2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913 | Triage

Analysis

max time kernel
136s
max time network
138s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
07/03/2025, 14:02

Sharing

Report Analysis Logs

General

Target

blah.x86.elf
Size

40KB
MD5

2e689db77eaea41c04a31165f6ee7184
SHA1

170440f67d1eba5b252aa5bc6e2f0a026b6c8cef
SHA256

2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913
SHA512

5bc67648bb6650b1c6b4e1a9ca39cfb9dc719b7d670f83647445411df348e05ad1a06b0ae85e91625ec38bc18b4e5b75ba40f06c8652c025c7abfaa8513c00b4
SSDEEP

768:xMlB2zs8ssGfrRI6aQ2nEenzVq8uDOyct95VlVs:YYzs8ssGfrRI6aVnEepWOrtrVla

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 30 IoCs

Loads a Linux kernel module, potentially to achieve persistence

pid	Process
3645	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf
3647	blah.x86.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/a	blah.x86.elf

/tmp/blah.x86.elf
/tmp/blah.x86.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:3645

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads