Linux Analysis Report
arm6.elf

Overview

General Information

Sample name: arm6.elf
Analysis ID: 1543420
MD5: b9fe58e24006ae95a6d808e42fbf84a9
SHA1: 510dcbfc321c3c343b7b3d6aed7449d651fb6473
SHA256: d93c947eae944fd65bccfcc6e5d7c25153dee510ed088c17a797bcf59a10871c
Tags: elfuser-abuse_ch

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: arm6.elf ReversingLabs: Detection: 13%
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@0/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/arm6.elf (PID: 5829) Queries kernel information via 'uname': Jump to behavior
Source: arm6.elf, 5829.1.000055b33ee1f000.000055b33ef4d000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: arm6.elf, 5829.1.000055b33ee1f000.000055b33ef4d000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: arm6.elf, 5829.1.00007ffdd4a39000.00007ffdd4a5a000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: arm6.elf, 5829.1.00007ffdd4a39000.00007ffdd4a5a000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm6.elf

No Screenshots

No contacted IP infos