2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913

Analysis

max time kernel
133s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
08/03/2025, 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
Size

40KB
MD5

2e689db77eaea41c04a31165f6ee7184
SHA1

170440f67d1eba5b252aa5bc6e2f0a026b6c8cef
SHA256

2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913
SHA512

5bc67648bb6650b1c6b4e1a9ca39cfb9dc719b7d670f83647445411df348e05ad1a06b0ae85e91625ec38bc18b4e5b75ba40f06c8652c025c7abfaa8513c00b4
SSDEEP

768:xMlB2zs8ssGfrRI6aQ2nEenzVq8uDOyct95VlVs:YYzs8ssGfrRI6aVnEepWOrtrVla

Score

7^/10

rootkit

Malware Config

Signatures

Loads a kernel module 30 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2498	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
2500	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/a	2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf

/tmp/2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
/tmp/2ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913.elf
1⤵
- Loads a kernel module
- Writes file to tmp directory
PID:2498

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads