Overview

overview

10

Static

static

10

48f9471c20...45c5b7

ubuntu-18.04-amd64

10

Resubmissions

11-08-2022 15:33

220811-szns3sbcb4 10

25-07-2022 16:57

220725-vglxwafbh5 5

Analysis

  • max time kernel
    0s
  • max time network
    102s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    11-08-2022 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7

  • Size

    78KB

  • MD5

    204728fb1878b9f4f83c110e7cf6b5b5

  • SHA1

    cce00f83b70839ea9d42f2fe4ec773e6014ef00f

  • SHA256

    48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7

  • SHA512

    43df37b151c0ec7fa6f0f0ca185eb7666f256895b9fab0b62fc1f8666a0ad440c6f96569c3fa62b986eff03f980190cd5b484567f7f9b3f16e5cda348a74316c

Score
10/10
lightningbackdoorrootkit

Malware Config

Signatures

  • Lightning Framework

    Linux modular framework with the ability to install rootkits, first seen in July 2022.

    backdoorrootkitlightning
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7
    /tmp/48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7
    1⤵
    • Writes file to tmp directory
    PID:593
    • /bin/sh
      sh -c "/usr/lib64/seahorses/kbioset /tmp/48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7 &"
      2⤵
        PID:594
        • /usr/lib64/seahorses/kbioset
          /usr/lib64/seahorses/kbioset /tmp/48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7
          3⤵
            PID:595

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads