Overview

overview

7

Static

static

1

cve_2024_6387/386

ubuntu-24.04-amd64

7

cve_2024_6387/aarch64

ubuntu-22.04-amd64

7

cve_2024_6387/amd64

ubuntu-20.04-amd64

7

cve_2024_6387/arm5

debian-9-armhf

7

cve_2024_6387/arm6

debian-12-armhf

7

cve_2024_6387/arm7

debian-12-armhf

7

cve_2024_6...nup.sh

ubuntu-18.04-amd64

7

cve_2024_6...nup.sh

debian-9-armhf

7

cve_2024_6...nup.sh

debian-9-mips

7

cve_2024_6...nup.sh

debian-9-mipsel

7

cve_2024_6387/exploit

ubuntu-18.04-amd64

7

cve_2024_6...oit.py

windows7-x64

3

cve_2024_6...oit.py

windows10-2004-x64

3

cve_2024_6387/mips

debian-9-mips

3

cve_2024_6387/mips64

debian-9-mips

cve_2024_6...ps64el

debian-9-mipsel

cve_2024_6387/mipsel

debian-9-mipsel

3

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    23-11-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cve_2024_6387/386

  • Size

    4.9MB

  • MD5

    ac46e9818cd936fbfcba5effd7f4e850

  • SHA1

    9a058ce2e1a413ae24b0c23e49b68d1b2f3f2777

  • SHA256

    e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4

  • SHA512

    38fe3086130ccf009bd44d0d2666f1d9a03d993c7fccfdaa1fb6b779b457cb0c76147f95363b73326dc5a18bd1ed89883ed0952836b1368b38f5bc3378f6a4dc

  • SSDEEP

    49152:FPhq6f/l+XZKQn1VQPtHCVfsrAeg7UWsnc+m347J7Gr:+6f/lkBYCTo8r

Score
7/10
discoveryrootkit

Malware Config

Signatures

  • Loads a kernel module 39 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/cve_2024_6387/386
    /tmp/cve_2024_6387/386
    1⤵
    • Loads a kernel module
    • Reads runtime system information
    PID:4066
    • /usr/local/sbin/systemctl
      systemctl daemon-reload
      2⤵
        PID:4075
      • /usr/local/bin/systemctl
        systemctl daemon-reload
        2⤵
          PID:4075
        • /usr/sbin/systemctl
          systemctl daemon-reload
          2⤵
            PID:4075
          • /usr/bin/systemctl
            systemctl daemon-reload
            2⤵
            • Reads runtime system information
            PID:4075
          • /usr/bin/basename
            basename /usr/sbin/service
            2⤵
              PID:4203
            • /usr/bin/basename
              basename /usr/sbin/service
              2⤵
                PID:4204
              • /usr/bin/systemctl
                systemctl list-unit-files --full "--type=socket"
                2⤵
                • Reads runtime system information
                PID:4206
              • /usr/bin/sed
                sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                2⤵
                • Reads runtime system information
                PID:4207
              • /usr/local/sbin/systemctl
                systemctl start cron.service
                2⤵
                  PID:4202
                • /usr/local/bin/systemctl
                  systemctl start cron.service
                  2⤵
                    PID:4202
                  • /usr/sbin/systemctl
                    systemctl start cron.service
                    2⤵
                      PID:4202
                    • /usr/bin/systemctl
                      systemctl start cron.service
                      2⤵
                      • Reads runtime system information
                      PID:4202

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /.mod
                    Filesize

                    27B

                    MD5

                    f449ef47c4f79ab4ecfe3d11022333d5

                    SHA1

                    61ebb524cee5a049cc96bf2cbf339a47dcb1b622

                    SHA256

                    503dffa20530956c5f61187e00935f20fe508c35dbb1fcf665b5d28d07d3d704

                    SHA512

                    a7015de8bd582dbf7ce6df708a58a725e1b1cd472c6616fbb89a9738c533c042ac39c071ca0cf2fc5df8e56f33bf8a28b1ebd3076570f5028cff773af89031f6

                    Download Submit

                  • /boot/system.pub
                    Filesize

                    4.9MB

                    MD5

                    ac46e9818cd936fbfcba5effd7f4e850

                    SHA1

                    9a058ce2e1a413ae24b0c23e49b68d1b2f3f2777

                    SHA256

                    e23cd1ab03a3a03803e920efb2001fc6c4ae34c50ef647271898edc1c87ccde4

                    SHA512

                    38fe3086130ccf009bd44d0d2666f1d9a03d993c7fccfdaa1fb6b779b457cb0c76147f95363b73326dc5a18bd1ed89883ed0952836b1368b38f5bc3378f6a4dc

                    Download Submit

                  • /etc/.cfg
                    Filesize

                    114B

                    MD5

                    3a4af7e586298f01926aeb2f19cf8f6c

                    SHA1

                    b11aa299bce80ca508941dd89a64213b52a4d8a9

                    SHA256

                    a7197693d56dfef69da7baf4a6f168970d564e70af4517738991c3b3472d73ab

                    SHA512

                    accac81a33a3f1bdb11f8f3d9fd07b2571527b11992608a0d5d94b0ef6838fe6c376c2d05a06dabce257ad0df3300cada2c46076dbc1f7f147e3157bb072068e

                    Download Submit

                  • /etc/init.d/dns-udp4
                    Filesize

                    159B

                    MD5

                    79f1a0bf1a838c817142e43a5818733a

                    SHA1

                    768ed04a737dbdc969165092694e0e977321ca19

                    SHA256

                    a3f7d4499b03a14ff2de76122b6a61c221151f59daa6a63a78ae5a805c95a482

                    SHA512

                    b6d6f76f3e5b768a6670e05276724b70609259c856ba90ad34f8a782ac40134b9cf5cdabebb4aa55f076a786cedf8491adda9835f9d4aee90bd1820a45b2fbce

                    Download Submit

                  • /etc/profile.d/gateway.sh
                    Filesize

                    4KB

                    MD5

                    e01394b1c8b771c0ee1c60599a358126

                    SHA1

                    132fe31dff67816c35fa18d7ee21148d4408e93e

                    SHA256

                    c6d7f17b924c723190652a6f2fcd633f7f49814cd4f6695827d7c8c077bc4260

                    SHA512

                    1d9f81410d2a11dea81d4d9d24294b8a071c85eaf089fd5c7aea5c4fd4a418c8ec28fd788a0615e39bed5a1d3bd9be0e22fc77de0bd54da79e99be9b45a7b9f4

                    Download Submit