Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
19-12-2024 15:52
General
-
Target
x86.elf
-
Size
70KB
-
MD5
d027117b5c35d44021ac6d93a2aeb233
-
SHA1
f7252bfd477e683caf1d8274b79835b94b600480
-
SHA256
9fe384f7e5c09dc9902d1500dcdd5f0edc7f484970bb2877a523e6bd4fc67401
-
SHA512
54ebf24784c168bb83268496eb7b942e3b2936ab87f45dbcbd5469170328bf7e8f6833d317ea41aa9372b59e3b94c95932656713df4f5276ec15879744a72434
-
SSDEEP
1536:u+rUM2UJcckdqjYp0S5YX+WwIzBvDJHXtMlKEpzcR4lp4vKop4HpFPCD:BrUvUJcckdqjYprYXaMBvDJHXhgcKlp8
Malware Config
Signatures
-
Contacts a large (49346) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf 2823 x86.elf 2823 x86.elf 2820 x86.elf 2820 x86.elf