Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20250307-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
10/03/2025, 11:02
General
-
Target
x86.elf
-
Size
77KB
-
MD5
7bd4a93c3cbc7fbff42497d09e41ddff
-
SHA1
c0aa7928a10d251cc23d674c68d8d66869e82aa4
-
SHA256
cc394faaa76b94227b8b1d982175c13a32b9529a88d422664daf18ad1f664945
-
SHA512
a5fc933113ce275eaeb4fd1ef50cb271099fbf05f0b09800a2ada6494dc6c272006b461891dac2e37a67670a08529022d43bdf81e32265cc8baf895a8aa1e3e4
-
SSDEEP
1536:9//+vex62dbPz7TL9xoBYrZboXWGBvlUlXtMHOfEAC5wKEPcOKAuu3F3M:9//+Wx62dbPz7TL9xlZboGGBvlUlXbuS
Malware Config
Signatures
-
Contacts a large (48320) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf 2488 x86.elf 2488 x86.elf 2485 x86.elf 2485 x86.elf