7d33f88cbbd75b829dc7b5cd8a67ddef19c5e7c49d644c8af11065889641869e

Analysis

max time kernel
148s
max time network
148s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
26-12-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
Size

72KB
MD5

0cd00b30dbe578e521035f67faf38ebb
SHA1

90e98b3d509957b03f24eec03d9aad5ac3591284
SHA256

7d33f88cbbd75b829dc7b5cd8a67ddef19c5e7c49d644c8af11065889641869e
SHA512

eedf5e33741cf1ade45981f38eab645d57967f2f676ef97c1c13ce02d5d41951a4fd969c8b2cd670cef7bf78a3ca291c3c688d73667b7c86bb28950c1cb2a82d
SSDEEP

1536:yt6dVFeGBV8Km2XpQmj7qWSICRzBbkivom3aJeYdLNj:ytSjByKm2Xp3jnrCRzBbVvHYdLNj

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2438	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2438	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2438	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2441	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
2466	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/*��	1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp

/tmp/1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
/tmp/1555-1-0x0000000008048000-0x000000000805cc40-memory.dmp
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2438

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads