70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1

Analysis

max time kernel
139s
max time network
145s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
27/01/2025, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
Size

148KB
MD5

891afbe299125db0d840f9f0856c418d
SHA1

6c024338748f842c3f2371161ba328e1d5869d78
SHA256

70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1
SHA512

a4ba51ed74aa89c2102b4e73c9170eaebaeb3e0100a98b5adeb5da4de5ba21823a2052bd21d0783199fb0bff736b171893ee88350b034a14e593cc246b013df6
SSDEEP

3072:kzc0dHWqi8vIjeOPGunZl3CLt3/bgJwQSOfIgZ+mH5gT+:kzc0dH3i8OtGmmQxzHu+

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1567	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	httpd	1566	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/11/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/73/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/95/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/775/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1037/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/27/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/634/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1129/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1161/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/10/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/26/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/91/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/588/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/724/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/76/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/79/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/93/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/101/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/214/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/218/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/515/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/748/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1042/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1048/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/197/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/593/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/638/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1160/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/2/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/25/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/102/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/510/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/585/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/608/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/751/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/991/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1076/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/203/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/664/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/848/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1113/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1166/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/315/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/587/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/700/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/972/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1136/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1145/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/13/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/86/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/119/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/212/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/416/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/110/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/210/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/586/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/685/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/7/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/99/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/1057/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/4/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/15/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/20/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
File opened for reading	/proc/633/cmdline	70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf

/tmp/70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
/tmp/70d41bc2b1de0ca547004381418c66756f33c282f0596c997ba671856611f2f1.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:1566

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads