d749af0f6e5e279d42d79f9a1499f544325fbe42525379c6a500d33b7045f6ce | Triage

Sharing

General

Target

d749af0f6e5e279d42d79f9a1499f544325fbe42525379c6a500d33b7045f6ce.elf
Size

66KB
Sample

240706-cb1jzavemh
MD5

05f57bcc0c7c2c84ce4a1f89ec9812ca
SHA1

da52b1c7fe9f3d03e019af766ee30e6e39b7983f
SHA256

d749af0f6e5e279d42d79f9a1499f544325fbe42525379c6a500d33b7045f6ce
SHA512

db01c44ed203e9eaf23ff90879589989a3f0c53026ae83dda7ef6a7d0d4797c0601707756bef3e0c8417f2e3929f6a40e7abb84ad38e7940599008d6e08a100b
SSDEEP

1536:urlyH88/3v4LYP+rfihPD66hnUFRVQVUe31kl3eBMvr:4yH823ifihPD662FkucC

Score

9^/10

discovery linux rootkit

Malware Config

Targets

- Target
  
  d749af0f6e5e279d42d79f9a1499f544325fbe42525379c6a500d33b7045f6ce.elf
- Size
  
  66KB
- MD5
  
  05f57bcc0c7c2c84ce4a1f89ec9812ca
- SHA1
  
  da52b1c7fe9f3d03e019af766ee30e6e39b7983f
- SHA256
  
  d749af0f6e5e279d42d79f9a1499f544325fbe42525379c6a500d33b7045f6ce
- SHA512
  
  db01c44ed203e9eaf23ff90879589989a3f0c53026ae83dda7ef6a7d0d4797c0601707756bef3e0c8417f2e3929f6a40e7abb84ad38e7940599008d6e08a100b
- SSDEEP
  
  1536:urlyH88/3v4LYP+rfihPD66hnUFRVQVUe31kl3eBMvr:4yH823ifihPD662FkucC
Score

9^/10

discovery rootkit
- Contacts a large (1106652) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryrootkit