7952b6f54d1ddfed2359245de196fb3d91e33e280349f566172d96897e54b04b

Analysis

max time kernel
148s
max time network
154s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
18-12-2024 16:46

Target

loligang.x86.elf
Size

72KB
MD5

32e0a7bc773f856e4665dad2fc90d628
SHA1

727c774e3d57cdc8a2581c1a6c5cb0ffdc2e4838
SHA256

7952b6f54d1ddfed2359245de196fb3d91e33e280349f566172d96897e54b04b
SHA512

ee04d3d18c7f9ab82b79d17b7a46f20a974b0401769573b8d6a8a94c96e4c75f47c4c66f02a7e2b4aa8bca015a929813398ab5e49245d4bca6aab9fc14fae155
SSDEEP

1536:NW8dQs/nh9adZkrOsDYuY061vDOH3RJTWoV3SW4OB/BQJv4rmoBitQOZDG:Nt/nh9adZsOsDYuY061rgXWKSW3/GheD

Score

9^/10

discovery rootkit

Contacts a large (20437) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact