Extracted

• • Target

    hoodlum.i586.elf

  • Size

    107KB

  • MD5

    b8860e33ab9767d7cc38e10dda5ffcad

  • SHA1

    2d3c691ccadaa36f4ac4383b9131707d03dfdc84

  • SHA256

    bef49b6194de69c6a390caead8ec74e6c0641b911699b3ffb9c9856509883c8e

  • SHA512

    b60f4adea683146001f8660503d54f2c9c46df1beab840c1b080505c73d3e847590279575b3b8ac4ae1de089bfb440a5dffc15d27fdac9ee75052c647c1060af

  • SSDEEP

    3072:E/opUnUp90MjphxhZsd18tl3xzELtpD5hqYkWmu80CjKaIU:L0690MjphxDsdklhzELD5hqY9mu80C+E

  Score

  7^/10

  defense_evasiondiscoveryprivilege_escalationrootkit

  • Deletes Audit logs

    Deletes logs related to the Linux Audit framework.

    defense_evasion

  • Deletes journal logs

    Deletes systemd journal logs. Likely to evade detection.

    defense_evasion

  • Flushes firewall rules

    Flushes/ disables firewall rules inside the Linux kernel.

    defense_evasion

  • Loads a kernel module

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit

  • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

    Abuse sudo or cached sudo credentials to execute code.

    privilege_escalationdefense_evasion

  • Deletes log files

    Deletes log files on the system.

    defense_evasion

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1