Analysis
-
max time kernel
145s -
max time network
154s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
12/02/2024, 03:59
Behavioral task
behavioral1
Sample
46e7c6388f27886a5a3571d6ba7e36d1e1ff4eb04d06a94d1c22f80b6dec56a5.elf
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
46e7c6388f27886a5a3571d6ba7e36d1e1ff4eb04d06a94d1c22f80b6dec56a5.elf
-
Size
54KB
-
MD5
33a7200b412c7a2f9c4cd33f020a6921
-
SHA1
17af121a0ae5dfa81570d0b4e8ee0a934e5f0b9a
-
SHA256
46e7c6388f27886a5a3571d6ba7e36d1e1ff4eb04d06a94d1c22f80b6dec56a5
-
SHA512
2800138a39017c09d85af096d089df861f8050e5b8cc6f6a17288edd8611e228b43e7648070cff81e829b46aa0d9c95856613dd8cea9c67dfb2147ddc6473f84
-
SSDEEP
1536:uITW3WsRUK1ZgQohZGyS8cX7wGF5TTSlay:uIK3lRUK1ZgH/GySdXUaTUP
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 1549 46e7c6388f27886a5a3571d6ba7e36d1e1ff4eb04d06a94d1c22f80b6dec56a5.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/1252/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/127/cmdline File opened for reading /proc/1114/cmdline File opened for reading /proc/1135/cmdline File opened for reading /proc/1164/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/655/cmdline File opened for reading /proc/961/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/1086/cmdline File opened for reading /proc/1185/cmdline File opened for reading /proc/1441/cmdline File opened for reading /proc/469/cmdline File opened for reading /proc/532/cmdline File opened for reading /proc/1016/cmdline File opened for reading /proc/1059/cmdline File opened for reading /proc/1509/cmdline File opened for reading /proc/1241/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/155/cmdline File opened for reading /proc/562/cmdline File opened for reading /proc/880/cmdline File opened for reading /proc/1065/cmdline File opened for reading /proc/1177/cmdline File opened for reading /proc/1183/cmdline File opened for reading /proc/160/cmdline File opened for reading /proc/518/cmdline File opened for reading /proc/1265/cmdline File opened for reading /proc/1358/cmdline File opened for reading /proc/1535/cmdline File opened for reading /proc/32/cmdline File opened for reading /proc/170/cmdline File opened for reading /proc/470/cmdline File opened for reading /proc/1109/cmdline File opened for reading /proc/1153/cmdline File opened for reading /proc/1180/cmdline File opened for reading /proc/1321/cmdline File opened for reading /proc/1145/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/434/cmdline File opened for reading /proc/444/cmdline File opened for reading /proc/649/cmdline File opened for reading /proc/1123/cmdline File opened for reading /proc/1163/cmdline File opened for reading /proc/1240/cmdline File opened for reading /proc/1341/cmdline File opened for reading /proc/1534/cmdline File opened for reading /proc/30/cmdline File opened for reading /proc/84/cmdline File opened for reading /proc/168/cmdline File opened for reading /proc/956/cmdline File opened for reading /proc/967/cmdline File opened for reading /proc/1298/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/171/cmdline File opened for reading /proc/468/cmdline