Analysis
-
max time kernel
148s -
max time network
144s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
25-12-2024 11:52
Behavioral task
behavioral1
Sample
x86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
x86.elf
-
Size
82KB
-
MD5
c066f8cfb64c43af3ab91e947b84a113
-
SHA1
182aeda6c9cf49b7aefeb070dacec4d4a4787b95
-
SHA256
78ac45234d2f8e88b242746539953ef3ff348c55216a5e946dcdcbb4fb6dc6ad
-
SHA512
a04760c37840574bebe290651f25316fe83b9e4aa81be164bb247d164681c1ddd1b7bab7e9d412035e45e839f31a853d78791d68ef8d7247eff047907d9f7120
-
SSDEEP
1536:2biuAtIXPORq/D1otcZjcYgwiSlCYvblw9LrqxVT:mxeIXPO9cH5HCYvKc
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1572 x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 4 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself bash 1573 x86.elf Changes the process name, possibly in an attempt to hide itself inetd 1575 x86.elf Changes the process name, possibly in an attempt to hide itself nginx 1574 x86.elf Changes the process name, possibly in an attempt to hide itself sshd 1576 x86.elf -
description ioc Process File opened for reading /proc/1561/cmdline x86.elf File opened for reading /proc/82/cmdline x86.elf File opened for reading /proc/160/cmdline x86.elf File opened for reading /proc/762/cmdline x86.elf File opened for reading /proc/1071/cmdline x86.elf File opened for reading /proc/1302/cmdline x86.elf File opened for reading /proc/114/cmdline x86.elf File opened for reading /proc/665/cmdline x86.elf File opened for reading /proc/1155/cmdline x86.elf File opened for reading /proc/1171/cmdline x86.elf File opened for reading /proc/1272/cmdline x86.elf File opened for reading /proc/20/cmdline x86.elf File opened for reading /proc/93/cmdline x86.elf File opened for reading /proc/208/cmdline x86.elf File opened for reading /proc/1533/cmdline x86.elf File opened for reading /proc/8/cmdline x86.elf File opened for reading /proc/76/cmdline x86.elf File opened for reading /proc/85/cmdline x86.elf File opened for reading /proc/775/cmdline x86.elf File opened for reading /proc/1103/cmdline x86.elf File opened for reading /proc/1158/cmdline x86.elf File opened for reading /proc/1161/cmdline x86.elf File opened for reading /proc/1194/cmdline x86.elf File opened for reading /proc/5/cmdline x86.elf File opened for reading /proc/77/cmdline x86.elf File opened for reading /proc/1427/cmdline x86.elf File opened for reading /proc/21/cmdline x86.elf File opened for reading /proc/607/cmdline x86.elf File opened for reading /proc/790/cmdline x86.elf File opened for reading /proc/970/cmdline x86.elf File opened for reading /proc/1053/cmdline x86.elf File opened for reading /proc/1288/cmdline x86.elf File opened for reading /proc/10/cmdline x86.elf File opened for reading /proc/18/cmdline x86.elf File opened for reading /proc/635/cmdline x86.elf File opened for reading /proc/676/cmdline x86.elf File opened for reading /proc/742/cmdline x86.elf File opened for reading /proc/930/cmdline x86.elf File opened for reading /proc/1043/cmdline x86.elf File opened for reading /proc/113/cmdline x86.elf File opened for reading /proc/514/cmdline x86.elf File opened for reading /proc/90/cmdline x86.elf File opened for reading /proc/951/cmdline x86.elf File opened for reading /proc/1124/cmdline x86.elf File opened for reading /proc/1576/cmdline x86.elf File opened for reading /proc/1577/cmdline x86.elf File opened for reading /proc/3/cmdline x86.elf File opened for reading /proc/19/cmdline x86.elf File opened for reading /proc/206/cmdline x86.elf File opened for reading /proc/1163/cmdline x86.elf File opened for reading /proc/1448/cmdline x86.elf File opened for reading /proc/83/cmdline x86.elf File opened for reading /proc/102/cmdline x86.elf File opened for reading /proc/634/cmdline x86.elf File opened for reading /proc/641/cmdline x86.elf File opened for reading /proc/736/cmdline x86.elf File opened for reading /proc/1178/cmdline x86.elf File opened for reading /proc/1562/cmdline x86.elf File opened for reading /proc/9/cmdline x86.elf File opened for reading /proc/22/cmdline x86.elf File opened for reading /proc/25/cmdline x86.elf File opened for reading /proc/80/cmdline x86.elf File opened for reading /proc/98/cmdline x86.elf File opened for reading /proc/194/cmdline x86.elf