Overview

overview

10

Static

static

10

na.elf

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    07-10-2024 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    na.elf

  • Size

    92KB

  • MD5

    1f6db96f2eff924c8008797de5645692

  • SHA1

    af6eae5e10ba1f6772da438c16fc1519b04ebbbb

  • SHA256

    499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c

  • SHA512

    d05ec0edee7d99210d0fdd6ebbad56cfa048a4a37741f67d95d4591a1573b5ecabec1c2dfded2938c3476d25c30c4d3aba5b4b4f0e822b4759e81d0a6429a262

  • SSDEEP

    1536:K9SexlmuwRDOAguoXxhgspzczsSrO1P965Qh6PMSKjBlx/:K9ZxQuwRDOAfkD5zOSPU5i0pKB/

Score
7/10
discoverypersistencerootkit

Malware Config

Signatures

  • Loads a kernel module 40 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Write file to user bin folder 1 IoCs
    persistence
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/na.elf
    /tmp/na.elf
    1⤵
    • Loads a kernel module
    • Write file to user bin folder
    PID:2486
    • /usr/bin/systemctl
      systemctl enable sbolo.service
      2⤵
      • Reads runtime system information
      PID:2490

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /etc/systemd/system/sbolo.service
    Filesize

    296B

    MD5

    c4d6d848c0737105af17f232faf22b44

    SHA1

    edc60812d67e71576ddffaaaa31673db6ba198c5

    SHA256

    8ef3a7237886d97a2cb53eb5928133c285bc6b67f040b6aa123bf4d3058cd422

    SHA512

    ee864fbc9b7be57b510d1f20cd58cee40c3d3d8cf693f2f492a42919667ff6f73c1fd114cb13db6397baf2984142bbc790fe55b019c1537a6189201865fb386d

    Download Submit