Edit tour
Linux
Analysis Report
na.elf
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample has stripped symbol table
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1527222 |
Start date and time: | 2024-10-06 21:59:14 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal60.linELF@0/0@0/0 |
- VT rate limit hit for: na.elf
Command: | /tmp/na.elf |
PID: | 5529 |
Exit Code: | 1 |
Exit Code Info: | |
Killed: | False |
Standard Output: | open ./frpc.ini: no such file or directory |
Standard Error: |
- system is lnxubuntu20
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Submission: |
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Linux.Hacktool.ServerProxy | ||
100% | Avira | LINUX/ReverseShell..otijv | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown |
⊘No contacted IP infos
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.118986234026611 |
TrID: |
|
File name: | na.elf |
File size: | 10'400'928 bytes |
MD5: | 71481f6ca8315b68ea13f18375671c3f |
SHA1: | e60a7e8b42555d51b222bc355a8968c5269ac720 |
SHA256: | 413a131005421c004268630e678f02d0311f9128b59f33daf5b3be6b3028324f |
SHA512: | 362338a14a022d831858a4f5013aa9db7d75978b5fc3298989a97f1b7408c7ebbbd0678fe0d868b9201b210dcce08c48b936702b544a2ac53c98977866eddfdc |
SSDEEP: | 98304:S2HqWUYrOWvlKxher++Dj5V9/Rt4F7cPAmHb4fCHpuV8X8U1:P3UYrJlKxhe1/n9JOZcom3oFU1 |
TLSH: | 8CA65C17F89214E6C9FFF1B0869A5311BE7178A6C33137D76F909A960626BF4693E300 |
File Content Preview: | .ELF..............>.....0.E.....@...................@.8...@.............@.......@.@.....@.@...............................................@.......@.....d.......d.................................@.......@......sB......sB.......................B............ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 7 |
Section Header Offset: | 456 |
Section Header Size: | 64 |
Number of Section Headers: | 13 |
Header String Table Index: | 3 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.text | PROGBITS | 0x401000 | 0x1000 | 0x4263a6 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.rodata | PROGBITS | 0x828000 | 0x428000 | 0x2651a0 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0x68d1a0 | 0x7c | 0x0 | 0x0 | 0 | 0 | 1 | |
.typelink | PROGBITS | 0xa8d220 | 0x68d220 | 0x3c38 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.itablink | PROGBITS | 0xa90e58 | 0x690e58 | 0x1010 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.gosymtab | PROGBITS | 0xa91e68 | 0x691e68 | 0x0 | 0x0 | 0x2 | A | 0 | 0 | 1 |
.gopclntab | PROGBITS | 0xa91e80 | 0x691e80 | 0x30c4db | 0x0 | 0x2 | A | 0 | 0 | 32 |
.noptrdata | PROGBITS | 0xd9f000 | 0x99f000 | 0x3f0e0 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.data | PROGBITS | 0xdde0e0 | 0x9de0e0 | 0xd3b0 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0xdeb4a0 | 0x9eb4a0 | 0x1f1b0 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.noptrbss | NOBITS | 0xe0a660 | 0xa0a660 | 0x3478 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.note.go.buildid | NOTE | 0x400f9c | 0xf9c | 0x64 | 0x0 | 0x2 | A | 0 | 0 | 4 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
PHDR | 0x40 | 0x400040 | 0x400040 | 0x188 | 0x188 | 1.6502 | 0x4 | R | 0x1000 | ||
NOTE | 0xf9c | 0x400f9c | 0x400f9c | 0x64 | 0x64 | 5.4133 | 0x4 | R | 0x4 | .note.go.buildid | |
LOAD | 0x0 | 0x400000 | 0x400000 | 0x4273a6 | 0x4273a6 | 5.8881 | 0x5 | R E | 0x1000 | .text .note.go.buildid | |
LOAD | 0x428000 | 0x828000 | 0x828000 | 0x57635b | 0x57635b | 5.6205 | 0x4 | R | 0x1000 | .rodata .typelink .itablink .gosymtab .gopclntab | |
LOAD | 0x99f000 | 0xd9f000 | 0xd9f000 | 0x4c4a0 | 0x6ead8 | 6.0902 | 0x6 | RW | 0x1000 | .noptrdata .data .bss .noptrbss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 | ||
LOOS+5041580 | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x2a00 | 0x8 |
⊘No network behavior found
System Behavior
Start time (UTC): | 20:00:00 |
Start date (UTC): | 06/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 10400928 bytes |
MD5 hash: | 71481f6ca8315b68ea13f18375671c3f |