Source: SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elf |
ReversingLabs: Detection: 15% |
Source: ELF static info symbol of initial sample |
.symtab present: no |
Source: classification engine |
Classification label: mal48.linELF@0/0@0/0 |
Source: SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elf |
Submission file: segment LOAD with 7.9644 entropy (max. 8.0) |
Source: /tmp/SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elf (PID: 5527) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elf, 5527.1.000055c37ec13000.000055c37ec99000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/mipsn32 |
Source: SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elf, 5527.1.000055c37ec13000.000055c37ec99000.rw-.sdmp |
Binary or memory string: U1MIPS64R2-generic-mips64-cpu1/etc/qemu-binfmt/mipsn32pu |
Source: SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elf, 5527.1.00007fff4de37000.00007fff4de58000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-mipsn32 |
Source: SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elf, 5527.1.00007fff4de37000.00007fff4de58000.rw-.sdmp |
Binary or memory string: rwx86_64/usr/bin/qemu-mipsn32/tmp/SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.ELF.Agent-BXR.25799.9458.elf |