Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    07-11-2024 13:33

General

  • Target

    Josho.x86.elf

  • Size

    45KB

  • MD5

    9505e8a51b6528c743465f20288dee72

  • SHA1

    646bcaa7ffdc9a3eb542c3601bda5e6fb3905b82

  • SHA256

    01fefa05ca42eac13128c8f8089f34178d9edcc4c966363f2096884847a960c8

  • SHA512

    061acbce2ba7b9d075b071bc3e8224e30488e1ce4a1caf97a3cf4ce714ee3c7b155318c70185a3b7ff2f9423ac32489bd7671110c928250fbb27da07b155d92b

  • SSDEEP

    768:+8NBAjCaRqMkIua7sKNhF/pORJBBNzmtkef5vkqOqgDdvrE+Ji:+8NBmRqMkIua775qBNaFvk/q4dvrxJi

Score
9/10

Malware Config

Signatures

  • Contacts a large (49108) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Loads a kernel module 56 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

Processes

  • /tmp/Josho.x86.elf
    /tmp/Josho.x86.elf
    1⤵
    • Loads a kernel module
    PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads