Linux Analysis Report
own.elf

Overview

General Information

Sample name: own.elf
Analysis ID: 1565969
MD5: 7a2503b10e533f29f7cd518b84c5b2ab
SHA1: b9ccb7f419df5c1d55b1a2b033ccfa0d85522b81
SHA256: f3bc4114fcad5ec02fc21cb4ab5e788cfdd3d7daa2c79801b6472af331b47487
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Sample and/or dropped files contains symbols with suspicious names
Yara signature match

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: own.elf Virustotal: Detection: 40% Perma Link
Machine Learning detection for sample
Source: own.elf Joe Sandbox ML: detected
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: own.elf, type: SAMPLE Matched rule: Linux_Hacktool_Flooder_a2795a4c Author: unknown
Source: own.elf, type: SAMPLE Matched rule: Linux_Hacktool_Flooder_4bcea1c4 Author: unknown
Source: 5569.1.0000000000400000.0000000000402000.r-x.sdmp, type: MEMORY Matched rule: Linux_Hacktool_Flooder_a2795a4c Author: unknown
Source: 5569.1.0000000000400000.0000000000402000.r-x.sdmp, type: MEMORY Matched rule: Linux_Hacktool_Flooder_4bcea1c4 Author: unknown
Sample and/or dropped files contains symbols with suspicious names
Source: own.elf ELF static info symbol of initial sample: PAYLOAD
Source: own.elf ELF static info symbol of initial sample: PAYLOADSIZE
Yara signature match
Source: own.elf, type: SAMPLE Matched rule: Linux_Hacktool_Flooder_a2795a4c reference_sample = 9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = 7c8bf248b159f3a140f10cd40d182fa84f334555b92306e6f44e746711b184cc, id = a2795a4c-16c0-4237-a014-3570d1edb287, last_modified = 2021-09-16
Source: own.elf, type: SAMPLE Matched rule: Linux_Hacktool_Flooder_4bcea1c4 reference_sample = 9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = e859966e8281e024c82dedd5bd237ab53af28a0cb21d24daa456e5cd1186c352, id = 4bcea1c4-de08-4526-8d31-89c5512f07af, last_modified = 2021-09-16
Source: 5569.1.0000000000400000.0000000000402000.r-x.sdmp, type: MEMORY Matched rule: Linux_Hacktool_Flooder_a2795a4c reference_sample = 9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = 7c8bf248b159f3a140f10cd40d182fa84f334555b92306e6f44e746711b184cc, id = a2795a4c-16c0-4237-a014-3570d1edb287, last_modified = 2021-09-16
Source: 5569.1.0000000000400000.0000000000402000.r-x.sdmp, type: MEMORY Matched rule: Linux_Hacktool_Flooder_4bcea1c4 reference_sample = 9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = e859966e8281e024c82dedd5bd237ab53af28a0cb21d24daa456e5cd1186c352, id = 4bcea1c4-de08-4526-8d31-89c5512f07af, last_modified = 2021-09-16
Source: classification engine Classification label: mal60.linELF@0/0@2/0
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Source: ELF symbol in initial sample Symbol name: usleep
windows-stand
No contacted IP infos

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.25 true