Linux Analysis Report
python3.7.3.elf

Overview

General Information

Sample name: python3.7.3.elf
Analysis ID: 1669008
MD5: 461cad01cc92c161ad6277e6ca375d89
SHA1: e9eb3924cf14de0c3aaf29fad085805d5ee858f1
SHA256: 784711f8e62690df44b5c5157cc99837c422c2083b4fe0600d2d76b48e55e867
Tags: elfuser-abuse_ch
Infos:
Errors
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score: 52
Range: 0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Found strings related to Crypto-Mining
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Bitcoin Miner

barindex
Source: python3.7.3.elf String found in binary or memory: stratum+tcp
Source: python3.7.3.elf String found in binary or memory: stratum+tcp
Source: global traffic TCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443
Source: unknown TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown Network traffic detected: HTTP traffic on port 48202 -> 443

System Summary

barindex
Source: python3.7.3.elf, type: SAMPLE Matched rule: Linux_Cryptominer_Generic_5e56d076 Author: unknown
Source: python3.7.3.elf, type: SAMPLE Matched rule: Linux_Cryptominer_Generic_5e56d076 reference_sample = 32e1cb0369803f817a0c61f25ca410774b4f37882cab966133b4f3e9c74fac09, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Cryptominer.Generic, fingerprint = e9ca9b9faee091afed534b89313d644a52476b4757663e1cdfbcbca379857740, id = 5e56d076-0d6d-4979-8ebc-52607dcdb42d, last_modified = 2022-01-26
Source: classification engine Classification label: mal52.mine.linELF@0/0@0/0
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs