Analysis
-
max time kernel
148s -
max time network
153s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
18-11-2024 20:55
Static task
static1
Behavioral task
behavioral1
Sample
rbot.elf
Resource
ubuntu2404-amd64-20240523-en
1 signatures
150 seconds
General
-
Target
rbot.elf
-
Size
49KB
-
MD5
3af790a66fc5a66c7a678ef74c28ba05
-
SHA1
6403880a9d85254f157b04eb12930ed4ce69e501
-
SHA256
a32b6243fd6d9b549e6018b68b90420caf2314435ced5e678bc0e3b7a00bc06a
-
SHA512
2f16bbb89e25f741361c01733d4bc80da52836078d26cb97c0ed3478d11a448a6901bc3258267b495b61059093f20a6c16d573325593ad74480942c5e311dee2
-
SSDEEP
768:2K95PUoE2QZ+o0kyadQNHtiW3H7JdxT3ObxU+83KutatBWEK+d0amKGAQn/I/:VLy4kyamltrXRT3OlU4+anWELTmt/
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 56 IoCs
Loads a Linux kernel module, potentially to achieve persistence
Processes:
rbot.elfpid Process 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf 2869 rbot.elf