Resubmissions

17-10-2024 21:05

241017-zxmlkazbjj 10

14-10-2024 15:29

241014-swwphs1gqb 10

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    17-10-2024 21:05

General

  • Target

    na.elf

  • Size

    84KB

  • MD5

    0e2c42cc4fb874757cee08ed29b134b4

  • SHA1

    9b5d9233bbc22cc5a7cdaa858ae365b425a02171

  • SHA256

    a1c0b48199e8a47fe50c4097d86e5f43a1a1c9a9c1f7f3606ffa0d45bb4a2eb3

  • SHA512

    7c9af743d13826ebf0c1fd2f29201471060727e66296a8432046bb8f1a8d73a7b385fb7feade00acabc84c9366b89db0e6d96f0722af0e4f672e8e194d9443a7

  • SSDEEP

    1536:QahOrhUNuV9NnkqnhhWMC8tOadBvwZoXRUqHekyN/1H5xuM8b/3d:Q5JxkqnhhWMhtOqcoXRUq+xN/1Zx2r3

Malware Config

Extracted

Family

rekoobe

C2

27.124.45.146:12345

Signatures

  • Rekoobe

    A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers.

  • Executes dropped EXE 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/na.elf
    /tmp/na.elf
    1⤵
    • Writes file to tmp directory
    PID:1397
    • /tmp/CCCCCCCC
      /tmp/CCCCCCCC
      2⤵
      • Executes dropped EXE
      • Reads runtime system information
      PID:1399

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /tmp/CCCCCCCC

    Filesize

    84KB

    MD5

    0e2c42cc4fb874757cee08ed29b134b4

    SHA1

    9b5d9233bbc22cc5a7cdaa858ae365b425a02171

    SHA256

    a1c0b48199e8a47fe50c4097d86e5f43a1a1c9a9c1f7f3606ffa0d45bb4a2eb3

    SHA512

    7c9af743d13826ebf0c1fd2f29201471060727e66296a8432046bb8f1a8d73a7b385fb7feade00acabc84c9366b89db0e6d96f0722af0e4f672e8e194d9443a7