Linux
Analysis Report
ulinux-logs.elf
Overview
General Information
Detection
Poseidon
Score: | 56 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Yara detected Poseidon
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1645091 |
Start date and time: | 2025-03-21 13:01:20 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 11m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | ulinux-logs.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@0/0 |
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- VT rate limit hit for: http://161.35.85.95/
- VT rate limit hit for: http://161.35.85.95/data
- VT rate limit hit for: http://161.35.85.95/data77bd446-2b3f-4d7c-beb1-343ec11e7427
- VT rate limit hit for: http://161.35.85.95/dataget_delegate_tasks
- VT rate limit hit for: http://161.35.85.95/datahttp://161.35.85.95/data
- VT rate limit hit for: http://161.35.85.95/datahttp://161.35.85.95/dataPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/b
- VT rate limit hit for: http://161.35.85.95/datamax-age=0
Command: | /tmp/ulinux-logs.elf |
PID: | 6223 |
Exit Code: | |
Exit Code Info: | |
Killed: | True |
Standard Output: | |
Standard Error: |
- system is lnxubuntu20
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Poseidon | Part of Mythic C2, written in Golang. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Poseidon | Yara detected Poseidon | Joe Security |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |