6b965297812cb05e7f9c0d77f1ba4705449bd177e04918e6d04a4aa6c8c697b7 | Triage

Analysis

max time kernel
138s
max time network
150s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
21-01-2025 00:29

Sharing

Report Analysis Logs

General

Target

ejfe64.elf
Size

156KB
MD5

1fd510274f6702bbe0a3fee3592e9b2d
SHA1

eb5692159033595bdc5f47e57f373ebb437a89d6
SHA256

6b965297812cb05e7f9c0d77f1ba4705449bd177e04918e6d04a4aa6c8c697b7
SHA512

b68da297f9eb637066f17b7e9d9be39da92434e6f59b8b47233b31ba247a3d134a61c4235667ef569c8eab5fc5444e93ea9f9a4493cdd101569dba7cfd4e4127
SSDEEP

3072:W3OrcGuljNNJR3q8ZiAryEk+RtDcqS8gSATCD7SkE7XL4ZQi:W3OrcGwNNJtzf3VQhkQL4ZQ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1561	ejfe64.elf

Traces itself 1 IoCs

Traces itself to prevent debugging attempts

pid	Process
1561	ejfe64.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1560	ejfe64.elf

/tmp/ejfe64.elf
/tmp/ejfe64.elf
1⤵
- Deletes itself
- Traces itself
- Changes its process name
PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads