d4b845fcb1189d00e1d2d3adb8bcd9ac93cbc3d071239b113a9a58dd73d3f88a | Triage

Analysis

max time kernel
148s
max time network
149s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
28-12-2024 19:32

Sharing

Report Analysis Logs

General

Target

wkb86.elf
Size

113KB
MD5

7a27473790125d4b47574c56c08034cb
SHA1

0770d21c7616d8e7e78584246ded03559eba1ce1
SHA256

d4b845fcb1189d00e1d2d3adb8bcd9ac93cbc3d071239b113a9a58dd73d3f88a
SHA512

4aa08559b1851c00327784225a2e3a4e7b55745407b9c61c4390f46691955ee0082502ae709646341a7fb901e1298e1d8156d08ac0f81ba1cbbfb5f2302f8805
SSDEEP

3072:qQqD7K0a4sqPEd6W+4GITR+c7NIAhL2DsPcQsiM:3qXKz45q6W+BAl+kcQPM

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 7 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2479	wkb86.elf
2479	wkb86.elf
2479	wkb86.elf
2480	wkb86.elf
2480	wkb86.elf
2480	wkb86.elf
2480	wkb86.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/httpd	wkb86.elf

/tmp/wkb86.elf
/tmp/wkb86.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2479

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads