7581867fa4cfd3edfd252fcd9df0ed0511453b04e832b48564137f175f36c93a

Analysis

max time kernel
93s
max time network
149s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
11/04/2025, 09:15

Target

病毒样本/32cba3f918e9c992b93177a2d204540a
Size

53KB
MD5

32cba3f918e9c992b93177a2d204540a
SHA1

14607581938a6e35a85b2f7c147fbb21e4f9bd4c
SHA256

5644faeaa3e7162e6423dd92780571af37299fcd2d04bf073bd6666acc3624a6
SHA512

86d0c95f196adc3ebf11cd9ba54d14f841e9fe99442877ffe2681c0107a94ad0fb3e85a0c317797e21d9fbb9e5f4ab47712418b631f6adc452667a68a7f18026
SSDEEP

768:X8hkgYUWhdJra76hXOBJNb/uMx2M3DuWHQaogHNi7tWebjH/eqYHM1o:Xw0Jra76hXC3/uM4MTDt8WyjH/e9HM

Score

9^/10

discovery rootkit

Contacts a large (71013) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Loads a kernel module 19 IoCs

Loads a Linux kernel module, potentially to achieve persistence

/tmp/病毒样本/32cba3f918e9c992b93177a2d204540a
/tmp/病毒样本/32cba3f918e9c992b93177a2d204540a
1⤵
- Loads a kernel module
PID:2520

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact