eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781 | Triage

Analysis

max time kernel
139s
max time network
135s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
06-01-2025 23:28

Sharing

Report Analysis Logs

General

Target

wev86.elf
Size

96KB
MD5

1a3f54c2e7eed74ef02e2c02fa4beb74
SHA1

577b929b3f1e2ab3fb686c6efd3e105df8a0d5e1
SHA256

eb00898107efe0003d3d4dc8da1afba64dbdae6d2d3d263c2e7bcad4822e8781
SHA512

3be3ce9faddd81224eba961540cbcdf1a634a818aad9435b25190a9903925ef0282536bee091b6945c1dc4dbae4e80b2f86d75c2fe558cb270e5fff6b81c132c
SSDEEP

1536:aRCj3UJRYvg070QbnSbXayZErG9Ft3m/49b6EDSpgbMhXgw:OCj3U8bsbqCr9b3o4pOTj

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 5 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2484	wev86.elf
2484	wev86.elf
2484	wev86.elf
2485	wev86.elf
2485	wev86.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/httpd	wev86.elf

/tmp/wev86.elf
/tmp/wev86.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads