Analysis
-
max time kernel
4s -
max time network
13s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
07-06-2024 02:50
Static task
static1
Behavioral task
behavioral1
Sample
fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf
Resource
ubuntu1804-amd64-20240508-en
General
-
Target
fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf
-
Size
87KB
-
MD5
b901090f16d480f12ac15e66d60c38ba
-
SHA1
3f3efbef64b381902ec721fd8246eaff8c7c8c23
-
SHA256
fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e
-
SHA512
badef5e3b3005cbfc3cf54523cae066f345d60d42bf89c3b84e16d77c106a8d8a7774f12879cbebcb4a64c00811b7faa526e7df951dd76a2f480d18b2d4421a9
-
SSDEEP
1536:xpmWc2AcighsZ82fJxfcpHD1mSsM8meUigBQ9TnkISGtAdr0xZ:xpmX2riED2frfWHhmLVUBQ9kVTr0x
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
Processes:
fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elfdescription pid process Changes the process name, possibly in an attempt to hide itself 1494 fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elfdescription ioc process File opened for reading /proc/14/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/407/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1060/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1153/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1281/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/10/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/34/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/166/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/29/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1126/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1131/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1485/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/950/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/681/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/729/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1343/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/9/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/167/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/490/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/26/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/176/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/474/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/486/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1158/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1488/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/174/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/18/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/85/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/936/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1036/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1086/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1142/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1217/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/2/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1498/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1250/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/98/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/162/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/169/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/173/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/177/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/482/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/662/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/3/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1176/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1164/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/529/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/664/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/959/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1135/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/35/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/80/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/164/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/940/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1110/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1489/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/23/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/206/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/658/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1101/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1275/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/1316/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/79/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf File opened for reading /proc/597/cmdline fac0971b56235030e059a55ccd229626115bed33c9205420876ab386a092a32e.elf