eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781

Analysis

max time kernel
132s
max time network
144s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
07-01-2025 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
Size

96KB
MD5

1a3f54c2e7eed74ef02e2c02fa4beb74
SHA1

577b929b3f1e2ab3fb686c6efd3e105df8a0d5e1
SHA256

eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781
SHA512

3be3ce9faddd81224eba961540cbcdf1a634a818aad9435b25190a9903925ef0282536bee091b6945c1dc4dbae4e80b2f86d75c2fe558cb270e5fff6b81c132c
SSDEEP

1536:aRCj3UJRYvg070QbnSbXayZErG9Ft3m/49b6EDSpgbMhXgw:OCj3U8bsbqCr9b3o4pOTj

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1564	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1563	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/377/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/415/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/4/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/101/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/426/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/506/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/537/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/636/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1091/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/12/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/80/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/416/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/586/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/588/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1153/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1032/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/196/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/632/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/635/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/936/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/946/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1162/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/21/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/113/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/314/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/665/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1155/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/26/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/90/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/207/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/263/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/411/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/739/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/967/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1063/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/22/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/93/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/587/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1058/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/81/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/97/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/8/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1111/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1167/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/95/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1131/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/211/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/651/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/15/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/99/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/91/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/102/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/414/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/608/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1043/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/16/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/18/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/114/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/160/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/215/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/634/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/1073/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/6/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
File opened for reading	/proc/82/cmdline	eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf

/tmp/eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
/tmp/eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1563

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads