Analysis
-
max time kernel
148s -
max time network
151s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
25-12-2024 11:42
Behavioral task
behavioral1
Sample
x86_64.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
x86_64.elf
-
Size
69KB
-
MD5
63edba43cee544c822ee0886c55203d6
-
SHA1
b8f05670963ac00d89663c5a68656f3fec828291
-
SHA256
4cac85571126dcab87f5fa06d4a6fb7df748a0c4389eb7cd9566da5d104d13a2
-
SHA512
5ea69ef64db6a059eb6e2eb7bf19a3ee56293df55fca066fbbc26ec42dbd5cd1a238967ce28db915bd86d6d08de81b240b58edc4d53d5cc2797e9383451380ff
-
SSDEEP
1536:6gaQAETX/O855Fh5jfNYoiZdE78ATWaEqdG04tTwACYW:6tQbTX/t55Fh5jfNYoiyFTWa3DiUACYW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1566 x86_64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 4 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself bash 1567 x86_64.elf Changes the process name, possibly in an attempt to hide itself inetd 1569 x86_64.elf Changes the process name, possibly in an attempt to hide itself nginx 1568 x86_64.elf Changes the process name, possibly in an attempt to hide itself sshd 1570 x86_64.elf -
description ioc Process File opened for reading /proc/1123/cmdline x86_64.elf File opened for reading /proc/1231/cmdline x86_64.elf File opened for reading /proc/13/cmdline x86_64.elf File opened for reading /proc/979/cmdline x86_64.elf File opened for reading /proc/1053/cmdline x86_64.elf File opened for reading /proc/1555/cmdline x86_64.elf File opened for reading /proc/1569/cmdline x86_64.elf File opened for reading /proc/19/cmdline x86_64.elf File opened for reading /proc/505/cmdline x86_64.elf File opened for reading /proc/942/cmdline x86_64.elf File opened for reading /proc/1157/cmdline x86_64.elf File opened for reading /proc/114/cmdline x86_64.elf File opened for reading /proc/530/cmdline x86_64.elf File opened for reading /proc/1155/cmdline x86_64.elf File opened for reading /proc/634/cmdline x86_64.elf File opened for reading /proc/749/cmdline x86_64.elf File opened for reading /proc/778/cmdline x86_64.elf File opened for reading /proc/1358/cmdline x86_64.elf File opened for reading /proc/16/cmdline x86_64.elf File opened for reading /proc/21/cmdline x86_64.elf File opened for reading /proc/225/cmdline x86_64.elf File opened for reading /proc/794/cmdline x86_64.elf File opened for reading /proc/1210/cmdline x86_64.elf File opened for reading /proc/12/cmdline x86_64.elf File opened for reading /proc/22/cmdline x86_64.elf File opened for reading /proc/102/cmdline x86_64.elf File opened for reading /proc/25/cmdline x86_64.elf File opened for reading /proc/195/cmdline x86_64.elf File opened for reading /proc/1091/cmdline x86_64.elf File opened for reading /proc/1234/cmdline x86_64.elf File opened for reading /proc/1239/cmdline x86_64.elf File opened for reading /proc/1/cmdline x86_64.elf File opened for reading /proc/9/cmdline x86_64.elf File opened for reading /proc/14/cmdline x86_64.elf File opened for reading /proc/1242/cmdline x86_64.elf File opened for reading /proc/741/cmdline x86_64.elf File opened for reading /proc/986/cmdline x86_64.elf File opened for reading /proc/1107/cmdline x86_64.elf File opened for reading /proc/1154/cmdline x86_64.elf File opened for reading /proc/5/cmdline x86_64.elf File opened for reading /proc/11/cmdline x86_64.elf File opened for reading /proc/738/cmdline x86_64.elf File opened for reading /proc/839/cmdline x86_64.elf File opened for reading /proc/1032/cmdline x86_64.elf File opened for reading /proc/74/cmdline x86_64.elf File opened for reading /proc/89/cmdline x86_64.elf File opened for reading /proc/451/cmdline x86_64.elf File opened for reading /proc/587/cmdline x86_64.elf File opened for reading /proc/1061/cmdline x86_64.elf File opened for reading /proc/1158/cmdline x86_64.elf File opened for reading /proc/101/cmdline x86_64.elf File opened for reading /proc/216/cmdline x86_64.elf File opened for reading /proc/417/cmdline x86_64.elf File opened for reading /proc/96/cmdline x86_64.elf File opened for reading /proc/113/cmdline x86_64.elf File opened for reading /proc/214/cmdline x86_64.elf File opened for reading /proc/636/cmdline x86_64.elf File opened for reading /proc/1074/cmdline x86_64.elf File opened for reading /proc/23/cmdline x86_64.elf File opened for reading /proc/91/cmdline x86_64.elf File opened for reading /proc/92/cmdline x86_64.elf File opened for reading /proc/1103/cmdline x86_64.elf File opened for reading /proc/987/cmdline x86_64.elf File opened for reading /proc/1170/cmdline x86_64.elf