Analysis
-
max time kernel
148s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231026-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231026-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/11/2023, 21:09
Behavioral task
behavioral1
Sample
x86-20231125-2108.elf
Resource
ubuntu1804-amd64-20231026-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
x86-20231125-2108.elf
-
Size
40KB
-
MD5
dc00641763e8165a0a1306b457eaf9da
-
SHA1
b8cca8de1ddfd76833e9eaf9e4f48a8497b109bd
-
SHA256
bbfa89a13a95585f9b1d2430defd72711548d1dd1499eef2bfff9d8ef539f5b6
-
SHA512
19b3c1d040ff70e2c28ff2af284ed7bba86684c2efb728804270199a7e672125a60f7eeb7e61f3409547e32c9c56de3352614cb4150ba4e56b484a0ceba3da37
-
SSDEEP
768:xMlB2zs8ssGfrRI6aQ2nEenz0q8uDOycN95VlVs:YYzs8ssGfrRI6aVnEeIWOrNrVla
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 1543 x86-20231125-2108.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/11/cmdline File opened for reading /proc/422/cmdline File opened for reading /proc/1134/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/197/cmdline File opened for reading /proc/310/cmdline File opened for reading /proc/1197/cmdline File opened for reading /proc/1247/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/31/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/862/cmdline File opened for reading /proc/963/cmdline File opened for reading /proc/1179/cmdline File opened for reading /proc/1361/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/1248/cmdline File opened for reading /proc/1364/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/79/cmdline File opened for reading /proc/85/cmdline File opened for reading /proc/415/cmdline File opened for reading /proc/716/cmdline File opened for reading /proc/1106/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/165/cmdline File opened for reading /proc/713/cmdline File opened for reading /proc/1327/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/35/cmdline File opened for reading /proc/429/cmdline File opened for reading /proc/526/cmdline File opened for reading /proc/1142/cmdline File opened for reading /proc/1168/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/156/cmdline File opened for reading /proc/1073/cmdline File opened for reading /proc/1193/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/34/cmdline File opened for reading /proc/132/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/312/cmdline File opened for reading /proc/449/cmdline File opened for reading /proc/1138/cmdline File opened for reading /proc/30/cmdline File opened for reading /proc/162/cmdline File opened for reading /proc/912/cmdline File opened for reading /proc/929/cmdline File opened for reading /proc/1187/cmdline File opened for reading /proc/1199/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/154/cmdline File opened for reading /proc/264/cmdline File opened for reading /proc/433/cmdline File opened for reading /proc/1063/cmdline File opened for reading /proc/1242/cmdline File opened for reading /proc/1337/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/167/cmdline