a92fc8b24666c3b2e4fda6a458a5fc8d58505964100921baa0117c573ad569a0 | Triage

Analysis

max time kernel
10s
max time network
20s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
12/10/2024, 19:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

qkbfi86
Size

122KB
MD5

99d4940aae2f3907bf1213bd27178e50
SHA1

672ba39f8c69aa7b151a131b587e741259235a97
SHA256

a92fc8b24666c3b2e4fda6a458a5fc8d58505964100921baa0117c573ad569a0
SHA512

adefcf7c15ae814bddd71ad402706eafb3b9cabd90853490fb64de2f8d75502773b6d62a8c95b15a7c384b6d8c326bd1db56622255dc341c7d082fa823cb806a
SSDEEP

3072:kk25/5HKOAV7x1O/PEzKGkvQ2TyEGPn7:kk2/xKOM7x16Qb5Pn7

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 3 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2475	qkbfi86
2475	qkbfi86
2475	qkbfi86

Writes file to system bin folder 1 IoCs

description	ioc	Process
File opened for modification	/bin/halt	qkbfi86

/tmp/qkbfi86
/tmp/qkbfi86
1⤵
- Loads a kernel module
- Writes file to system bin folder
PID:2475

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads