Analysis
-
max time kernel
1s -
max time network
46s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20250410-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20250410-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
15/04/2025, 20:13
Behavioral task
behavioral1
Sample
bejv86.elf
Resource
ubuntu2204-amd64-20250410-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
bejv86.elf
-
Size
108KB
-
MD5
babafd07522dae28c4a9fac420b1dfbc
-
SHA1
fffe73c79d2baeeb308d97aa9226721f5f32088d
-
SHA256
4cc2cb8373a507af24a93ac34844208b516ff76f4a32df23deff66adc30a831f
-
SHA512
c1b37213b0991d38753150bc14427ea1ae51b8dbf90a4900933bc509fa425d82f893b9994ff76da885360b5a94ef79d1ce9d43fc6feedf25c8f6ba97e09e9c40
-
SSDEEP
3072:dvyjlyavaI2Zo50FKQWxxVGmzQa6PbGpARSfTBcnw:FyjlhvPGo5qKAKtcw
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid 1581 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory 1 TTPs 64 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
description ioc File opened for reading /proc/413/maps File opened for reading /proc/75/maps File opened for reading /proc/86/maps File opened for reading /proc/88/maps File opened for reading /proc/195/maps File opened for reading /proc/377/maps File opened for reading /proc/417/maps File opened for reading /proc/21/maps File opened for reading /proc/82/maps File opened for reading /proc/89/maps File opened for reading /proc/193/maps File opened for reading /proc/205/maps File opened for reading /proc/101/maps File opened for reading /proc/213/maps File opened for reading /proc/263/maps File opened for reading /proc/13/maps File opened for reading /proc/22/maps File opened for reading /proc/2/maps File opened for reading /proc/9/maps File opened for reading /proc/20/maps File opened for reading /proc/95/maps File opened for reading /proc/119/maps File opened for reading /proc/191/maps File opened for reading /proc/211/maps File opened for reading /proc/408/maps File opened for reading /proc/18/maps File opened for reading /proc/74/maps File opened for reading /proc/76/maps File opened for reading /proc/81/maps File opened for reading /proc/97/maps File opened for reading /proc/98/maps File opened for reading /proc/90/maps File opened for reading /proc/91/maps File opened for reading /proc/215/maps File opened for reading /proc/15/maps File opened for reading /proc/24/maps File opened for reading /proc/85/maps File opened for reading /proc/99/maps File opened for reading /proc/160/maps File opened for reading /proc/216/maps File opened for reading /proc/225/maps File opened for reading /proc/415/maps File opened for reading /proc/11/maps File opened for reading /proc/73/maps File opened for reading /proc/94/maps File opened for reading /proc/314/maps File opened for reading /proc/411/maps File opened for reading /proc/17/maps File opened for reading /proc/102/maps File opened for reading /proc/197/maps File opened for reading /proc/207/maps File opened for reading /proc/14/maps File opened for reading /proc/16/maps File opened for reading /proc/19/maps File opened for reading /proc/23/maps File opened for reading /proc/83/maps File opened for reading /proc/93/maps File opened for reading /proc/110/maps File opened for reading /proc/5/maps File opened for reading /proc/7/maps File opened for reading /proc/12/maps File opened for reading /proc/92/maps File opened for reading /proc/114/maps File opened for reading /proc/159/maps -
Changes its process name 3 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself - 1580 Changes the process name, possibly in an attempt to hide itself kworker/u8:0 1580 Changes the process name, possibly in an attempt to hide itself httpd 1580