Edit tour
Linux
Analysis Report
SecuriteInfo.com.ELF.Mirai-CVD.6145.31005.elf
Overview
General Information
| Sample name: | SecuriteInfo.com.ELF.Mirai-CVD.6145.31005.elf |
| Analysis ID: | 1528450 |
| MD5: | 7706f8aa31917ac8a9e8064926e2ff75 |
| SHA1: | cfcdeb0c2f8ad904c920fd44bd69e79d4f340a94 |
| SHA256: | 498dbf542e27b894866d4089e3017955bbdca48a98475c42424ab597af7d2fcc |
| Tags: | elf |
 | |
Errors
| |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Classification
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1528450 |
| Start date and time: | 2024-10-07 22:49:24 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 17s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | SecuriteInfo.com.ELF.Mirai-CVD.6145.31005.elf |
| Detection: | MAL |
| Classification: | mal48.linELF@0/0@0/0 |
- No process behavior to analyse as no analysis process or sample was found
- VT rate limit hit for: SecuriteInfo.com.ELF.Mirai-CVD.6145.31005.elf
| Command: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.6145.31005.elf |
| PID: | 5552 |
| Exit Code: | 255 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | |
| Standard Error: |
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
| Source: | .symtab present: | ||
| Source: | Classification label: | ||
⊘No Mitre Att&ck techniques found
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 16% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.397906980661035 |
| TrID: |
|
| File name: | SecuriteInfo.com.ELF.Mirai-CVD.6145.31005.elf |
| File size: | 124'088 bytes |
| MD5: | 7706f8aa31917ac8a9e8064926e2ff75 |
| SHA1: | cfcdeb0c2f8ad904c920fd44bd69e79d4f340a94 |
| SHA256: | 498dbf542e27b894866d4089e3017955bbdca48a98475c42424ab597af7d2fcc |
| SHA512: | 5955a13c5b2441180345ff1d0ace378c9fed80e217c8122bfe5ffa6e93c0bd3b96c8430bfd80d71a5d817efe9298de83aeed08c703cc3ec1c4bcd54407d3a5e2 |
| SSDEEP: | 1536:ZyT8GTbF0u/nPx51b93mlvJkaOO8DfVegUh0LZBgE/LW:UT/Tp0qPb3mRevXDjUh0LZBgEq |
| TLSH: | 6AC3AE87F34B5590C82103F41BC75BEC5EA322115E2BD8F76C1E663B5AB64CF1A0A792 |
| File Content Preview: | .ELF..............].........4...`.......4. ...(.....................P...P........ ......................._....... ..................................................................Q.td....................................................................... |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 52 |
| Program Header Offset: | 52 |
| Program Header Size: | 32 |
| Number of Program Headers: | 5 |
| Section Header Offset: | 123488 |
| Section Header Size: | 40 |
| Number of Section Headers: | 15 |
| Header String Table Index: | 14 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .init | PROGBITS | 0x10114 | 0x114 | 0x22 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
| .text | PROGBITS | 0x10138 | 0x138 | 0x143c4 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .fini | PROGBITS | 0x244fc | 0x144fc | 0x16 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
| .rodata | PROGBITS | 0x24514 | 0x14514 | 0x7d2c | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .eh_frame | PROGBITS | 0x2c240 | 0x1c240 | 0x410 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .tbss | NOBITS | 0x2ffe0 | 0x1dfe0 | 0x8 | 0x0 | 0x403 | WAT | 0 | 0 | 4 |
| .fini_array | FINI_ARRAY | 0x2ffe0 | 0x1dfe0 | 0x4 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
| .ctors | PROGBITS | 0x2ffe4 | 0x1dfe4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dtors | PROGBITS | 0x2ffec | 0x1dfec | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .got | PROGBITS | 0x2fff4 | 0x1dff4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .data | PROGBITS | 0x30008 | 0x1e008 | 0x1b4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .bss | NOBITS | 0x301bc | 0x1e1bc | 0x5d28 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .ARC.attributes | <unknown> | 0x0 | 0x1e1bc | 0x32 | 0x0 | 0x0 | 0 | 0 | 1 | |
| .shstrtab | STRTAB | 0x0 | 0x1e1ee | 0x6f | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| LOAD | 0x0 | 0x10000 | 0x10000 | 0x1c650 | 0x1c650 | 6.6448 | 0x5 | R E | 0x2000 | .init .text .fini .rodata .eh_frame | |
| LOAD | 0x1dfe0 | 0x2ffe0 | 0x2ffe0 | 0x1dc | 0x5f04 | 2.4955 | 0x6 | RW | 0x2000 | .tbss .fini_array .ctors .dtors .got .data .bss | |
| NOTE | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x4 | R | 0x4 | ||
| TLS | 0x1dfe0 | 0x2ffe0 | 0x2ffe0 | 0x0 | 0x8 | 0.0000 | 0x4 | R | 0x4 | .tbss | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
⊘No network behavior found