Linux Analysis Report
arm5.elf

Overview

General Information

Sample name: arm5.elf
Analysis ID: 1541343
MD5: 3d427a017d029d4c28d732766a1f418f
SHA1: 89c244d4bad7102f75453b1b2b09235efca28914
SHA256: ce2abb93f89d6e97c59925f4fc9cb2f5244c2e3481e6330ddcba6a9468dd935c
Tags: elfuser-abuse_ch

Detection

Score: 1
Range: 0 - 100
Whitelisted: false

Signatures

Sample and/or dropped files contains symbols with suspicious names
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Sample and/or dropped files contains symbols with suspicious names
Source: arm5.elf ELF static info symbol of initial sample: __gnu_unwind_execute
Source: classification engine Classification label: clean1.linELF@0/0@0/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/arm5.elf (PID: 5515) Queries kernel information via 'uname': Jump to behavior
Source: arm5.elf, 5515.1.00007ffc90bdd000.00007ffc90bfe000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm5.elf
Source: arm5.elf, 5515.1.000055b79ec25000.000055b79ed53000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: arm5.elf, 5515.1.000055b79ec25000.000055b79ed53000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: arm5.elf, 5515.1.00007ffc90bdd000.00007ffc90bfe000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
windows-stand
No contacted IP infos