Analysis
-
max time kernel
95s -
max time network
148s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
07/05/2024, 01:50
Static task
static1
Behavioral task
behavioral1
Sample
eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf
Resource
ubuntu1804-amd64-20240226-en
General
-
Target
eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf
-
Size
91KB
-
MD5
f48babebbe6f417f4c16eca930f3c6d3
-
SHA1
2dbe1a3ec5e4af63caf7024da104336a12bc0229
-
SHA256
eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb
-
SHA512
866a1a0a2a9ac69124cc74a41fe77b06e3b14a0088721f1cf1ec4595b699d6ad42819a27b77bd6390cecadc0afc95e9e96600624b909c8667c37304f84f47540
-
SSDEEP
1536:oFd1IRgCXUzx7t0fMqlOgQEiyhcg+7ju72wPZnWhZS5xtY+o:oFdmR9XUzxh0fMgOgQEimEjLAdew5bo
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1575 eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/80/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/288/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1031/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1109/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/6/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/10/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/24/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/25/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1172/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1369/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1569/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/607/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1156/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/982/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1074/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1165/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1269/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/17/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/176/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/183/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/947/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/218/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/538/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1259/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/13/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/16/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/474/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/83/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/480/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/654/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1183/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/722/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1090/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1319/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1578/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/12/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/32/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/98/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/491/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/464/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/672/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/7/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/20/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/35/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/192/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/27/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1205/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1345/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1576/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1204/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/78/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/433/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/894/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1117/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1572/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/28/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/29/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/268/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/528/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/463/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/582/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/1186/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/85/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf File opened for reading /proc/181/cmdline eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf