b73f9f4246d497e5c14ff65e0357d592c6df6a8ff82d48b4fc62598ba5d3668b

Analysis

max time kernel
59s
max time network
59s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
22/03/2025, 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

. hello
Size

54KB
MD5

5f0620b67f06e044e6196911afc3054e
SHA1

4d63d1c044c9f316aa5a8d48066fdb3ee3ab0d39
SHA256

b73f9f4246d497e5c14ff65e0357d592c6df6a8ff82d48b4fc62598ba5d3668b
SHA512

bfd396633415d9b89950973e776dc93eb5b7799cf7ce92b5cc9bce100b42d030863da36c911fecfad73b1dc0a3c6aeaf58750e95796fa5f1861f786ed3adc31c
SSDEEP

1536:Y9qriQt/jI3vl1jrlA4lj1O1+HuqfRgbr85wtR:Y9cp/jI3NdlAejY1+Oqun85

Score

9^/10

discovery rootkit

Malware Config

Signatures

Contacts a large (36789) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2506	. hello
2508	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2514	. hello
2508	. hello
2508	. hello
2514	. hello
2514	. hello
2508	. hello
2508	. hello
2514	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2508	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello
2514	. hello

Unexpected DNS network traffic destination 21 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	194.36.144.87
Destination IP	51.158.108.203
Destination IP	168.235.111.72
Destination IP	185.181.61.24
Destination IP	81.169.136.222
Destination IP	194.36.144.87
Destination IP	194.36.144.87
Destination IP	194.36.144.87
Destination IP	185.181.61.24
Destination IP	185.181.61.24
Destination IP	51.158.108.203
Destination IP	51.158.108.203
Destination IP	51.158.108.203
Destination IP	51.158.108.203
Destination IP	185.181.61.24
Destination IP	194.36.144.87
Destination IP	202.61.197.122
Destination IP	194.36.144.87
Destination IP	194.36.144.87
Destination IP	185.181.61.24
Destination IP	81.169.136.222

/tmp/. hello
"/tmp/. hello"
1⤵
- Loads a kernel module
PID:2506

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads