Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
17/10/2024, 14:04
General
-
Target
i586.elf
-
Size
70KB
-
MD5
4be91571566e6f2481d9c08f8dc5b1b7
-
SHA1
590c0a6205042ebbc83c785a32d90cc2f407603c
-
SHA256
9f6b9ad16a06a9aeabf63c99d5eab53641beddcbef06493ea84a3c718455090a
-
SHA512
6e5e9a1de93cd154bac2c8fb003b71fcb8cb8969aa43c968f86b3d95582aadd1f21156efb386bd5472112cd562cc6a410d8ff35c42cdd57892a52a50c24849be
-
SSDEEP
1536:O8v3LQBDdhBAkEf2TAki6w+Myna6YVZHmRl6KvSImSA/mz:1v3LQddhBAkEfRcw+Mx6kZH6lR6Ivz
Score
9/10
Malware Config
Signatures
-
Contacts a large (24632) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads a kernel module 1 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/i586.elf/tmp/i586.elf1⤵
- Loads a kernel module
- Writes file to tmp directory