Overview

overview

10

Static

static

10

nabx86.elf

ubuntu-24.04-amd64

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    07/03/2025, 12:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nabx86.elf

  • Size

    34KB

  • MD5

    907426a4ce128f32b2ecb7172d851757

  • SHA1

    bbe2c04c981d22fa5ea0551f6c6c2a241e3ea78a

  • SHA256

    0c9ab85d15b5533addbfd926d6c526168d95a0980596389d998a01468d1e1ba9

  • SHA512

    feb4cc473af3d18432d93f9bffae6df44b8e77bc1333977f886e5c312e2cc76d4da2245499ea46ecda8074727732792d9bed832890f5ba2aa39c6fad2455af30

  • SSDEEP

    768:Uj+6gKDn2fk+HCvKaT7WXESN/KuJ7fkIpll:Uj3r2pankViupsIpll

Score
9/10
discoveryrootkit

Malware Config

Signatures

  • Contacts a large (14694) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Loads a kernel module 3 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery

Processes

  • /tmp/nabx86.elf
    /tmp/nabx86.elf
    1⤵
    • Loads a kernel module
    PID:2829

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads