Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
18-11-2024 21:26
General
-
Target
owari.x86.elf
-
Size
48KB
-
MD5
ebaf13ff0a90b6fa0eed43cd178d0f88
-
SHA1
e9f98ed2a527b9eb8dad1c722b8a0d3783b4e6eb
-
SHA256
01207a05e51619d65cca5fbf8c97e6f8878dd54a58427423cbdb824b9cd4d283
-
SHA512
15a5d78d3ed722785268c2ff5edd502601407e9e1cb45516cfa2d681a2583d52a227a14ccdfd20b5258f14c28f54423c3768cba97db87834edd42a777b3d4830
-
SSDEEP
1536:tZ9HZylQqsFvqDlVd3rrHq858hYiPVjy3XQNm9:VZyW/FvqDlVx/Hq8GhvV+3g
Malware Config
Signatures
-
Contacts a large (117350) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
Processes:
owari.x86.elfpid Process 2435 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2438 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2438 owari.x86.elf 2438 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2438 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2438 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf 2436 owari.x86.elf 2436 owari.x86.elf 2439 owari.x86.elf 2439 owari.x86.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
owari.x86.elfdescription ioc Process File opened for modification /tmp/2c13hon112k2jgcmc1b owari.x86.elf