Linux Analysis Report
mips.elf

Overview

General Information

Sample name: mips.elf
Analysis ID: 1543413
MD5: 4222146a411330a26431fb40204b723a
SHA1: d67d280720db895d3eb19bde69d3940299203407
SHA256: ab946b31d14b3be2b518a49328cb51f2bd9a3e8e7a51a8442e6d0ebdab73cc33
Tags: elfuser-abuse_ch

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: mips.elf ReversingLabs: Detection: 13%
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@0/0
Source: ELF file section Submission: mips.elf
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/mips.elf (PID: 5493) Queries kernel information via 'uname': Jump to behavior
Source: mips.elf, 5493.1.0000558f2fc19000.0000558f2fedb000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mipsel
Source: mips.elf, 5493.1.0000558f2fc19000.0000558f2fedb000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: mips.elf, 5493.1.00007ffd3d9c4000.00007ffd3d9e5000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.elf
Source: mips.elf, 5493.1.00007ffd3d9c4000.00007ffd3d9e5000.rw-.sdmp Binary or memory string: /usr/bin/qemu-mipsel

No Screenshots

No contacted IP infos