Linux Analysis Report
SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf

Overview

General Information

Sample name:	SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf
Analysis ID:	1527609
MD5:	efe38c3fad71cb6b9e154e8ba077722e
SHA1:	fb506f7ac533717af974bbff7cd3e49aad2feb52
SHA256:	0f591b615a8c8d91187b374971b1d861391db9bcda95a052f13448608de0d13b
Tags:	elf

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf	Virustotal: Detection: 15%			Perma Link
Source: SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf	ReversingLabs: Detection: 13%

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal48.linELF@0/0@0/0

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf (PID: 5515)

Queries kernel information via 'uname':

Jump to behavior

Source: SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf, 5515.1.00007ffdb9356000.00007ffdb9377000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf
Source: SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf, 5515.1.0000560b19c7b000.0000560b19da9000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf, 5515.1.0000560b19c7b000.0000560b19da9000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/arm
Source: SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf, 5515.1.00007ffdb9356000.00007ffdb9377000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Screenshots

Network Map

⊘No contacted IP infos

ID:	1527609
Product:	CloudBasic
Start time:	06:23:12
Start date:	07.10.2024
Sample:	SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	efe38c3fad71cb6b9e154e8ba077722e
SHA1:	fb506f7ac533717af974bbff7cd3e49aad2feb52
SHA256:	0f591b615a8c8d91187b374971b1d861391db9bcda95a052f13448608de0d13b
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

System Summary

Malware Analysis System Evasion

Screenshots

Network Map

Linux Analysis Report SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

System Summary

Malware Analysis System Evasion

Screenshots

Network Map

Linux Analysis Report
SecuriteInfo.com.ELF.Mirai-COW.30071.12978.elf