Overview

overview

10

Static

static

10

jew.x86.elf

ubuntu-24.04-amd64

9

Analysis

  • max time kernel
    99s
  • max time network
    151s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    07/12/2024, 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jew.x86.elf

  • Size

    60KB

  • MD5

    c790dde9d4762b3e82c0d9e41df91fb9

  • SHA1

    341070d0148f795a2b6dd1d988e497f4084bebe7

  • SHA256

    e8ca93ec9f737481e131b64981ebf0212958dd1b43ef36a944869ae0f603e6f1

  • SHA512

    ffa49eae4d60f3ff6f1b0fe053c5f8293e6eca3737d2805e464336376ca6f705da949936530c595bc33b4c49b7a80d8672f03414f027421394436b26c471697f

  • SSDEEP

    768:JjiwQ4KFW+Ny+8GbGN1hLZzWMLxJtWOboPLZhgtp7Cya3slMqWvja:Ey+NH8x7hVEObchgTNJWra

Score
9/10
discoveryrootkit

Malware Config

Signatures

  • Contacts a large (116568) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Loads a kernel module 14 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit

Processes

  • /tmp/jew.x86.elf
    /tmp/jew.x86.elf
    1⤵
    • Loads a kernel module
    PID:2483

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads