Analysis
-
max time kernel
134s -
max time network
140s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
28-01-2025 14:32
Behavioral task
behavioral1
Sample
bejv86.elf
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
bejv86.elf
-
Size
98KB
-
MD5
2fb1fe50835a4463ee1bc87c400ccb8d
-
SHA1
0c871229f4c8f68735b3c5a1844b635304f6f582
-
SHA256
1663b78b27d276fe08994d9c12ce8f5d5ce3f3be08754427dc710457f5f69a53
-
SHA512
74a9db0d1b03900373d30717b1c918bba845a8b76be76ebd88ff6c05d6446e092d9a49bf4b6507cfb57a094c47268205756ae116f50784bfbe634d7bc36f2222
-
SSDEEP
1536:LrRnFWEPz30ZJudivf3iP/D9ntZCBwvzfDKpToariR9bTSc8bvBWX8:PRFfPz30ZJ7KP/TZCCbDmT/r8+JR
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid 1571 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself httpd 1570 -
description ioc File opened for reading /proc/204/cmdline File opened for reading /proc/827/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/92/cmdline File opened for reading /proc/99/cmdline File opened for reading /proc/613/cmdline File opened for reading /proc/1109/cmdline File opened for reading /proc/1164/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/114/cmdline File opened for reading /proc/219/cmdline File opened for reading /proc/633/cmdline File opened for reading /proc/856/cmdline File opened for reading /proc/874/cmdline File opened for reading /proc/986/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/206/cmdline File opened for reading /proc/221/cmdline File opened for reading /proc/520/cmdline File opened for reading /proc/675/cmdline File opened for reading /proc/704/cmdline File opened for reading /proc/1169/cmdline File opened for reading /proc/77/cmdline File opened for reading /proc/82/cmdline File opened for reading /proc/223/cmdline File opened for reading /proc/1067/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/714/cmdline File opened for reading /proc/1129/cmdline File opened for reading /proc/854/cmdline File opened for reading /proc/86/cmdline File opened for reading /proc/226/cmdline File opened for reading /proc/412/cmdline File opened for reading /proc/418/cmdline File opened for reading /proc/589/cmdline File opened for reading /proc/632/cmdline File opened for reading /proc/828/cmdline File opened for reading /proc/959/cmdline File opened for reading /proc/965/cmdline File opened for reading /proc/1039/cmdline File opened for reading /proc/1088/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/90/cmdline File opened for reading /proc/91/cmdline File opened for reading /proc/224/cmdline File opened for reading /proc/415/cmdline File opened for reading /proc/696/cmdline File opened for reading /proc/725/cmdline File opened for reading /proc/93/cmdline File opened for reading /proc/110/cmdline File opened for reading /proc/377/cmdline File opened for reading /proc/497/cmdline File opened for reading /proc/630/cmdline File opened for reading /proc/1103/cmdline File opened for reading /proc/88/cmdline File opened for reading /proc/96/cmdline File opened for reading /proc/586/cmdline File opened for reading /proc/594/cmdline File opened for reading /proc/1167/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/101/cmdline File opened for reading /proc/211/cmdline