Analysis
-
max time kernel
152s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20230621-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20230621-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
06/08/2023, 15:01
Static task
static1
Behavioral task
behavioral1
Sample
x86_32.elf
Resource
ubuntu1804-amd64-20230621-en
ubuntu-18.04-amd64
5 signatures
150 seconds
General
-
Target
x86_32.elf
-
Size
103KB
-
MD5
84bbd3206bcc4a483cbe07b222680e55
-
SHA1
768b72743861c4ddd5ad7b3820affbcd32e481c8
-
SHA256
b88e25d96e48241f56e6a5db555847a02a62588a50e0601c7254c63944426f02
-
SHA512
7bf87b0942f932ba8dfc8df5f3db51444bf7f1841aed2219b2c8c0e87fa06ed2434df92cab1af4833a963fa1867ac948e3ae1d9377ecc59323b185a9890ab4f9
-
SSDEEP
1536:m3YQ38LN2aKyiBqSLLhch8yQ/m3slqwjSqt2gl6oJkSjxIr/:aT38LqykqSXeJam3AqwjFEgXxjo/
Score
9/10
Malware Config
Signatures
-
Contacts a large (91468) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 598 x86_32.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/34/cmdline File opened for reading /proc/115/cmdline File opened for reading /proc/353/cmdline File opened for reading /proc/575/cmdline File opened for reading /proc/157/status File opened for reading /proc/159/status File opened for reading /proc/604/cmdline File opened for reading /proc/10/status File opened for reading /proc/363/status File opened for reading /proc/24/status File opened for reading /proc/89/cmdline File opened for reading /proc/596/cmdline File opened for reading /proc/732/cmdline File opened for reading /proc/733/status File opened for reading /proc/79/status File opened for reading /proc/83/cmdline File opened for reading /proc/sysvipc/cmdline File opened for reading /proc/168/status File opened for reading /proc/24/cmdline File opened for reading /proc/162/cmdline File opened for reading /proc/730/status File opened for reading /proc/479/status File opened for reading /proc/98/cmdline File opened for reading /proc/169/cmdline File opened for reading /proc/79/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/driver/cmdline File opened for reading /proc/7/status File opened for reading /proc/7/cmdline File opened for reading /proc/155/status File opened for reading /proc/164/status File opened for reading /proc/375/status File opened for reading /proc/602/status File opened for reading /proc/18/cmdline File opened for reading /proc/3/status File opened for reading /proc/17/status File opened for reading /proc/287/status File opened for reading /proc/288/cmdline File opened for reading /proc/725/status File opened for reading /proc/2/status File opened for reading /proc/27/status File opened for reading /proc/603/status File opened for reading /proc/4/cmdline File opened for reading /proc/371/cmdline File opened for reading /proc/599/cmdline File opened for reading /proc/195/status File opened for reading /proc/229/status File opened for reading /proc/575/status File opened for reading /proc/600/status File opened for reading /proc/8/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/84/cmdline File opened for reading /proc/9/status File opened for reading /proc/162/status File opened for reading /proc/29/cmdline File opened for reading /proc/32/cmdline File opened for reading /proc/155/cmdline File opened for reading /proc/167/status File opened for reading /proc/2/cmdline File opened for reading /proc/595/status File opened for reading /proc/tty/cmdline File opened for reading /proc/731/cmdline File opened for reading /proc/335/status File opened for reading /proc/420/cmdline