Linux Analysis Report
dlr.ppc.elf

ID:	1542865
Product:	CloudBasic
Start time:	19:25:01
Start date:	26.10.2024
Sample:	dlr.ppc.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	f1f7ccb6a6a43126cf2e7f6a0503e9c9
SHA1:	ed01b351de75fc870ca7317ffcb6dfba7d182930
SHA256:	6b88cab948133651aa162e3e2fa35d88d4951089d3e38c6f6069d1c80ad57a09
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: dlr.ppc.elf

ReversingLabs: Detection: 42%

Networking

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal48.linELF@0/0@2/0

Malware Analysis System Evasion

Source: /tmp/dlr.ppc.elf (PID: 5474)

Queries kernel information via 'uname':

Jump to behavior

Source: dlr.ppc.elf, 5474.1.00005581c07ab000.00005581c083a000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/ppc11!hotpluggableq
Source: dlr.ppc.elf, 5474.1.00005581c07ab000.00005581c083a000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: dlr.ppc.elf, 5474.1.00007ffe54467000.00007ffe54488000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: dlr.ppc.elf, 5474.1.00007ffe54467000.00007ffe54488000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/dlr.ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/dlr.ppc.elf