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/965/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/14/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1142/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/93/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/743/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1106/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/5/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/27/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/78/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/593/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/672/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/992/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/80/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/101/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/227/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/608/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/634/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
File opened for reading	/proc/1102/cmdline	ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf

/tmp/ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
/tmp/ea9a7d3d5ec99efd912eb0bfd288c4731b56dbbcde017b13745d5c16975fd6fb.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1569

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads