Overview

overview

10

Static

static

10

591e50216a...c0.elf

ubuntu-24.04-amd64

9

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    14-10-2024 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf

  • Size

    69KB

  • MD5

    4b6eb96c15bfd951b6445a84dd6a5abb

  • SHA1

    dbcb159fe0edebef124a69179304c66fe5b7d42a

  • SHA256

    591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0

  • SHA512

    93e232fae405595dab57eca1ff263e9dea506562f4365d90cf065609c11ac69bdb146e8bb8606bcb9837b95db3111ec2026bc85c75c13559e54a6ef6a6480556

  • SSDEEP

    1536:pnUQJZdRlDAXO6QyQUK6+QWZxehp3uJ7RvsuIr5bhO8A:pnUQJ7RlUXTQpUK6+QwxeL3q+uWDA

Score
9/10
discoveryrootkit

Malware Config

Signatures

  • Contacts a large (37873) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Loads a kernel module 30 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Writes file to system bin folder 1 IoCs

Processes

  • /tmp/591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf
    /tmp/591e50216af5c3970b070d2c1aa46a2b5990c84ebb9f04c2a61a2d0add3bdac0.elf
    1⤵
    • Loads a kernel module
    • Writes file to system bin folder
    PID:2577

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads