Analysis
-
max time kernel
149s -
max time network
148s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20250307-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
10/04/2025, 15:54
Behavioral task
behavioral1
Sample
ftp.elf
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
1 signatures
150 seconds
General
-
Target
ftp.elf
-
Size
85KB
-
MD5
41620546f82358dc809e5d0071b70147
-
SHA1
a1d2d033add103d970b499dd1896007a8d8a56ae
-
SHA256
5c383b1ee8c797d0239dc1f4012f9bf979586099e43b988d7fdba3f0f4f5c7ce
-
SHA512
06c3d6ce8b880cef0438e7676512062053b435cfa806a52af7cd3e4caf4c1ba8d6ad8bf69531e6eb87c971c1cb354e89979d504938a08d52b5e02ffd7e591cbc
-
SSDEEP
1536:7mUhyUfT4IKgGTMNzdWBG3VUans/uFOw1LTraOwI0nPwJUkit1O5u1m:7FdvKgG2zd+GF3sTwtTOI0n4JUkiXO5N
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf 2494 ftp.elf