c78b02408ea7d0be78f51a3e7ef74556c28672c49fab8f8d9d9bfa6d3cdd2048

Analysis

max time kernel
149s
max time network
144s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
05-12-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
Size

91KB
MD5

145e29253bfc664e43dd7bab8dfe6845
SHA1

2c4ea99bb8eba430420c8f195e158612e846fd63
SHA256

a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d
SHA512

b118983d1fc1907b979286b988d42b45f7b6e82ab771fac298deb0289f482f045f1653e098092031d38f79651f54324d74e8d61f5d9ee3a9f7ac968432d692da
SSDEEP

1536:a3FPOoCgCO0GRWBqRnrVMlixg2MxvwICz9tCD48PAHHS+SOFGRAEeM:cFPjC9O0GRUqRJMlixg20ng9C4QaynOq

Score

7^/10

persistence rootkit

Malware Config

Signatures

Loads a kernel module 52 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2825	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2825	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
2826	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf

Write file to user bin folder 1 IoCs

persistence

description	ioc	Process
File opened for modification	/usr/sbin/poweroff	a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf

/tmp/a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
/tmp/a495a3c3c3683bb7d823518018bb98c6a71a962c134e33ede9ab8e683c6dcd4d.elf
1⤵
- Loads a kernel module
- Write file to user bin folder
PID:2825

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads