Overview

overview

10

Static

static

10

mrbalck.elf

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    19-07-2024 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mrbalck.elf

  • Size

    1.2MB

  • MD5

    8bd5139f9d5473e0c09c3cf4ba2b0271

  • SHA1

    045f769ebe934a36d4540eb70241e8f4ae9bbc22

  • SHA256

    f111237d031ac98043fab31936e5782073e6ac72b4d4e50d3b39d682702fda27

  • SHA512

    1dbf99c0315955dba1d515c113de0a0a511bfe28f769425706529f71fb5f356fe22d0579c2a1b3cf79a759f2537eb1cdaa44280e910df3771cb2281a6f5d1d9c

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4D2y1q2rJp0:745vRVJKGtSA0VWeoiu9p0

Score
7/10
rootkit

Malware Config

Signatures

  • Loads a kernel module 43 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit

Processes

  • /tmp/mrbalck.elf
    /tmp/mrbalck.elf
    1⤵
    • Loads a kernel module
    PID:2810

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /etc/init.d/DbSecuritySpt
    Filesize

    29B

    MD5

    bbcc9c581b072b20d9170894076d17f5

    SHA1

    04b19d1348a2d2dd06bc0956a7542025f84dea13

    SHA256

    3940ce87f954693fb6f15478752d29a62e120d505099dc1421e9f2efe5d21a33

    SHA512

    2431c8343eca25841201b815ab851557d20f64cd28f4c5fbdfa9f4c7ee9dbdc12c0342eca2cafa3751abfaffbe15bf00876123996a3538d7cbf69764af31eb8d

    Download Submit

  • /tmp/conf.n
    Filesize

    73B

    MD5

    3b18f52fb14d5a9513f4be5574b0dd23

    SHA1

    409b8325676ede72f09dfb3dd8af62727cedab96

    SHA256

    316f3f2fe33dfe33573224273548dd3fedd7d1e4427d9d1628ed6dad1f45c6ca

    SHA512

    568dbe84d79545abe247e44047967e68f960297c1cb653c17fa9caad5102917b6a7244416f59662640a4c65585aa80875b8a629758dfd9ed655b1a25aa8680a6

    Download Submit

  • /tmp/gates.lod
    Filesize

    4B

    MD5

    0738069b244a1c43c83112b735140a16

    SHA1

    371822d2fa85504960f9581cfaeae6e7059bab61

    SHA256

    c6637ffab46701f1f145156dafcd21176a85a95c0f5ab71eecb03d15899efd05

    SHA512

    b3c23981c3eecd7f527dfa49958aa6f32a30d88ee1675cf7d7d233cfba2620bfea8ff18ac7d6b337d34e6f5f4b14dda0e5af01937e02bc224dd678e788714242

    Download Submit

  • /tmp/notify.file
    Filesize

    16B

    MD5

    5b2df236e3fbd12f8240355f9057c452

    SHA1

    4268f3beb39eb55f1f1b5dad47a6fc61b152d85f

    SHA256

    3a4b425de5e60334fff7dd72c44ef9cd9cb62b7c801c1d4e5dde229822c6da93

    SHA512

    ca7c5e43d429442f832b05872bef733ce3b985b5394e534196202e5efc8657341a709b9d4dba533c0fb2af9e8370546eeb870e9a0ed5858829d6c67083d16fa2

    Download Submit