9153da04008cd5e97675d9963cf98d07425186ac7692398a22b3aa10b441a90f | Triage

Analysis

max time kernel
149s
max time network
152s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
07-12-2024 01:42

Sharing

Report Analysis Logs

General

Target

bot.x86.elf
Size

91KB
MD5

9c3def6ee1129b432371d09812e804e0
SHA1

4d531c64564940d35520a84294b5787b717765c2
SHA256

9153da04008cd5e97675d9963cf98d07425186ac7692398a22b3aa10b441a90f
SHA512

e007735ec779ffbc71aa9c3c23f67ee04d8dc45142320cb8377436b81ca67add99763b7caaa99aad3d4dbd049f3995578ff31e46a9cf7e0deeeea7b8fefae9d1
SSDEEP

1536:oFd1IRgCXUzx7t0fMbxqgQEiyhcg+7ju72wPZnWhZS5xtY+v:oFdmR9XUzxh0fMdqgQEimEjLAdew5bv

Score

7^/10

persistence rootkit

Malware Config

Signatures

Loads a kernel module 2 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2818	bot.x86.elf
2818	bot.x86.elf

Write file to user bin folder 1 IoCs

description	ioc	Process
File opened for modification	/usr/sbin/poweroff	bot.x86.elf

/tmp/bot.x86.elf
/tmp/bot.x86.elf
1⤵
- Loads a kernel module
- Write file to user bin folder
PID:2818

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads