Analysis
-
max time kernel
149s -
max time network
137s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240418-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240418-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
07/05/2024, 01:17
Static task
static1
Behavioral task
behavioral1
Sample
552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf
Resource
ubuntu2004-amd64-20240418-en
General
-
Target
552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf
-
Size
191KB
-
MD5
65ccd10cd0cab28c6b46d24c0d4c86f3
-
SHA1
c9165d6b0ee6f86cda6d58ffea792116ba484c32
-
SHA256
552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f
-
SHA512
476522b9241e9fc0820725385bf1d1524e7da46bd366b10822bfd128ee986ced328a239703fb455c5185e612856c90f4de8143465e01a890903a6465561e7501
-
SSDEEP
3072:ivmxdVVT7jFlZGgcbzScS3+P74c1vI9u9XXFHVByqqnnL/u:iuxdDjFlZGgcbzmuP74c1vI9u9HFHvqS
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1468 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1901/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1980/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/81/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1830/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/301/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1620/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1663/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1995/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/2020/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/532/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1392/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1404/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1601/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1606/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1533/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/158/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1077/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1528/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1806/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1835/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1848/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1939/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1798/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1832/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/823/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1794/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1071/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1153/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1983/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/201/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1737/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1845/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1017/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1839/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1928/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/24/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1805/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1970/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1078/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1111/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/173/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/270/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/392/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1507/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1607/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1981/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/86/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1395/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1854/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1895/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/2029/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/85/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/774/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1073/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/2002/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/70/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/165/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/689/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1467/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1887/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1910/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/497/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1035/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf File opened for reading /proc/1734/cmdline 552c2339fcffad67aae252e0dce5faf6af2de64fdf285fb25b006729878c716f.elf