Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    29/09/2024, 23:18

General

  • Target

    db0fa4b8db0333367e9bda3ab68b8042.x86

  • Size

    33KB

  • MD5

    1ee53193df88cdb3b5901f8f6d376252

  • SHA1

    eb8ba4a1c37d475383543d55209032c486357643

  • SHA256

    26c371c91196023e69d2184436619b706d6ff2649b1a499fa6eb15fe474e1eba

  • SHA512

    581fcfa496c06e08843020f70643380433400db2748b05efc3bd1b5ba31f207f918c21f9bbef5bd203e87fb0efa9c0892f11350f4e5c40f1fd485978ce8fa830

  • SSDEEP

    768:rm5QiX/H16FyxFM9VEmj1qxZGhmPhABw3BKlVAxxmnbcuyD7UiyqF:i5QoVkyxFUVEmjuZGhcRKlVOmnouy8ZG

Score
9/10

Malware Config

Signatures

  • Contacts a large (212096) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Loads a kernel module 64 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/db0fa4b8db0333367e9bda3ab68b8042.x86
    /tmp/db0fa4b8db0333367e9bda3ab68b8042.x86
    1⤵
    • Loads a kernel module
    • Writes file to tmp directory
    PID:2795

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads