Overview

overview

6

Static

static

1

pwnkit.7

ubuntu-24.04-amd64

6

Analysis

  • max time kernel
    0s
  • max time network
    130s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    28/09/2024, 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pwnkit.7

  • Size

    10KB

  • MD5

    060619c31c143be0ec21a931204b948b

  • SHA1

    2bbb3d7722fac1c98c35828e5a5c439395fc1918

  • SHA256

    b959c77ba4a23564cb966865d482981b18d35bfe05711d42a99f45d77a6ae59a

  • SHA512

    57ab401b1375baa34b0cfe922eb94fd8bd3bf96e67a6b100008036c027432a4c2697af0189d8e55044cbbbda644a84e0610c498078e05306f6723f22fa30fb36

  • SSDEEP

    192:RKwDWntEU9C3XKqza1ShX74Z6pjBUU7TKHaOU:krGU9qaqa1i7FXKHU

Score
6/10
discovery

Malware Config

Signatures

  • Uses Polkit to run commands 1 IoCs

    Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/pwnkit.7
    /tmp/pwnkit.7
    1⤵
    • Writes file to tmp directory
    PID:2840
  • /usr/bin/pkexec
    1⤵
    • Uses Polkit to run commands
    • Reads runtime system information
    PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /tmp/.pkexec/gconv-modules
    Filesize

    32B

    MD5

    b9509d5bee230341cacfed6bd6712bd3

    SHA1

    2dbad9dc54dfd6b14af012c54b3adbd939100fa6

    SHA256

    50f2c869bb56ae55e7b42e02bdd757b10a4bbb5532157c46c0f3f32ab0ebabdd

    SHA512

    d817b5d4cf294e18af8e029d5e82e693825c29d3164ed2bd5a0cb86a6fb68c5de3b8f30595bbf50ee0c7c98fa10601971c9aa98fc8cb96e7775f6306e0fddae6

    Download Submit