Analysis
-
max time kernel
141s -
max time network
154s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20250307-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
24/03/2025, 11:45
Behavioral task
behavioral1
Sample
da92f6515014f5f4ca9d22cee708f921a0a2228fdc8220cb188e2b345d9b6e69.elf
Resource
ubuntu2204-amd64-20250307-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
da92f6515014f5f4ca9d22cee708f921a0a2228fdc8220cb188e2b345d9b6e69.elf
-
Size
61KB
-
MD5
ae403ef91f4a5a63f9fea903f5c2a598
-
SHA1
409ca9d7ea942a3eca0d81367ebf5d3843cd3a7a
-
SHA256
da92f6515014f5f4ca9d22cee708f921a0a2228fdc8220cb188e2b345d9b6e69
-
SHA512
5982ee2a78b44b85e1b9c13f613683d0c4ecefe3305e69a289c6691caa7c5f1e6a16d19b2a2593b72e92d87f723bb85144efd4f249717a8c4294d22811a928c1
-
SSDEEP
1536:hsJzVTBEV6t+sJ9b6Vc53mr/OyucnIA3Bda9X81OwoO7R:uJBVEV6tZ2c9mr/OyfnZBaM1F
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid 1558 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself httpd 1557 -
description ioc File opened for reading /proc/929/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/217/cmdline File opened for reading /proc/500/cmdline File opened for reading /proc/1138/cmdline File opened for reading /proc/1149/cmdline File opened for reading /proc/93/cmdline File opened for reading /proc/118/cmdline File opened for reading /proc/582/cmdline File opened for reading /proc/631/cmdline File opened for reading /proc/1054/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/399/cmdline File opened for reading /proc/1060/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/25/cmdline File opened for reading /proc/73/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/88/cmdline File opened for reading /proc/92/cmdline File opened for reading /proc/213/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/752/cmdline File opened for reading /proc/215/cmdline File opened for reading /proc/407/cmdline File opened for reading /proc/446/cmdline File opened for reading /proc/629/cmdline File opened for reading /proc/887/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/411/cmdline File opened for reading /proc/779/cmdline File opened for reading /proc/1118/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/94/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/211/cmdline File opened for reading /proc/1076/cmdline File opened for reading /proc/1082/cmdline File opened for reading /proc/1157/cmdline File opened for reading /proc/218/cmdline File opened for reading /proc/76/cmdline File opened for reading /proc/1031/cmdline File opened for reading /proc/1153/cmdline File opened for reading /proc/112/cmdline File opened for reading /proc/410/cmdline File opened for reading /proc/588/cmdline File opened for reading /proc/89/cmdline File opened for reading /proc/225/cmdline File opened for reading /proc/308/cmdline File opened for reading /proc/754/cmdline File opened for reading /proc/912/cmdline File opened for reading /proc/1151/cmdline File opened for reading /proc/109/cmdline File opened for reading /proc/219/cmdline File opened for reading /proc/220/cmdline File opened for reading /proc/665/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/1136/cmdline