dfd01cc32d00e7b8bb9409092992c97a36e15756c74f3e1642d7b37a9a9f8453 | Triage

Analysis

max time kernel
145s
max time network
146s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
02-01-2025 07:02

Sharing

Report Analysis Logs

General

Target

wev86.elf
Size

112KB
MD5

d18bc9eb21b477e912ba9dc5e7e885eb
SHA1

e89565526a31bf5c94fc8cfc816e5a8c84ad0208
SHA256

dfd01cc32d00e7b8bb9409092992c97a36e15756c74f3e1642d7b37a9a9f8453
SHA512

fa444013bff7ac882c98dccb8f19167077df55553b4e54a8b4ed279bf351c0b523f42d94253858238bfb0597699545ad6ff8f96916b2943315c160f9c8a8e938
SSDEEP

3072:aEw1r6FWYvmRt8V7GBSprLnIJhdOb4+I:7wt6sY+Rt8VcfQ8+I

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 7 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2486	wev86.elf
2486	wev86.elf
2486	wev86.elf
2487	wev86.elf
2487	wev86.elf
2487	wev86.elf
2487	wev86.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/httpd	wev86.elf

/tmp/wev86.elf
/tmp/wev86.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2486

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads