Overview

overview

9

Static

static

1

3299529.bin

ubuntu-24.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3299529.bin

  • Size

    51KB

  • Sample

    241122-wm2e7avqbw

  • MD5

    afadba81b0d0a42556ae6e6cb0d52c57

  • SHA1

    ac505ceeecacb58f45a218f53b42b586d66a14a2

  • SHA256

    01ab0566b75a60ebd01675f32bb2a38e046c35daa9939a9f3c5f5edce9edb571

  • SHA512

    304b57d4fa86e7d754d504203b0ae14d079a8dc62d89e0a1a2a9cd2ac53374e57a9d57b35ce4116de57d5c7b5394166e09e0ab9d686b86494399ae55c6c7c4e8

  • SSDEEP

    1536:189+A1KxolqJYqttlwd82o90tCZ3Z2CxFzQR:18AQgol/qBwd82o9eCUKF

Score
9/10
discoverylinuxrootkit

Malware Config

Targets

    • Target

      3299529.bin

    • Size

      51KB

    • MD5

      afadba81b0d0a42556ae6e6cb0d52c57

    • SHA1

      ac505ceeecacb58f45a218f53b42b586d66a14a2

    • SHA256

      01ab0566b75a60ebd01675f32bb2a38e046c35daa9939a9f3c5f5edce9edb571

    • SHA512

      304b57d4fa86e7d754d504203b0ae14d079a8dc62d89e0a1a2a9cd2ac53374e57a9d57b35ce4116de57d5c7b5394166e09e0ab9d686b86494399ae55c6c7c4e8

    • SSDEEP

      1536:189+A1KxolqJYqttlwd82o90tCZ3Z2CxFzQR:18AQgol/qBwd82o9eCUKF

    Score
    9/10
    discoveryrootkit

    • Contacts a large (601017) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks