Analysis
-
max time kernel
149s -
max time network
152s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
29/09/2024, 22:21
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf
Resource
ubuntu2404-amd64-20240523-en
2 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf
-
Size
30KB
-
MD5
d2b3ab46391ff3f030474f2cc7af22e2
-
SHA1
ff81bb4309250372403e590ff3d72222eed5d113
-
SHA256
6ca89c25380c49e38c4715c731a14472f6b4984147c904d20128e564d4c230c3
-
SHA512
7e25ed78d950fa5183657c9c844f8d03f8c56d25de3de4639214a37b428bec9cbb30cfec7e860f0717f4611e524f8905e95c31787dd2591b3767ec183fa896d0
-
SSDEEP
768:laKJIpUheb8ArmMapSCfGtwk+sOimldbfLPDyoxxGKX:la4IjrmHpSCfGtdOi4dbfLOoH
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 27 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2476 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf 2478 SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/4��� SecuriteInfo.com.Linux.Siggen.9999.19167.28364.elf