Analysis
-
max time kernel
149s -
max time network
144s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
08-10-2024 01:33
Behavioral task
behavioral1
Sample
499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
3 signatures
150 seconds
General
-
Target
499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf
-
Size
92KB
-
MD5
1f6db96f2eff924c8008797de5645692
-
SHA1
af6eae5e10ba1f6772da438c16fc1519b04ebbbb
-
SHA256
499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c
-
SHA512
d05ec0edee7d99210d0fdd6ebbad56cfa048a4a37741f67d95d4591a1573b5ecabec1c2dfded2938c3476d25c30c4d3aba5b4b4f0e822b4759e81d0a6429a262
-
SSDEEP
1536:K9SexlmuwRDOAguoXxhgspzczsSrO1P965Qh6PMSKjBlx/:K9ZxQuwRDOAfkD5zOSPU5i0pKB/
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 54 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2489 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2489 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf 2618 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf -
Write file to user bin folder 1 IoCs
description ioc Process File opened for modification /usr/sbin/halt 499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf -
description ioc Process File opened for reading /proc/filesystems systemctl
Processes
-
/tmp/499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf/tmp/499356fe61dae87a9246ada26f06629bb293b19bcb72616bbd9e36f1c5e6eb0c.elf1⤵
- Loads a kernel module
- Write file to user bin folder
PID:2489 -
/usr/bin/systemctlsystemctl enable sbolo.service2⤵
- Reads runtime system information
PID:2493
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
296B
MD5c4d6d848c0737105af17f232faf22b44
SHA1edc60812d67e71576ddffaaaa31673db6ba198c5
SHA2568ef3a7237886d97a2cb53eb5928133c285bc6b67f040b6aa123bf4d3058cd422
SHA512ee864fbc9b7be57b510d1f20cd58cee40c3d3d8cf693f2f492a42919667ff6f73c1fd114cb13db6397baf2984142bbc790fe55b019c1537a6189201865fb386d