6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4

Analysis

max time kernel
149s
max time network
149s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
02-02-2025 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
Size

57KB
MD5

c56e79b5b89c53a0a98afae359b7165f
SHA1

fe15a291140629ef437008b6e9f33b2b0645c5bf
SHA256

6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4
SHA512

bcb2c32d52f9a4cb41bf4603d98816e23f97a1c8bdcc3da32d5cb956a82e12197f8ebd263a63e45441acccb73f70a6f9499518d2bcfe01a52849f9a095b863f2
SSDEEP

1536:OtPeqkARTV/6D9jltokk8toPE8I1QWcxTOrpAFrWSx:ONeJARTV/w9jlmkk4oPE8ISWoT0pErZ

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 27 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2497	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
2498	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/	6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf

/tmp/6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
/tmp/6f847c91e29ac27c68cf858f54b22670cc2e682fa665b8ea213fb635d80ad1d4.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2497

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads