Reptile

Reptile

• First seen: October 2017
• Aliases:
• Samples:
  • 99ffc0099277bef59a37a4cfcf4cdd71df13ad33d1c7bf943dc87f803e75dd2c | linux | rootkit | elf

Reptile Linux Rootkit (rxp.ko)

Basic Properties

Property	Value
Size	560980 bytes
CRC32	0xe19cd282
MD5	246c5bec21c0a87657786d5d9b53fe38
SHA1	7d9eaefeb0c95473ad86abbdcffdbdf6950b8dd2
SHA256	99ffc0099277bef59a37a4cfcf4cdd71df13ad33d1c7bf943dc87f803e75dd2c
SHA512	b1d6eb1c8533ed378b53607b5ceb78a2aa762d785b55018b2833d89561b2bd31a0632da98ebf3dff4dcec9901adbaf78e7653e92164e4b6975a600158732086c
Ssdeep	12288:Xlv7SxafJ0ENoE0YiHWDaws2nxlBxPr+ysFILJIIxCT:Xl5GEKLOD+8tHqIxCT
Magic	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), BuildID[sha1]=8fab86920bdbc39ea1bf6cb04fdffcdcc314ab86, with debug_info, not stripped
Packer	ELF64: compiler: gcc((GNU) 4.4.7 20120313 (Red Hat 4.4.7-23))[relocatable AMD64-64]
TrID	100.0% (.O) ELF Executable and Linkable format (generic) (4000/1)

Antivirus Scan

+ Avast: clean
+ Avira: clean
- Bitdefender: Gen:Variant.Trojan.Linux.Reptile.1
+ Clamav: clean
+ Comodo: clean
- Drweb: Linux.Rootkit.334
- Eset: Linux/Rootkit.Reptile.I
+ Fsecure: clean
- Kaspersky: HEUR:Rootkit.Linux.Reptile.c
- Mcafee: RDN/Shellbot
+ Sophos: clean
- Symantec: Trojan Horse
+ Trendmicro: clean
- Windefender: Trojan:Linux/Reptile.C

References

• https://asec.ahnlab.com/en/55785/
• https://github.com/f0rb1dd3n/Reptile.git
• https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-berberoka.pdf