Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
01-01-2025 20:36
Behavioral task
behavioral1
Sample
nvebfe64.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
4 signatures
150 seconds
General
-
Target
nvebfe64.elf
-
Size
155KB
-
MD5
931ba6782daee87f4d3b97290b30a3e5
-
SHA1
5830c92502586e7907d96ac9d84edf935b15159c
-
SHA256
af9bb8d23d718a6603edc6acd13041266d1f3964764014f997f89f853a2c4222
-
SHA512
36c5b94f608003c8e1e6f2197a6332a378ddb108c6a9f1764a42a0236b58ff6bbf6a2dbb6775c627b5ce64376a92e1f9cef95d06c045ef7b52be50680647690d
-
SSDEEP
3072:Xu0EAnqigKvEZVKXOSA6jtYnnkKXleCNqgBTQUYRjSkijSAnxm:XuDAnqigKvEZVKX0/UUqPAxm
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2819 nvebfe64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 2818 nvebfe64.elf -
description ioc Process File opened for reading /proc/2305/exe nvebfe64.elf File opened for reading /proc/2310/exe nvebfe64.elf File opened for reading /proc/2638/exe nvebfe64.elf File opened for reading /proc/2304/exe nvebfe64.elf File opened for reading /proc/2272/exe nvebfe64.elf File opened for reading /proc/2325/exe nvebfe64.elf File opened for reading /proc/587/exe nvebfe64.elf File opened for reading /proc/2302/exe nvebfe64.elf File opened for reading /proc/757/exe nvebfe64.elf File opened for reading /proc/1255/exe nvebfe64.elf File opened for reading /proc/2033/exe nvebfe64.elf File opened for reading /proc/2275/exe nvebfe64.elf File opened for reading /proc/830/exe nvebfe64.elf File opened for reading /proc/1056/exe nvebfe64.elf File opened for reading /proc/1343/exe nvebfe64.elf File opened for reading /proc/2206/exe nvebfe64.elf File opened for reading /proc/2820/exe nvebfe64.elf File opened for reading /proc/1062/exe nvebfe64.elf File opened for reading /proc/2837/exe nvebfe64.elf File opened for reading /proc/735/exe nvebfe64.elf File opened for reading /proc/2326/exe nvebfe64.elf File opened for reading /proc/2611/exe nvebfe64.elf File opened for reading /proc/2793/exe nvebfe64.elf File opened for reading /proc/2825/exe nvebfe64.elf File opened for reading /proc/2035/exe nvebfe64.elf File opened for reading /proc/2209/exe nvebfe64.elf File opened for reading /proc/2227/exe nvebfe64.elf File opened for reading /proc/2557/exe nvebfe64.elf File opened for reading /proc/1047/exe nvebfe64.elf File opened for reading /proc/2147/exe nvebfe64.elf File opened for reading /proc/2241/exe nvebfe64.elf File opened for reading /proc/2445/exe nvebfe64.elf File opened for reading /proc/2477/exe nvebfe64.elf File opened for reading /proc/2498/exe nvebfe64.elf File opened for reading /proc/1053/exe nvebfe64.elf File opened for reading /proc/1111/exe nvebfe64.elf File opened for reading /proc/1080/exe nvebfe64.elf File opened for reading /proc/1417/exe nvebfe64.elf File opened for reading /proc/2508/exe nvebfe64.elf File opened for reading /proc/2588/exe nvebfe64.elf File opened for reading /proc/509/exe nvebfe64.elf File opened for reading /proc/580/exe nvebfe64.elf File opened for reading /proc/2125/exe nvebfe64.elf File opened for reading /proc/2316/exe nvebfe64.elf File opened for reading /proc/2426/exe nvebfe64.elf File opened for reading /proc/2564/exe nvebfe64.elf File opened for reading /proc/834/exe nvebfe64.elf File opened for reading /proc/1113/exe nvebfe64.elf File opened for reading /proc/2030/exe nvebfe64.elf File opened for reading /proc/438/exe nvebfe64.elf File opened for reading /proc/2521/exe nvebfe64.elf File opened for reading /proc/2849/exe nvebfe64.elf File opened for reading /proc/2345/exe nvebfe64.elf File opened for reading /proc/2495/exe nvebfe64.elf File opened for reading /proc/510/exe nvebfe64.elf File opened for reading /proc/745/exe nvebfe64.elf File opened for reading /proc/2179/exe nvebfe64.elf File opened for reading /proc/2250/exe nvebfe64.elf File opened for reading /proc/1081/exe nvebfe64.elf File opened for reading /proc/1088/exe nvebfe64.elf File opened for reading /proc/2551/exe nvebfe64.elf File opened for reading /proc/727/exe nvebfe64.elf File opened for reading /proc/1068/exe nvebfe64.elf File opened for reading /proc/2043/exe nvebfe64.elf