Linux Analysis Report
python3.7.3.elf

Overview

General Information

Sample name:	python3.7.3.elf
Analysis ID:	1669008
MD5:	461cad01cc92c161ad6277e6ca375d89
SHA1:	e9eb3924cf14de0c3aaf29fad085805d5ee858f1
SHA256:	784711f8e62690df44b5c5157cc99837c422c2083b4fe0600d2d76b48e55e867
Tags:	elfuser-abuse_ch
Infos:

Errors No process behavior to analyse as no analysis process or sample was found

Detection

Score:	52
Range:	0 - 100

Signatures

Malicious sample detected (through community Yara rule)

Found strings related to Crypto-Mining

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

Signatures

Bitcoin Miner

Found strings related to Crypto-Mining

Source: python3.7.3.elf	String found in binary or memory: stratum+tcp
Source: python3.7.3.elf	String found in binary or memory: stratum+tcp

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic

TCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26

Source: unknown

Network traffic detected: HTTP traffic on port 48202 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: python3.7.3.elf, type: SAMPLE

Matched rule: Linux_Cryptominer_Generic_5e56d076 Author: unknown

Yara signature match

Source: python3.7.3.elf, type: SAMPLE

Matched rule: Linux_Cryptominer_Generic_5e56d076 reference_sample = 32e1cb0369803f817a0c61f25ca410774b4f37882cab966133b4f3e9c74fac09, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Cryptominer.Generic, fingerprint = e9ca9b9faee091afed534b89313d644a52476b4757663e1cdfbcbca379857740, id = 5e56d076-0d6d-4979-8ebc-52607dcdb42d, last_modified = 2022-01-26

Source: classification engine

Classification label: mal52.mine.linELF@0/0@0/0

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.125.190.26	unknown	United Kingdom		41231	CANONICAL-ASGB	false

ID:	1669008
Product:	CloudBasic
Start time:	04:19:40
Start date:	19.04.2025
Sample:	python3.7.3.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	461cad01cc92c161ad6277e6ca375d89
SHA1:	e9eb3924cf14de0c3aaf29fad085805d5ee858f1
SHA256:	784711f8e62690df44b5c5157cc99837c422c2083b4fe0600d2d76b48e55e867
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Linux Analysis Report python3.7.3.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

Bitcoin Miner

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report
python3.7.3.elf