Analysis
-
max time kernel
143s -
max time network
146s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231221-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231221-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
01/02/2024, 02:02
Static task
static1
Behavioral task
behavioral1
Sample
fa14faa16aca4fbf557f41922c7cb3de70efc1ea95bb60302f86b83b46844039.elf
Resource
ubuntu1804-amd64-20231221-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
fa14faa16aca4fbf557f41922c7cb3de70efc1ea95bb60302f86b83b46844039.elf
-
Size
87KB
-
MD5
73a31c204c319b0a81ea8c30d247a1bf
-
SHA1
bd6f7d79c53fc84ad23d751f8a1a6f3a4f199ab0
-
SHA256
fa14faa16aca4fbf557f41922c7cb3de70efc1ea95bb60302f86b83b46844039
-
SHA512
6bde61c3ed0fd09945f856e969464074968043b00309b9d2edd128c34b3bab0256fd5fa74dcf85d6163d37b639d9693e1a38caba3eedc7d0648b186f01fc4cb3
-
SSDEEP
1536:xpmWc2AcighsZ82fJxfcIHH1mSsM8y6Q+gBQ9TnkISGtAd80xZ:xpmX2riED2frfPHVmL1Q1Q9kVT80x
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1529 fa14faa16aca4fbf557f41922c7cb3de70efc1ea95bb60302f86b83b46844039.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/700/cmdline File opened for reading /proc/1169/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/176/cmdline File opened for reading /proc/461/cmdline File opened for reading /proc/575/cmdline File opened for reading /proc/163/cmdline File opened for reading /proc/464/cmdline File opened for reading /proc/615/cmdline File opened for reading /proc/989/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/161/cmdline File opened for reading /proc/1087/cmdline File opened for reading /proc/1532/cmdline File opened for reading /proc/1297/cmdline File opened for reading /proc/500/cmdline File opened for reading /proc/609/cmdline File opened for reading /proc/1174/cmdline File opened for reading /proc/1188/cmdline File opened for reading /proc/576/cmdline File opened for reading /proc/629/cmdline File opened for reading /proc/1130/cmdline File opened for reading /proc/1186/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/130/cmdline File opened for reading /proc/168/cmdline File opened for reading /proc/458/cmdline File opened for reading /proc/1516/cmdline File opened for reading /proc/34/cmdline File opened for reading /proc/177/cmdline File opened for reading /proc/271/cmdline File opened for reading /proc/901/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/1083/cmdline File opened for reading /proc/1148/cmdline File opened for reading /proc/1165/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/1162/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/35/cmdline File opened for reading /proc/175/cmdline File opened for reading /proc/1181/cmdline File opened for reading /proc/1531/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/162/cmdline File opened for reading /proc/418/cmdline File opened for reading /proc/1134/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/28/cmdline File opened for reading /proc/444/cmdline File opened for reading /proc/1523/cmdline File opened for reading /proc/1522/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/179/cmdline File opened for reading /proc/1151/cmdline File opened for reading /proc/1438/cmdline File opened for reading /proc/723/cmdline File opened for reading /proc/1065/cmdline