Analysis
-
max time kernel
149s -
max time network
149s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
23-11-2024 17:53
General
-
Target
e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4
-
Size
4.9MB
-
MD5
ac46e9818cd936fbfcba5effd7f4e850
-
SHA1
9a058ce2e1a413ae24b0c23e49b68d1b2f3f2777
-
SHA256
e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4
-
SHA512
38fe3086130ccf009bd44d0d2666f1d9a03d993c7fccfdaa1fb6b779b457cb0c76147f95363b73326dc5a18bd1ed89883ed0952836b1368b38f5bc3378f6a4dc
-
SSDEEP
49152:FPhq6f/l+XZKQn1VQPtHCVfsrAeg7UWsnc+m347J7Gr:+6f/lkBYCTo8r
Malware Config
Signatures
-
Loads a kernel module 39 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Reads runtime system information 5 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4/tmp/e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde41⤵
- Loads a kernel module
- Reads runtime system information
-
/usr/local/sbin/systemctlsystemctl daemon-reload2⤵
-
-
/usr/local/bin/systemctlsystemctl daemon-reload2⤵
-
-
/usr/sbin/systemctlsystemctl daemon-reload2⤵
-
-
/usr/bin/systemctlsystemctl daemon-reload2⤵
- Reads runtime system information
-
-
/usr/bin/basenamebasename /usr/sbin/service2⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service2⤵
-
-
/usr/bin/systemctlsystemctl list-unit-files --full "--type=socket"2⤵
- Reads runtime system information
-
-
/usr/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"2⤵
- Reads runtime system information
-
-
/usr/local/sbin/systemctlsystemctl start cron.service2⤵
-
-
/usr/local/bin/systemctlsystemctl start cron.service2⤵
-
-
/usr/sbin/systemctlsystemctl start cron.service2⤵
-
-
/usr/bin/systemctlsystemctl start cron.service2⤵
- Reads runtime system information
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27B
MD5f449ef47c4f79ab4ecfe3d11022333d5
SHA161ebb524cee5a049cc96bf2cbf339a47dcb1b622
SHA256503dffa20530956c5f61187e00935f20fe508c35dbb1fcf665b5d28d07d3d704
SHA512a7015de8bd582dbf7ce6df708a58a725e1b1cd472c6616fbb89a9738c533c042ac39c071ca0cf2fc5df8e56f33bf8a28b1ebd3076570f5028cff773af89031f6
-
Filesize
4.9MB
MD5ac46e9818cd936fbfcba5effd7f4e850
SHA19a058ce2e1a413ae24b0c23e49b68d1b2f3f2777
SHA256e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4
SHA51238fe3086130ccf009bd44d0d2666f1d9a03d993c7fccfdaa1fb6b779b457cb0c76147f95363b73326dc5a18bd1ed89883ed0952836b1368b38f5bc3378f6a4dc
-
Filesize
114B
MD590fb61d5e96d193a0f2a7939fd8f5052
SHA1dbb6df7e15632130b85ae0c533be6837949db5d9
SHA2567ec0da51ae30db44ed02ac9e76d707e464340c1c4449b44e4f87f7046b5912c8
SHA51263a06cbdf9f95b69f6a5e511a2ad6ff6f2869d9feaa0e761978e6b1f7e0960c8d25f322d47b71dff46615eb4cb3127b7196292b98db277d7d1838bf6889fc9a1
-
Filesize
159B
MD579f1a0bf1a838c817142e43a5818733a
SHA1768ed04a737dbdc969165092694e0e977321ca19
SHA256a3f7d4499b03a14ff2de76122b6a61c221151f59daa6a63a78ae5a805c95a482
SHA512b6d6f76f3e5b768a6670e05276724b70609259c856ba90ad34f8a782ac40134b9cf5cdabebb4aa55f076a786cedf8491adda9835f9d4aee90bd1820a45b2fbce
-
Filesize
4KB
MD57dffca36352b1e4d1c2420de493300c7
SHA151d7f3e305b405aa02290bc6585aee8cc5c1b46f
SHA256fe3b9b3c97cf376e4fef07b8e9189e2563aced625ddc7f0ecb082735f968ea4a
SHA512bbf4a488f1e74b307612bca1317353d9041b16c0d2c90b9a3fd489853f37b98f7fe187d2f3ed3a7d96db1428e5a94b0499c9b70efc0b3f34b094e49a8acf6ea0