ac006f1ffe5a8a959c5c44207fc5ab025c0ba6588d15ab5c98ad7004465c4630 | Triage

Analysis

max time kernel
148s
max time network
152s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
31-01-2025 14:43

Sharing

Report Analysis Logs

General

Target

debug.dbg.elf
Size

74KB
MD5

853af2263568219155eb46e37f88a50c
SHA1

8073fed946c24c0bb61e559b00d8a9fd27184791
SHA256

ac006f1ffe5a8a959c5c44207fc5ab025c0ba6588d15ab5c98ad7004465c4630
SHA512

ca4f918ea259ffa911cdaeea4929330566653e3984c49cabb95673dead6349957e274c1da58bb15be84dd8c1fddec3f27a0aea83219f69e7f86450e213ffabb0
SSDEEP

1536:smR7Ko7qlgMrDNTrm61owisIv7oXLhwFk5YHe83rUnDkp3edA:smR7Ko7qlg0Dx1oxCLuu5Se87xpOe

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 26 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf
2471	debug.dbg.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/gtjnm4h1kb181wkm	debug.dbg.elf

/tmp/debug.dbg.elf
/tmp/debug.dbg.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2471

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads