Analysis
-
max time kernel
99s -
max time network
132s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19/12/2023, 23:25
Static task
static1
Behavioral task
behavioral1
Sample
63f958a19851fec9597d10e22b927490
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
4 signatures
150 seconds
General
-
Target
63f958a19851fec9597d10e22b927490
-
Size
29KB
-
MD5
63f958a19851fec9597d10e22b927490
-
SHA1
c1f2d57183c73db1b19e6e2068f918cbc788615d
-
SHA256
635368a00972ea056086753439e1309dce114db2ff8f86cdbb10940320423f4d
-
SHA512
21ce767071c876b92d3a9f824259471f0e1ea567bd83849804ae8949be1633b1a99e7c54b7ae4ccad45d2526c88efc7534871037590b9514ac3c6cfb35e7600e
-
SSDEEP
768:Q8VB+9bfQSDQ5XcJg6M9l+zF7QK9SYsey:Q8VBwI5Xc5Gl+z+K5L
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself cloudprocess 1536 63f958a19851fec9597d10e22b927490 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/status File opened for reading /proc/net/cmdline -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/sysrq-trigger/status File opened for reading /proc/681/status File opened for reading /proc/30/cmdline File opened for reading /proc/207/cmdline File opened for reading /proc/1163/cmdline File opened for reading /proc/devices/status File opened for reading /proc/sched_debug/status File opened for reading /proc/12/status File opened for reading /proc/self/cmdline File opened for reading /proc/79/cmdline File opened for reading /proc/600/cmdline File opened for reading /proc/1146/cmdline File opened for reading /proc/sys/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/1201/status File opened for reading /proc/sys/status File opened for reading /proc/180/status File opened for reading /proc/675/status File opened for reading /proc/1156/status File opened for reading /proc/modules/cmdline File opened for reading /proc/497/cmdline File opened for reading /proc/1126/cmdline File opened for reading /proc/1533/cmdline File opened for reading /proc/430/status File opened for reading /proc/vmallocinfo/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/1366/cmdline File opened for reading /proc/1515/cmdline File opened for reading /proc/irq/cmdline File opened for reading /proc/key-users/status File opened for reading /proc/428/status File opened for reading /proc/1146/status File opened for reading /proc/devices/cmdline File opened for reading /proc/173/cmdline File opened for reading /proc/cpuinfo/status File opened for reading /proc/82/cmdline File opened for reading /proc/1068/cmdline File opened for reading /proc/tty/status File opened for reading /proc/swaps/status File opened for reading /proc/1097/cmdline File opened for reading /proc/434/status File opened for reading /proc/659/status File opened for reading /proc/331/status File opened for reading /proc/1142/cmdline File opened for reading /proc/1156/cmdline File opened for reading /proc/15/status File opened for reading /proc/30/status File opened for reading /proc/mtrr/cmdline File opened for reading /proc/sysvipc/cmdline File opened for reading /proc/acpi/cmdline File opened for reading /proc/519/cmdline File opened for reading /proc/1313/cmdline File opened for reading /proc/1178/status File opened for reading /proc/479/cmdline File opened for reading /proc/579/cmdline File opened for reading /proc/894/status File opened for reading /proc/1389/cmdline File opened for reading /proc/slabinfo/status File opened for reading /proc/84/status File opened for reading /proc/1471/status File opened for reading /proc/1150/cmdline File opened for reading /proc/968/status File opened for reading /proc/cgroups/cmdline File opened for reading /proc/602/status