34537b3ae42d5d93060f42ccd019a8e976290a01b0380e6688a2dfa1515cd1a6 | Triage

Analysis

max time kernel
145s
max time network
149s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
07/03/2025, 13:58

Sharing

Report Analysis Logs

General

Target

uYtea.x86.elf
Size

54KB
MD5

e8ee0839bb7869765d80e4280d585222
SHA1

e0aa7ad73b70d2fbd0f8f4ca2d5ca417c6e36538
SHA256

34537b3ae42d5d93060f42ccd019a8e976290a01b0380e6688a2dfa1515cd1a6
SHA512

a3570f2617a4ed149c1a8a8a396a2d0522c09551ab54ef7c7b882c71b66ac3cd9246e552b6acaceeb2585c337bee9e471af729dee5a08f9a491ab14a6c72f02b
SSDEEP

768:FmnthEsW5qnF15RY1dhPe7oXTmc6Dj5gk9vWnTI4eBH+4sToQLDLFv:Yn/EsW5qhSh6amnlWnU4GH+dNLt

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 27 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
2471	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf
2472	uYtea.x86.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/G`c\]I}\rSXb\GD	uYtea.x86.elf

/tmp/uYtea.x86.elf
/tmp/uYtea.x86.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2471

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads