Analysis
-
max time kernel
148s -
max time network
153s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
14-10-2024 01:29
Behavioral task
behavioral1
Sample
591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
5 signatures
150 seconds
General
-
Target
591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf
-
Size
69KB
-
MD5
4b6eb96c15bfd951b6445a84dd6a5abb
-
SHA1
dbcb159fe0edebef124a69179304c66fe5b7d42a
-
SHA256
591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0
-
SHA512
93e232fae405595dab57eca1ff263e9dea506562f4365d90cf065609c11ac69bdb146e8bb8606bcb9837b95db3111ec2026bc85c75c13559e54a6ef6a6480556
-
SSDEEP
1536:pnUQJZdRlDAXO6QyQUK6+QWZxehp3uJ7RvsuIr5bhO8A:pnUQJ7RlUXTQpUK6+QwxeL3q+uWDA
Score
9/10
Malware Config
Signatures
-
Contacts a large (37108) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /bin/systemd 1579 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf -
description ioc Process File opened for reading /proc/20/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/762/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1200/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/959/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1129/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1158/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1290/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/2/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/589/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/606/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/629/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1461/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1547/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1114/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1122/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1167/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/21/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/26/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/98/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/833/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/599/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/630/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/838/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1324/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/10/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/79/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/218/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/311/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/499/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/521/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1176/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1203/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/17/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/83/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/90/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/99/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1328/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1408/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1581/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/19/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/118/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/216/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/409/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/413/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/772/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/953/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1172/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/5/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/12/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/15/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/92/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/411/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/632/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/671/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/980/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/11/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/73/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/88/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/310/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1140/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1169/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/224/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1182/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf File opened for reading /proc/1548/cmdline 591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf