f6c4459e86916915efdbdfeeb794e98073ed34e05a07ed00e8bd1637a127adfa

Analysis

max time kernel
102s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
09-12-2024 04:07

Target

jew.x86.elf
Size

60KB
MD5

f548654588ef9ebcc5fed9264e791fab
SHA1

c6df944390aef3538c92fccf9ec9dc4de99503ce
SHA256

f6c4459e86916915efdbdfeeb794e98073ed34e05a07ed00e8bd1637a127adfa
SHA512

e70e12fda5b0cf7718400540117aeb8a573c5c9c2ee18184e0f875e843e4a0bbcbae1e83839b58e509d27d79ebd1183fe79f91e69c49598f3f61c27200dda636
SSDEEP

768:JjiwQ4KFW+Ny+8GbGN1hLZzRMLxJtWOboPLZhgtp7Cya3slMqWvjW:Ey+NH8x7hVxObchgTNJWrW

Score

9^/10

discovery rootkit

Contacts a large (115775) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Loads a kernel module 14 IoCs

Loads a Linux kernel module, potentially to achieve persistence

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact