33c2ed520416d7b003f9727d717b55be33ea9d83e33fa294b3775892998af2f4

Analysis

max time kernel
149s
max time network
148s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
02/02/2025, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.x86_64.elf
Size

136KB
MD5

ec3d77c5ff9b1b32735523db9eeaa5c3
SHA1

6ccc12328fb9df4d686c884dccf95542fd7a58a1
SHA256

33c2ed520416d7b003f9727d717b55be33ea9d83e33fa294b3775892998af2f4
SHA512

3b932f9d0cb68c7cc8726c5fd46e182d850123b1e88d0b8cd831538b798fbf27fc822ddf1c98b4c138abc8050898a61bab29cdea9e1fe633839c2fef7488ab32
SSDEEP

3072:tGtwnNiaOnUTFFKPT9OSQ7AOaogjV2iZlBWCg5iAmQPdL:tGtwnNiaOnUTDuLyjmQPd

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	1392	bot.x86_64.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/583/cmdline	bot.x86_64.elf
File opened for reading	/proc/1040/cmdline	bot.x86_64.elf
File opened for reading	/proc/1328/cmdline	bot.x86_64.elf
File opened for reading	/proc/1332/cmdline	bot.x86_64.elf
File opened for reading	/proc/1217/cmdline	bot.x86_64.elf
File opened for reading	/proc/23/cmdline	bot.x86_64.elf
File opened for reading	/proc/24/cmdline	bot.x86_64.elf
File opened for reading	/proc/163/cmdline	bot.x86_64.elf
File opened for reading	/proc/175/cmdline	bot.x86_64.elf
File opened for reading	/proc/658/cmdline	bot.x86_64.elf
File opened for reading	/proc/105/cmdline	bot.x86_64.elf
File opened for reading	/proc/1145/cmdline	bot.x86_64.elf
File opened for reading	/proc/1422/cmdline	bot.x86_64.elf
File opened for reading	/proc/1443/cmdline	bot.x86_64.elf
File opened for reading	/proc/1453/cmdline	bot.x86_64.elf
File opened for reading	/proc/166/cmdline	bot.x86_64.elf
File opened for reading	/proc/1378/cmdline	bot.x86_64.elf
File opened for reading	/proc/1446/cmdline	bot.x86_64.elf
File opened for reading	/proc/75/cmdline	bot.x86_64.elf
File opened for reading	/proc/1451/cmdline	bot.x86_64.elf
File opened for reading	/proc/496/cmdline	bot.x86_64.elf
File opened for reading	/proc/926/cmdline	bot.x86_64.elf
File opened for reading	/proc/6/cmdline	bot.x86_64.elf
File opened for reading	/proc/566/cmdline	bot.x86_64.elf
File opened for reading	/proc/650/cmdline	bot.x86_64.elf
File opened for reading	/proc/1000/cmdline	bot.x86_64.elf
File opened for reading	/proc/1015/cmdline	bot.x86_64.elf
File opened for reading	/proc/1391/cmdline	bot.x86_64.elf
File opened for reading	/proc/1417/cmdline	bot.x86_64.elf
File opened for reading	/proc/170/cmdline	bot.x86_64.elf
File opened for reading	/proc/1246/cmdline	bot.x86_64.elf
File opened for reading	/proc/1380/cmdline	bot.x86_64.elf
File opened for reading	/proc/967/cmdline	bot.x86_64.elf
File opened for reading	/proc/92/cmdline	bot.x86_64.elf
File opened for reading	/proc/1450/cmdline	bot.x86_64.elf
File opened for reading	/proc/176/cmdline	bot.x86_64.elf
File opened for reading	/proc/450/cmdline	bot.x86_64.elf
File opened for reading	/proc/851/cmdline	bot.x86_64.elf
File opened for reading	/proc/1327/cmdline	bot.x86_64.elf
File opened for reading	/proc/1428/cmdline	bot.x86_64.elf
File opened for reading	/proc/13/cmdline	bot.x86_64.elf
File opened for reading	/proc/18/cmdline	bot.x86_64.elf
File opened for reading	/proc/494/cmdline	bot.x86_64.elf
File opened for reading	/proc/1325/cmdline	bot.x86_64.elf
File opened for reading	/proc/11/cmdline	bot.x86_64.elf
File opened for reading	/proc/22/cmdline	bot.x86_64.elf
File opened for reading	/proc/91/cmdline	bot.x86_64.elf
File opened for reading	/proc/1445/cmdline	bot.x86_64.elf
File opened for reading	/proc/1333/cmdline	bot.x86_64.elf
File opened for reading	/proc/1399/cmdline	bot.x86_64.elf
File opened for reading	/proc/16/cmdline	bot.x86_64.elf
File opened for reading	/proc/20/cmdline	bot.x86_64.elf
File opened for reading	/proc/82/cmdline	bot.x86_64.elf
File opened for reading	/proc/85/cmdline	bot.x86_64.elf
File opened for reading	/proc/955/cmdline	bot.x86_64.elf
File opened for reading	/proc/174/cmdline	bot.x86_64.elf
File opened for reading	/proc/498/cmdline	bot.x86_64.elf
File opened for reading	/proc/1416/cmdline	bot.x86_64.elf
File opened for reading	/proc/78/cmdline	bot.x86_64.elf
File opened for reading	/proc/540/cmdline	bot.x86_64.elf
File opened for reading	/proc/1075/cmdline	bot.x86_64.elf
File opened for reading	/proc/1335/cmdline	bot.x86_64.elf
File opened for reading	/proc/90/cmdline	bot.x86_64.elf
File opened for reading	/proc/93/cmdline	bot.x86_64.elf

/tmp/bot.x86_64.elf
/tmp/bot.x86_64.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:1392

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads