Overview

overview

10

Static

static

10

x86.elf

ubuntu-24.04-amd64

9

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    03-12-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x86.elf

  • Size

    62KB

  • MD5

    6270c32abec4811eac225d85d0970fac

  • SHA1

    7fd15114c7ecdd3a0322263794846196c2e40e5d

  • SHA256

    b107d6730941c0090b2c61cf0a1ecdbd8d7f58d941c46c6d28120a7c14e6e16c

  • SHA512

    486b03ea0cf6c34dba26fdaeb2e6699779901bbcdeef8df51e80968ae0d40bf1562a84e315c7b2c783b740ffee47f9adb142c22d510a27fc736dcb9699b9879c

  • SSDEEP

    1536:CuQtv+dR0I0GJ7m6Ba6kt9S6G3jO/Yh+NIuN3:CuQv+dRI+Sga3DpGCQCI

Score
9/10
discoveryrootkit

Malware Config

Signatures

  • Contacts a large (148470) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Loads a kernel module 13 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/x86.elf
    /tmp/x86.elf
    1⤵
    • Loads a kernel module
    • Writes file to tmp directory
    PID:2866

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads