Analysis
-
max time kernel
149s -
max time network
148s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
03-12-2024 20:11
Static task
static1
Behavioral task
behavioral1
Sample
bot.x86.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
2 signatures
150 seconds
General
-
Target
bot.x86.elf
-
Size
91KB
-
MD5
145e29253bfc664e43dd7bab8dfe6845
-
SHA1
2c4ea99bb8eba430420c8f195e158612e846fd63
-
SHA256
a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d
-
SHA512
b118983d1fc1907b979286b988d42b45f7b6e82ab771fac298deb0289f482f045f1653e098092031d38f79651f54324d74e8d61f5d9ee3a9f7ac968432d692da
-
SSDEEP
1536:a3FPOoCgCO0GRWBqRnrVMlixg2MxvwICz9tCD48PAHHS+SOFGRAEeM:cFPjC9O0GRUqRJMlixg20ng9C4QaynOq
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 50 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2840 bot.x86.elf 2840 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf 2841 bot.x86.elf -
Write file to user bin folder 1 IoCs
description ioc Process File opened for modification /usr/sbin/poweroff bot.x86.elf