0c881597e5913241e23d44133dfcb478c3ff36d699c705b4aa9b5f2bd328a275 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c881597e5913241e23d44133dfcb478c3ff36d699c705b4aa9b5f2bd328a275.elf
Size

61KB
Sample

241018-bhfmpszfkk
MD5

91a1f58d31e80da29de86f21dc47fbe6
SHA1

9bc145ff98fb47032a8a5b49cde6d162daa8776e
SHA256

0c881597e5913241e23d44133dfcb478c3ff36d699c705b4aa9b5f2bd328a275
SHA512

8526cc16a519e3cb3abd46cdd446c30f1dc833dc4b70cef2a36c8ca319e46b3a56408ed3b34997c9d4491c939218111bebd6e804e1ee4f22f8dbf8a4bb1b20e1
SSDEEP

1536:Fxi+Jn3HPL9DV72PD9/cIY9v3Y+3dSdOimlWWkVEzsRli:FU+J3HPL9DV7279UImY+3dsr73yIC

Score

9^/10

discovery linux rootkit

Malware Config

Targets

- Target
  
  0c881597e5913241e23d44133dfcb478c3ff36d699c705b4aa9b5f2bd328a275.elf
- Size
  
  61KB
- MD5
  
  91a1f58d31e80da29de86f21dc47fbe6
- SHA1
  
  9bc145ff98fb47032a8a5b49cde6d162daa8776e
- SHA256
  
  0c881597e5913241e23d44133dfcb478c3ff36d699c705b4aa9b5f2bd328a275
- SHA512
  
  8526cc16a519e3cb3abd46cdd446c30f1dc833dc4b70cef2a36c8ca319e46b3a56408ed3b34997c9d4491c939218111bebd6e804e1ee4f22f8dbf8a4bb1b20e1
- SSDEEP
  
  1536:Fxi+Jn3HPL9DV72PD9/cIY9v3Y+3dSdOimlWWkVEzsRli:FU+J3HPL9DV7279UImY+3dsr73yIC
Score

9^/10

discovery rootkit
- Contacts a large (1305339) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit