Analysis
-
max time kernel
149s -
max time network
148s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
19/04/2024, 09:34
Behavioral task
behavioral1
Sample
ea43929d4909e3e587276556a147b594.elf
Resource
ubuntu2004-amd64-20240221-en
3 signatures
150 seconds
General
-
Target
ea43929d4909e3e587276556a147b594.elf
-
Size
143KB
-
MD5
ea43929d4909e3e587276556a147b594
-
SHA1
4d6282015ca7a645c01571f9c8d8456a2f50fc23
-
SHA256
51ec23564f60188b7a2d834d6a3438bbd104e6ebc931036fa70013be854b46ee
-
SHA512
6b31f5dbe1371bdb9850bb82dfb36f75707a77b0fc8afdf9dbad16e0b004c9d717876715c04b57ee5d46464d0c50a9dc12880ef2eb59f8b1226f51b9ea459bb6
-
SSDEEP
3072:rJaDjzXRdr5Hy2Y0hXWotW7t9IvYmdQV+eFvCd7zfHOUWxub:rJaDjzXRddueULvCBOub
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a- M"! 1454 ea43929d4909e3e587276556a147b594.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/1893/cmdline File opened for reading /proc/165/cmdline File opened for reading /proc/1199/cmdline File opened for reading /proc/1399/cmdline File opened for reading /proc/1529/cmdline File opened for reading /proc/859/cmdline File opened for reading /proc/962/cmdline File opened for reading /proc/1423/cmdline File opened for reading /proc/1097/cmdline File opened for reading /proc/1913/cmdline File opened for reading /proc/1554/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/1464/cmdline File opened for reading /proc/1536/cmdline File opened for reading /proc/1614/cmdline File opened for reading /proc/1898/cmdline File opened for reading /proc/200/cmdline File opened for reading /proc/1422/cmdline File opened for reading /proc/1456/cmdline File opened for reading /proc/1493/cmdline File opened for reading /proc/1724/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/400/cmdline File opened for reading /proc/954/cmdline File opened for reading /proc/1918/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/70/cmdline File opened for reading /proc/1754/cmdline File opened for reading /proc/1834/cmdline File opened for reading /proc/82/cmdline File opened for reading /proc/309/cmdline File opened for reading /proc/1548/cmdline File opened for reading /proc/1108/cmdline File opened for reading /proc/1126/cmdline File opened for reading /proc/1416/cmdline File opened for reading /proc/1708/cmdline File opened for reading /proc/1718/cmdline File opened for reading /proc/119/cmdline File opened for reading /proc/592/cmdline File opened for reading /proc/598/cmdline File opened for reading /proc/1908/cmdline File opened for reading /proc/979/cmdline File opened for reading /proc/1312/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/640/cmdline File opened for reading /proc/680/cmdline File opened for reading /proc/1595/cmdline File opened for reading /proc/1735/cmdline File opened for reading /proc/1932/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/1492/cmdline File opened for reading /proc/1549/cmdline File opened for reading /proc/1899/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/785/cmdline File opened for reading /proc/1420/cmdline File opened for reading /proc/1736/cmdline File opened for reading /proc/91/cmdline File opened for reading /proc/92/cmdline File opened for reading /proc/1604/cmdline