c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c

Analysis

max time kernel
141s
max time network
144s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
22-01-2025 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
Size

45KB
MD5

a259b251da97752b3a78be148b9dadc1
SHA1

0fba91ff9a25f6ccff2f0e52c11f32a357c15ae3
SHA256

c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c
SHA512

95ec6be6dbe4b2bc02e4791a8b9b2fdf1e2df92e3da317cec643f536f2f953a4f88871d061fb9f44cdcfdde8b9b6e9568450d22591c40ee21069561ebe999ebe
SSDEEP

768:53sPWVrWy7PBIedilokjFMdMh80otXznlxKUkxaH1AaIKpZYim6jls:/D9I8ilokjFMdMu0inLKRxESDKrrm6Bs

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 52 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
3640	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
3641	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/wv0q18ikrir7qu0na522uvnu	c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf

/tmp/c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
/tmp/c985db3feb461f688601919f2af6eb390963f76a5d9392895de9ddef9950757c.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:3640

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads