Analysis
-
max time kernel
146s -
max time network
152s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
21-01-2025 08:03
Behavioral task
behavioral1
Sample
i586.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
2 signatures
150 seconds
General
-
Target
i586.elf
-
Size
45KB
-
MD5
4f131dfe1a6f714f785deed8c9e79937
-
SHA1
7ae8d54ee2944cb21e2e5b00d522b3c4387fcf50
-
SHA256
bd8afa347b42aaf0d94a0ab30c0911ba5cba48651c89bf19d2c4a268664c7f42
-
SHA512
ab6c762786ae382f802bdaef55aa7a519e22a88c37235d6884d2c9ec1ff4d060f31f625a0564b77cfc19109877a20e5a1ec76ad818bfb0f7ebd61388804d0224
-
SSDEEP
768:13sPWVrWy7PBIe9iFokjlMdMhc0otXzHFxK0U/jww5TKIL91YiG6llM:DD9IciFokjlMdMO0iHrKh/jz5TTLLrGw
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 52 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2481 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf 2482 i586.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/gsc6fqrmc6wuc0ue i586.elf