Analysis
-
max time kernel
146s -
max time network
151s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
21-01-2025 23:32
Behavioral task
behavioral1
Sample
i586.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
2 signatures
150 seconds
General
-
Target
i586.elf
-
Size
45KB
-
MD5
a259b251da97752b3a78be148b9dadc1
-
SHA1
0fba91ff9a25f6ccff2f0e52c11f32a357c15ae3
-
SHA256
c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c
-
SHA512
95ec6be6dbe4b2bc02e4791a8b9b2fdf1e2df92e3da317cec643f536f2f953a4f88871d061fb9f44cdcfdde8b9b6e9568450d22591c40ee21069561ebe999ebe
-
SSDEEP
768:53sPWVrWy7PBIedilokjFMdMh80otXznlxKUkxaH1AaIKpZYim6jls:/D9I8ilokjFMdMu0inLKRxESDKrrm6Bs
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 58 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2826 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf 2827 i586.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/orre0qw7mst1kv5h i586.elf