Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
04-11-2024 02:26
Static task
static1
Behavioral task
behavioral1
Sample
68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf
-
Size
99KB
-
MD5
9438d9bc392bcf300a5583b6df5bc8f6
-
SHA1
375a6ae34b516f6f3eeea8030c4084f585017efa
-
SHA256
68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e
-
SHA512
1f3e4219359a28c0f6373c0369da2b5dc0e89789afb89664627d8d9e37d4b72da36322b4015491d7daa03e46dff07d39f00dca18f274e9623dab0ff2d869c860
-
SSDEEP
3072:kFPlxndf22h/xwXnTkai7MYRApCg9dgdmk1b5wdL35sPX:kZlxndf8nTqtS/9dgdmk1b5wdj5sPX
Malware Config
Signatures
-
Contacts a large (2250) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
Processes:
68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elfpid Process 2817 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2817 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2854 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2854 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2888 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2888 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2856 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2856 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2853 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2853 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2882 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2882 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2861 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2861 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2848 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2848 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2890 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2890 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2842 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2842 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2847 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2847 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2904 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2904 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2864 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2864 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2899 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2899 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2876 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2876 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2902 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2902 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2857 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2857 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2849 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2849 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2868 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2868 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2893 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2893 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2867 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2867 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2859 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2859 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2841 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2841 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2870 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2870 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2871 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2871 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2878 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2878 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2895 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2895 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2889 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2889 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2873 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2873 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2833 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2833 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2858 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2858 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2908 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf 2908 68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
crontabdescription ioc Process File opened for modification /var/spool/cron/crontabs/tmp.lpkMln crontab
Processes
-
/tmp/68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf/tmp/68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e.elf1⤵
- Loads a kernel module
PID:2817 -
/usr/bin/crontabcrontab -l2⤵PID:2820
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:2823
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD5b8a380455ea6dafe4962d83195f0d3d1
SHA166a712a7827cb3449b15ca39cff77fd5f53bb767
SHA2563167fc0148918e56973daad5e3bbc00aebff52db71a4cabe33951b3a64087546
SHA512ee6d1751066c202b337b528e73bf6fa54df273d20084d0bfd1515cb7c54ca72d2f9661c03e972c324725bafaa361afa0950a5b62b5f616413594f3b528427644