ae156529ee59ea9218d3bbb7760d536e8becff7ff55659f9b723fcdfb1fa7726 | Triage

Analysis

max time kernel
135s
max time network
139s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
08-12-2024 19:47

Sharing

Report Analysis Logs

General

Target

wnbw86.elf
Size

113KB
MD5

5f33f958945dce126f4f18ee23b09162
SHA1

11bb26bd016673b201bf56c61087e6727736a971
SHA256

ae156529ee59ea9218d3bbb7760d536e8becff7ff55659f9b723fcdfb1fa7726
SHA512

e96b2b90261b4d7eeb16f9698c83a920a43853cd5d7cff7aae8d2a03fd5e88f7a344437740e6efe22cf789cd9ca29e05328673f49527643a2c13dc0ceb250ef3
SSDEEP

3072:qQqD7K0a4sqPEd6WN4GITR+c7NIAhL2DsPcQsiM:3qXKz45q6WNBAl+kcQPM

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 7 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2867	wnbw86.elf
2867	wnbw86.elf
2867	wnbw86.elf
2868	wnbw86.elf
2868	wnbw86.elf
2868	wnbw86.elf
2868	wnbw86.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/httpd	wnbw86.elf

/tmp/wnbw86.elf
/tmp/wnbw86.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2867

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads