Analysis
-
max time kernel
148s -
max time network
156s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231221-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231221-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
02/02/2024, 01:33
Static task
static1
Behavioral task
behavioral1
Sample
e9320bb360e76ffe9b393c30695ca5e2f0cbe4aeaef1ed2df32ac0b820e9fda2.elf
Resource
ubuntu1804-amd64-20231221-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
e9320bb360e76ffe9b393c30695ca5e2f0cbe4aeaef1ed2df32ac0b820e9fda2.elf
-
Size
89KB
-
MD5
8777b2d528c471313a5d0819b8916239
-
SHA1
da29d7ddbc2b0aa85626c2928526badcfe9a3910
-
SHA256
e9320bb360e76ffe9b393c30695ca5e2f0cbe4aeaef1ed2df32ac0b820e9fda2
-
SHA512
317e8b8e8409cc074c8a5b072d83f4867eccb5d17b31b19e11cba769f8812914b94ac5abeda018e0b37692dd74ae40ae5c0fc8c13ee8bafe61241694e72221db
-
SSDEEP
1536:WWmseUZNsbyI+ge96KUXUouggIyB2PRf1SwRXX0:VOUZcyIVM5qUHgSBu8wS
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1558 e9320bb360e76ffe9b393c30695ca5e2f0cbe4aeaef1ed2df32ac0b820e9fda2.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/670/status File opened for reading /proc/1148/status File opened for reading /proc/1202/status File opened for reading /proc/1519/status File opened for reading /proc/1574/status File opened for reading /proc/269/status File opened for reading /proc/433/status File opened for reading /proc/188/status File opened for reading /proc/493/status File opened for reading /proc/973/status File opened for reading /proc/1206/status File opened for reading /proc/1323/status File opened for reading /proc/29/status File opened for reading /proc/31/status File opened for reading /proc/179/status File opened for reading /proc/697/status File opened for reading /proc/1362/status File opened for reading /proc/23/status File opened for reading /proc/79/status File opened for reading /proc/969/status File opened for reading /proc/1030/status File opened for reading /proc/1178/status File opened for reading /proc/1301/status File opened for reading /proc/1452/status File opened for reading /proc/1536/status File opened for reading /proc/32/status File opened for reading /proc/175/status File opened for reading /proc/22/status File opened for reading /proc/81/status File opened for reading /proc/172/status File opened for reading /proc/174/status File opened for reading /proc/475/status File opened for reading /proc/1542/status File opened for reading /proc/9/status File opened for reading /proc/21/status File opened for reading /proc/1161/status File opened for reading /proc/173/status File opened for reading /proc/216/status File opened for reading /proc/566/status File opened for reading /proc/1562/status File opened for reading /proc/1568/status File opened for reading /proc/2/status File opened for reading /proc/185/status File opened for reading /proc/455/status File opened for reading /proc/1123/status File opened for reading /proc/1162/status File opened for reading /proc/1181/status File opened for reading /proc/1546/status File opened for reading /proc/1573/status File opened for reading /proc/26/status File opened for reading /proc/187/status File opened for reading /proc/1395/status File opened for reading /proc/27/status File opened for reading /proc/1252/status File opened for reading /proc/666/status File opened for reading /proc/752/status File opened for reading /proc/1475/status File opened for reading /proc/78/status File opened for reading /proc/471/status File opened for reading /proc/485/status File opened for reading /proc/985/status File opened for reading /proc/1055/status File opened for reading /proc/1560/status File opened for reading /proc/28/status