Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
19-12-2024 04:31
Behavioral task
behavioral1
Sample
f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
3 signatures
150 seconds
General
-
Target
f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf
-
Size
140KB
-
MD5
40441cd25f19fe8f6ab3129f1430dcb5
-
SHA1
d276d4ba83538119f92cb4144594dd488e4931c3
-
SHA256
f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4
-
SHA512
c069a69dfd6f2627e734983f0094d2e946726f90c791277b3ad78d2ec2927d724b0521bc0b08707160e03401a1a1ecbc67261f66bde81772e3a43f52ffe7138a
-
SSDEEP
3072:mTUTfCdO6FFto6M6EwKhc/t/ekNaogMewcgsK027uPOlM:mTUTfCdO6FFto67wwQdAM
Score
6/10
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a- M"! 2483 f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf -
description ioc Process File opened for reading /proc/1668/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1961/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1993/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/6/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/17/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/33/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/44/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/54/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2512/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2249/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/53/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1052/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1700/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1959/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2235/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1690/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1792/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2225/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/65/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/389/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/812/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/861/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1068/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1682/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2183/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2218/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/19/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/182/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/789/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/811/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1403/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/383/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/590/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1048/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2419/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2480/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1782/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1965/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2306/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/22/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/37/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/48/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/790/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1075/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/63/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/457/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/503/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1883/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1938/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2482/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/193/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/757/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1917/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/14/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/26/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/141/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/189/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/190/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2280/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/2191/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/34/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/441/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/778/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf File opened for reading /proc/1090/cmdline f86d1f30521633a74ea9a5fb44261448e388f3bd6988b27b96544e31507bd3c4.elf