Analysis
-
max time kernel
153s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20230831-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
04-09-2023 01:45
Behavioral task
behavioral1
Sample
f993f67a2f2c9c535f4a369719f19ba398a2f6bc13cd39cbe10056695b724a4b.elf
Resource
ubuntu1804-amd64-20230831-en
ubuntu-18.04-amd64
6 signatures
150 seconds
General
-
Target
f993f67a2f2c9c535f4a369719f19ba398a2f6bc13cd39cbe10056695b724a4b.elf
-
Size
57KB
-
MD5
9fee2667826e56f78733bcf34e7a1fa0
-
SHA1
a5cfa4f94704d99ee4c4402a23b5585133906b7f
-
SHA256
f993f67a2f2c9c535f4a369719f19ba398a2f6bc13cd39cbe10056695b724a4b
-
SHA512
84f1ee7553acda257526dfd6c3fee59e06fe18617142ecaeca8cb239105bf5fee970ce993fba6a9bc6073ed2d7beffe21e62e1ee6c912d6812ba320542bdfb7c
-
SSDEEP
1536:5++uB3aoHzXtqJRhoNIq1L+abF05+S+ud:sa4XtORqNIGKabS
Score
9/10
Malware Config
Signatures
-
Contacts a large (57829) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself /bin/watchdog 609 -
Deletes itself 1 IoCs
pid Process 608 f993f67a2f2c9c535f4a369719f19ba398a2f6bc13cd39cbe10056695b724a4b.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/352/stat File opened for reading /proc/8/stat File opened for reading /proc/11/stat File opened for reading /proc/26/stat File opened for reading /proc/32/stat File opened for reading /proc/78/stat File opened for reading /proc/1/cmdline File opened for reading /proc/295/stat File opened for reading /proc/2/cmdline File opened for reading /proc/162/stat File opened for reading /proc/340/stat File opened for reading /proc/362/stat File opened for reading /proc/4/stat File opened for reading /proc/27/stat File opened for reading /proc/28/stat File opened for reading /proc/252/stat File opened for reading /proc/353/stat File opened for reading /proc/19/stat File opened for reading /proc/30/stat File opened for reading /proc/163/stat File opened for reading /proc/194/stat File opened for reading /proc/380/cmdline File opened for reading /proc/20/stat File opened for reading /proc/25/stat File opened for reading /proc/31/stat File opened for reading /proc/84/stat File opened for reading /proc/169/stat File opened for reading /proc/2/stat File opened for reading /proc/15/stat File opened for reading /proc/85/stat File opened for reading /proc/373/cmdline File opened for reading /proc/545/stat File opened for reading /proc/18/stat File opened for reading /proc/35/stat File opened for reading /proc/115/stat File opened for reading /proc/167/stat File opened for reading /proc/193/stat File opened for reading /proc/294/stat File opened for reading /proc/414/cmdline File opened for reading /proc/597/stat File opened for reading /proc/614/stat File opened for reading /proc/1/stat File opened for reading /proc/5/stat File opened for reading /proc/9/stat File opened for reading /proc/14/stat File opened for reading /proc/156/stat File opened for reading /proc/159/stat File opened for reading /proc/166/stat File opened for reading /proc/0/cmdline File opened for reading /proc/3/stat File opened for reading /proc/21/stat File opened for reading /proc/154/stat File opened for reading /proc/161/stat File opened for reading /proc/168/stat File opened for reading /proc/36/stat File opened for reading /proc/82/stat File opened for reading /proc/89/stat File opened for reading /proc/226/stat File opened for reading /proc/613/stat File opened for reading /proc/10/stat File opened for reading /proc/462/stat File opened for reading /proc/611/stat File opened for reading /proc/594/stat File opened for reading /proc/16/stat