8ba62f525366d1870f0c4e64a68ad0562384019a632e2941ce24c17eed6721fd | Triage

Analysis

max time kernel
146s
max time network
149s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
22-11-2024 00:57

Sharing

Report Analysis Logs

General

Target

vwkjebwi686.elf
Size

120KB
MD5

f687fbb52b0ece060e753101bea9e83f
SHA1

11f5577b31b3045754f55cd247d1a905d36d0591
SHA256

8ba62f525366d1870f0c4e64a68ad0562384019a632e2941ce24c17eed6721fd
SHA512

f28dbf845859e7e1ebbcbb619821dd239759be52a7b048bc11125563e43e9116ca6451f6874083196605647100ecf652684130ca3c3dd93138c4b3ed4672d9a8
SSDEEP

3072:bmN5GEy/TydupYDzIrDHd85kANmRHpC3SBvG:bmN5GEy/TaupYDErUiBvG

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 7 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2818	vwkjebwi686.elf
2818	vwkjebwi686.elf
2818	vwkjebwi686.elf
2819	vwkjebwi686.elf
2819	vwkjebwi686.elf
2819	vwkjebwi686.elf
2819	vwkjebwi686.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/	vwkjebwi686.elf

/tmp/vwkjebwi686.elf
/tmp/vwkjebwi686.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2818

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads