Analysis
-
max time kernel
149s -
max time network
144s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
22-12-2024 18:37
Behavioral task
behavioral1
Sample
bot.x86_64.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
3 signatures
150 seconds
General
-
Target
bot.x86_64.elf
-
Size
140KB
-
MD5
949645a3b626bed43c941e3f28d529e1
-
SHA1
7dbd12e0860813e87a7023fe44bd6b212ec2f9bf
-
SHA256
8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd
-
SHA512
235e9c1d9a1c974c193178593cf511c8f21c75e2b30e60cccbfa6c9ea0c9fd4702a16fdf07791ff39850b7e3075d9ba563e69d42bf3c49c63e276d3b4d98fbb4
-
SSDEEP
3072:mTUTfCdO6FFto6z6EwKhc/t/ekNaogMewcgsK027uPOlM:mTUTfCdO6FFto6cwwQdAM
Score
6/10
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a- M"! 2870 bot.x86_64.elf -
description ioc Process File opened for reading /proc/2597/cmdline bot.x86_64.elf File opened for reading /proc/2901/cmdline bot.x86_64.elf File opened for reading /proc/36/cmdline bot.x86_64.elf File opened for reading /proc/581/cmdline bot.x86_64.elf File opened for reading /proc/2318/cmdline bot.x86_64.elf File opened for reading /proc/2354/cmdline bot.x86_64.elf File opened for reading /proc/586/cmdline bot.x86_64.elf File opened for reading /proc/2087/cmdline bot.x86_64.elf File opened for reading /proc/2346/cmdline bot.x86_64.elf File opened for reading /proc/43/cmdline bot.x86_64.elf File opened for reading /proc/190/cmdline bot.x86_64.elf File opened for reading /proc/199/cmdline bot.x86_64.elf File opened for reading /proc/513/cmdline bot.x86_64.elf File opened for reading /proc/1079/cmdline bot.x86_64.elf File opened for reading /proc/2691/cmdline bot.x86_64.elf File opened for reading /proc/2861/cmdline bot.x86_64.elf File opened for reading /proc/22/cmdline bot.x86_64.elf File opened for reading /proc/32/cmdline bot.x86_64.elf File opened for reading /proc/731/cmdline bot.x86_64.elf File opened for reading /proc/830/cmdline bot.x86_64.elf File opened for reading /proc/2347/cmdline bot.x86_64.elf File opened for reading /proc/4/cmdline bot.x86_64.elf File opened for reading /proc/41/cmdline bot.x86_64.elf File opened for reading /proc/274/cmdline bot.x86_64.elf File opened for reading /proc/439/cmdline bot.x86_64.elf File opened for reading /proc/1047/cmdline bot.x86_64.elf File opened for reading /proc/2621/cmdline bot.x86_64.elf File opened for reading /proc/1768/cmdline bot.x86_64.elf File opened for reading /proc/2352/cmdline bot.x86_64.elf File opened for reading /proc/2639/cmdline bot.x86_64.elf File opened for reading /proc/2858/cmdline bot.x86_64.elf File opened for reading /proc/28/cmdline bot.x86_64.elf File opened for reading /proc/44/cmdline bot.x86_64.elf File opened for reading /proc/184/cmdline bot.x86_64.elf File opened for reading /proc/1399/cmdline bot.x86_64.elf File opened for reading /proc/18/cmdline bot.x86_64.elf File opened for reading /proc/23/cmdline bot.x86_64.elf File opened for reading /proc/27/cmdline bot.x86_64.elf File opened for reading /proc/2523/cmdline bot.x86_64.elf File opened for reading /proc/200/cmdline bot.x86_64.elf File opened for reading /proc/2273/cmdline bot.x86_64.elf File opened for reading /proc/2524/cmdline bot.x86_64.elf File opened for reading /proc/2364/cmdline bot.x86_64.elf File opened for reading /proc/2390/cmdline bot.x86_64.elf File opened for reading /proc/31/cmdline bot.x86_64.elf File opened for reading /proc/2161/cmdline bot.x86_64.elf File opened for reading /proc/2300/cmdline bot.x86_64.elf File opened for reading /proc/2353/cmdline bot.x86_64.elf File opened for reading /proc/418/cmdline bot.x86_64.elf File opened for reading /proc/2350/cmdline bot.x86_64.elf File opened for reading /proc/19/cmdline bot.x86_64.elf File opened for reading /proc/40/cmdline bot.x86_64.elf File opened for reading /proc/70/cmdline bot.x86_64.elf File opened for reading /proc/198/cmdline bot.x86_64.elf File opened for reading /proc/357/cmdline bot.x86_64.elf File opened for reading /proc/1343/cmdline bot.x86_64.elf File opened for reading /proc/2250/cmdline bot.x86_64.elf File opened for reading /proc/2335/cmdline bot.x86_64.elf File opened for reading /proc/55/cmdline bot.x86_64.elf File opened for reading /proc/63/cmdline bot.x86_64.elf File opened for reading /proc/185/cmdline bot.x86_64.elf File opened for reading /proc/196/cmdline bot.x86_64.elf File opened for reading /proc/2345/cmdline bot.x86_64.elf File opened for reading /proc/2539/cmdline bot.x86_64.elf