Linux Analysis Report
na.elf

ID:	1527222
Product:	CloudBasic
Start time:	21:59:14
Start date:	06.10.2024
Sample:	na.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	71481f6ca8315b68ea13f18375671c3f
SHA1:	e60a7e8b42555d51b222bc355a8968c5269ac720
SHA256:	413a131005421c004268630e678f02d0311f9128b59f33daf5b3be6b3028324f
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 49.77%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: na.elf

Avira: detected

Source: na.elf

ReversingLabs: Detection: 42%

Source: na.elf

Joe Sandbox ML: detected

Networking

Source: na.elf	String found in binary or memory: http://fontello.com
Source: na.elf	String found in binary or memory: https://github.com/fatedier/frp)http2:

System Summary

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.linELF@0/0@0/0

Source: ELF file section

Submission: na.elf

Malware Analysis System Evasion

Source: na.elf

Binary or memory string: Subject: AMDisbetter!AuthenticAMDBidi_ControlCIDR addressCONTINUATIONCentaurHaulsContent-TypeCookie.ValueECDSA-SHA256ECDSA-SHA384ECDSA-SHA512FECRecoveredGenuineIntelGenuineTMx86Geode by NSCI'm a teapotI/O possibleInCsumErrorsInstAltMatchJoin_ControlKVMKVMKVMKVMLittleEndianMax-ForwardsMeetei_MayekMicrosoft HvMime-VersionMulti-StatusNot ExtendedNot ModifiedPUSH_PROMISEPahawh_HmongPassiveOpensRCPT TO:<%s>SERIALNUMBERSSL_CERT_DIRSora_SompengSyloti_NagriTransitionalTransmetaCPUUnauthorizedVIA VIA VIA VMwareVMwareX-ImforwardsX-Powered-ByXenVMMXenVMM_arguments \abi mismatchaltmatch -> anynotnl -> bad flushGenbad g statusbad recoveryblock clausec ap trafficc hs trafficcan't happencas64 failedchan receivecheck failedchild exitedclose notifycontent-typecontext.TODOdumping heapecho requestend tracegc