Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    12-12-2024 02:57

General

  • Target

    fff08f2a1a9c20d447ac5cacb89df1287bb830a2fc0cd5866d31d9f3ba653965.elf

  • Size

    28KB

  • MD5

    15fb222600a3061f5c8e5ef04e5298a6

  • SHA1

    93b4a17632479c8a45e2554a18ea61ea7365c532

  • SHA256

    fff08f2a1a9c20d447ac5cacb89df1287bb830a2fc0cd5866d31d9f3ba653965

  • SHA512

    11e390838b35bdacfa84ebdfc076f564abc1538bc972895b81d2156be52177bb25d62662871ae624747cca29e089a7a9a6ef205db4c694a2c106641d33942c34

  • SSDEEP

    384:MLbVUhN0dUfiBCtrw06IVQtpCVRlRY4oPoOWiZtWpfBmbLh56sHs4lW8i/vUHgDM:OhUMnCPCAlRUP/3LDJHsB8i0HgDf0

Score
9/10

Malware Config

Signatures

  • Contacts a large (114123) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Loads a kernel module 13 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

Processes

  • /tmp/fff08f2a1a9c20d447ac5cacb89df1287bb830a2fc0cd5866d31d9f3ba653965.elf
    /tmp/fff08f2a1a9c20d447ac5cacb89df1287bb830a2fc0cd5866d31d9f3ba653965.elf
    1⤵
    • Loads a kernel module
    PID:2496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads