Analysis
-
max time kernel
143s -
max time network
150s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
08/06/2023, 05:33
General
-
Target
x86.elf
-
Size
17KB
-
MD5
5901d4e3307a860d09829316e5f55f11
-
SHA1
918b7a8bb5fbd6a748e2b5d89f3cfd01948c1324
-
SHA256
5a43283ed78f175f8a4b57b77d6ff9388ba58913ffa94183692b5f31bcaaf193
-
SHA512
934bde6f6e4f8570eba1fc4118bbd781be44acc08af21d1c62643069796f7af47b6e9b788d9b13dbded21b3d70ac29f082f06d71cf944195d141f3471387d279
-
SSDEEP
384:MGjaGgsMNJ/pS+XqfHQE/V+HHtNiBYcNd9rV9I0SWIDKd5:bMNJ/lXoHHPBZd9rzCWeKd5
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 575 x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/349/cmdline File opened for reading /proc/356/cmdline File opened for reading /proc/541/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/115/cmdline File opened for reading /proc/82/cmdline File opened for reading /proc/155/cmdline File opened for reading /proc/168/cmdline File opened for reading /proc/309/cmdline File opened for reading /proc/333/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/30/cmdline File opened for reading /proc/79/cmdline File opened for reading /proc/347/cmdline File opened for reading /proc/393/cmdline File opened for reading /proc/571/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/25/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/193/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/84/cmdline File opened for reading /proc/160/cmdline File opened for reading /proc/394/cmdline File opened for reading /proc/572/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/89/cmdline File opened for reading /proc/163/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/334/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/363/cmdline File opened for reading /proc/391/cmdline File opened for reading /proc/35/cmdline File opened for reading /proc/85/cmdline File opened for reading /proc/165/cmdline File opened for reading /proc/310/cmdline File opened for reading /proc/332/cmdline File opened for reading /proc/350/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/158/cmdline File opened for reading /proc/192/cmdline File opened for reading /proc/570/cmdline File opened for reading /proc/575/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/161/cmdline File opened for reading /proc/238/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/159/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/26/cmdline