Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    07-11-2024 02:27

General

  • Target

    5a1257b3e863798fd601414bfe267e46db1b755eaa471818bd204c0b9efa6228.elf

  • Size

    30KB

  • MD5

    d8fb6401cc65babe5175807a3f63ff14

  • SHA1

    9194baed313ee944ef92a86a4311d963b1e56728

  • SHA256

    5a1257b3e863798fd601414bfe267e46db1b755eaa471818bd204c0b9efa6228

  • SHA512

    12438a96710084995dea8a225f88c863f28687520b45e9f37a73b4f5af5c2577560b637b0f0be3ece24ba6a376557b8c1a1e26fe77314735ac17801a964b0320

  • SSDEEP

    768:Dq3ydi2rg98FdmvPyQw7NAFkcEfdhpJJLTsiLetyS33UXn68FqK6:siFdmvPgA2cEfdhxLYiFvXnW9

Score
9/10

Malware Config

Signatures

  • Contacts a large (152565) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Loads a kernel module 64 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/5a1257b3e863798fd601414bfe267e46db1b755eaa471818bd204c0b9efa6228.elf
    /tmp/5a1257b3e863798fd601414bfe267e46db1b755eaa471818bd204c0b9efa6228.elf
    1⤵
    • Loads a kernel module
    • Writes file to tmp directory
    PID:2508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads