66778b88710ef39bf7adc25fc48b0ca0888132b9f98f73733db118b4c176a1ed | Triage

Analysis

max time kernel
132s
max time network
143s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
10-01-2025 18:47

Sharing

Report Analysis Logs

General

Target

fqkjei686.elf
Size

102KB
MD5

8e257e9bdd58ca21dab862e30b704e80
SHA1

37b84b465ac45f72e6a5b885f64a0d44556ba7f7
SHA256

66778b88710ef39bf7adc25fc48b0ca0888132b9f98f73733db118b4c176a1ed
SHA512

3abaebc310681bfaf3cbfca135c10299c0551a78b1c6cc92933f476365862cd62bda6218cd13ddd06c463b6c852648916ff03b3615d7cdfd9ca80ae267e15a23
SSDEEP

1536:4OksIQgcI/XpZkb/C2x0eE7ycaVNm6LBbWoiQDEOOeQmDpX3kIbu7K5:hgQgn/Mb3x0eE7yXVrsjQD/Oe3m7K

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 5 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2448	fqkjei686.elf
2448	fqkjei686.elf
2448	fqkjei686.elf
2449	fqkjei686.elf
2449	fqkjei686.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/	fqkjei686.elf

/tmp/fqkjei686.elf
/tmp/fqkjei686.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads