Malware Analysis Report

2025-08-05 09:14

Sample ID 240507-b9gzvaga59
Target eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf
SHA256 eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb

Threat Level: Shows suspicious behavior

The file eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf was found to be: Shows suspicious behavior.

Malicious Activity Summary


Enumerates running processes

Changes its process name

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-07 01:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 01:50

Reported

2024-05-07 01:53

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

95s

Max time network

148s

Command Line

[/tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf]

Signatures

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself N/A /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/80/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/288/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1031/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1109/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/6/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/10/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/24/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/25/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1172/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1369/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1569/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/607/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1156/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/982/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1074/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1165/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1269/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/17/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/176/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/183/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/947/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/218/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/538/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1259/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/13/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/16/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/474/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/83/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/480/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/654/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1183/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/722/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1090/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1319/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1578/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/12/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/32/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/98/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/491/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/464/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/672/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/7/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/20/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/35/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/192/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/27/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1205/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1345/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1576/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1204/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/78/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/433/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/894/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1117/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1572/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/28/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/29/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/268/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/528/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/463/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/582/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/1186/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/85/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A
File opened for reading /proc/181/cmdline /tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf N/A

Processes

/tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf

[/tmp/eb35225cd1aac855cd5ffb704d6348a9aa5f8185084ecbbcc224067dab6fb9bb.elf]

Network

Country Destination Domain Proto
US 8.8.8.8:53 comfortel.cloud udp
N/A 224.0.0.251:5353 udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 151.101.130.49:443 tcp
US 151.101.1.91:443 tcp
GB 89.187.167.5:443 tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp
US 8.8.8.8:53 comfortel.cloud udp
NL 5.182.211.142:47925 comfortel.cloud tcp

Files

N/A