Analysis
-
max time kernel
149s -
max time network
154s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
29/09/2024, 23:18
General
-
Target
db0fa4b8db0333367e9bda3ab68b8042.x86
-
Size
33KB
-
MD5
1ee53193df88cdb3b5901f8f6d376252
-
SHA1
eb8ba4a1c37d475383543d55209032c486357643
-
SHA256
26c371c91196023e69d2184436619b706d6ff2649b1a499fa6eb15fe474e1eba
-
SHA512
581fcfa496c06e08843020f70643380433400db2748b05efc3bd1b5ba31f207f918c21f9bbef5bd203e87fb0efa9c0892f11350f4e5c40f1fd485978ce8fa830
-
SSDEEP
768:rm5QiX/H16FyxFM9VEmj1qxZGhmPhABw3BKlVAxxmnbcuyD7UiyqF:i5QoVkyxFUVEmjuZGhcRKlVOmnouy8ZG
Malware Config
Signatures
-
Contacts a large (212096) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2795 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 2810 db0fa4b8db0333367e9bda3ab68b8042.x86 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/a db0fa4b8db0333367e9bda3ab68b8042.x86