Analysis
-
max time kernel
110s -
max time network
155s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
05-07-2024 01:30
Static task
static1
General
-
Target
849a773b088faa1672ce79552b8e1241fbccd873e4d68463e4a47a81f445acbc.elf
-
Size
56KB
-
MD5
02c7b295cdcea7f47ad9831a17badb3a
-
SHA1
c262cc3f1a1574255d33b8d6e80297a93b3dd239
-
SHA256
849a773b088faa1672ce79552b8e1241fbccd873e4d68463e4a47a81f445acbc
-
SHA512
c89136db33bf808342b735de4b3d9f4c2a7c5eed01cd152bfedf4a17f995e599a138072ad0620c549c80728e410e7bed821d554004106be1a9160661b91c805d
-
SSDEEP
1536:uF6fo3WS/iJkA+6prjMxb1z2C0PHo4kEDmf7v84bI500lgzQR:uF6QmS/iJn+Rx5z2C0PHo4nmfo4bIW0g
Malware Config
Signatures
-
Contacts a large (67313) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
Processes:
849a773b088faa1672ce79552b8e1241fbccd873e4d68463e4a47a81f445acbc.elfpid process 2870 849a773b088faa1672ce79552b8e1241fbccd873e4d68463e4a47a81f445acbc.elf 2871 2871 2871 2878 2878 2878 2871 2878 2878 2878 2878 2878 2878 2878 2878 2878 2878 2871 2878 2871 2878 2878 2878 2878 2878 2878 2878 2878 2878 2871 2878 2878 2878 2878 2871 2871 2878 2878 2871 2878 2878 2878 2878 2878 2878 2878 2878 2871 2878 2878 2871 2871 2878 2878 2871 2878 2878 2878 2878 2878 2878 2878 2878 -
Unexpected DNS network traffic destination 24 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 217.160.70.42 Destination IP 185.232.68.212 Destination IP 178.254.22.166 Destination IP 178.254.22.166 Destination IP 64.176.6.48 Destination IP 152.53.15.127 Destination IP 137.220.55.93 Destination IP 51.158.108.203 Destination IP 178.254.22.166 Destination IP 51.254.162.59 Destination IP 64.176.6.48 Destination IP 51.254.162.59 Destination IP 5.161.109.23 Destination IP 139.84.165.176 Destination IP 95.216.99.249 Destination IP 64.176.6.48 Destination IP 217.160.70.42 Destination IP 168.235.111.72 Destination IP 185.232.68.212 Destination IP 137.220.55.93 Destination IP 152.53.15.127 Destination IP 51.254.162.59 Destination IP 81.169.136.222 Destination IP 152.53.15.127