Edit tour
Linux
Analysis Report
arm.elf
Overview
General Information
Sample name: | arm.elf |
Analysis ID: | 1576128 |
MD5: | dbeac82331d523c5dbcded7503ec7885 |
SHA1: | 3fa0e58bae109c4e30e2be7cd8cde401d459d592 |
SHA256: | 13f87ac86969baf044e1b178a0d09ab8399665518cd445c227aa24383c89e763 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Executes the "uname" command used to read OS and architecture name
Found strings indicative of a multi-platform dropper
Reads the 'hosts' file potentially containing internal network hosts
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1576128 |
Start date and time: | 2024-12-16 15:12:07 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | arm.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@4/0 |
- VT rate limit hit for: arm.elf
Command: | /tmp/arm.elf |
PID: | 6210 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | error opening connection to Discord: websocket: bad handshake |
Standard Error: | 2024/12/16 08:12:55 [DG0] wsapi.go:82:Open() error connecting to gateway wss://gateway.discord.gg/?v=9&encoding=json, websocket: bad handshake |
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | String: |