Analysis
-
max time kernel
150s -
max time network
147s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
15-12-2024 16:52
Behavioral task
behavioral1
Sample
x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
x86.elf
-
Size
49KB
-
MD5
f51ed24f97c3d64ec4057732d8c58f30
-
SHA1
438cc432be1fd5f5d9b63c762fc0ad6e67eea597
-
SHA256
aeeca75acef1f1064960a6b9f403eab371108b4cee34738ecd87b171d052665c
-
SHA512
7458ac676f953c374adc8d18a7c700b43268492d8a7ac4f39d878e8315c420d199e8fa67e7e753eca06c35a6836551bd0de416a01e8d832d39e876c68f6efd0d
-
SSDEEP
1536:GWa2d5sf1Gg+ya+nlQ5FmXXbzbfwVsp3MSfCYV:Gt2d5sf1GCammrmnX7MW3dCYV
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1559 x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 4 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself bash 1560 x86.elf Changes the process name, possibly in an attempt to hide itself nginx 1561 x86.elf Changes the process name, possibly in an attempt to hide itself inetd 1562 x86.elf Changes the process name, possibly in an attempt to hide itself sshd 1563 x86.elf -
description ioc Process File opened for reading /proc/1154/cmdline x86.elf File opened for reading /proc/1168/cmdline x86.elf File opened for reading /proc/1369/cmdline x86.elf File opened for reading /proc/218/cmdline x86.elf File opened for reading /proc/761/cmdline x86.elf File opened for reading /proc/101/cmdline x86.elf File opened for reading /proc/499/cmdline x86.elf File opened for reading /proc/873/cmdline x86.elf File opened for reading /proc/973/cmdline x86.elf File opened for reading /proc/75/cmdline x86.elf File opened for reading /proc/91/cmdline x86.elf File opened for reading /proc/781/cmdline x86.elf File opened for reading /proc/993/cmdline x86.elf File opened for reading /proc/1045/cmdline x86.elf File opened for reading /proc/1064/cmdline x86.elf File opened for reading /proc/1085/cmdline x86.elf File opened for reading /proc/1234/cmdline x86.elf File opened for reading /proc/587/cmdline x86.elf File opened for reading /proc/649/cmdline x86.elf File opened for reading /proc/1548/cmdline x86.elf File opened for reading /proc/1051/cmdline x86.elf File opened for reading /proc/1158/cmdline x86.elf File opened for reading /proc/1244/cmdline x86.elf File opened for reading /proc/1388/cmdline x86.elf File opened for reading /proc/99/cmdline x86.elf File opened for reading /proc/415/cmdline x86.elf File opened for reading /proc/214/cmdline x86.elf File opened for reading /proc/1162/cmdline x86.elf File opened for reading /proc/27/cmdline x86.elf File opened for reading /proc/197/cmdline x86.elf File opened for reading /proc/210/cmdline x86.elf File opened for reading /proc/608/cmdline x86.elf File opened for reading /proc/646/cmdline x86.elf File opened for reading /proc/1094/cmdline x86.elf File opened for reading /proc/1145/cmdline x86.elf File opened for reading /proc/20/cmdline x86.elf File opened for reading /proc/159/cmdline x86.elf File opened for reading /proc/520/cmdline x86.elf File opened for reading /proc/76/cmdline x86.elf File opened for reading /proc/82/cmdline x86.elf File opened for reading /proc/102/cmdline x86.elf File opened for reading /proc/119/cmdline x86.elf File opened for reading /proc/844/cmdline x86.elf File opened for reading /proc/1164/cmdline x86.elf File opened for reading /proc/15/cmdline x86.elf File opened for reading /proc/16/cmdline x86.elf File opened for reading /proc/1434/cmdline x86.elf File opened for reading /proc/660/cmdline x86.elf File opened for reading /proc/751/cmdline x86.elf File opened for reading /proc/760/cmdline x86.elf File opened for reading /proc/1080/cmdline x86.elf File opened for reading /proc/1156/cmdline x86.elf File opened for reading /proc/1178/cmdline x86.elf File opened for reading /proc/9/cmdline x86.elf File opened for reading /proc/22/cmdline x86.elf File opened for reading /proc/1337/cmdline x86.elf File opened for reading /proc/1253/cmdline x86.elf File opened for reading /proc/1329/cmdline x86.elf File opened for reading /proc/593/cmdline x86.elf File opened for reading /proc/839/cmdline x86.elf File opened for reading /proc/1547/cmdline x86.elf File opened for reading /proc/216/cmdline x86.elf File opened for reading /proc/227/cmdline x86.elf File opened for reading /proc/630/cmdline x86.elf