Linux Analysis Report
na.elf

ID:	1528837
Product:	CloudBasic
Start time:	11:35:33
Start date:	08.10.2024
Sample:	na.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	15e9f234d683856940f418eb5250daaa
SHA1:	081c0e34cc2848727eb47296b0f8e83486ec5a57
SHA256:	2aec5415870068d35a7d908974ad5e95331a5141dc199a71800200fd9ac42fbf
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: na.elf

Avira: detected

Source: na.elf	ReversingLabs: Detection: 36%
Source: na.elf	Virustotal: Detection: 35%			Perma Link

Networking

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Source: na.elf, type: SAMPLE	Matched rule: Linux_Packer_Patched_UPX_62e11c64 Author: unknown
Source: 5525.1.00007f1e70400000.00007f1e70422000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Packer_Patched_UPX_62e11c64 Author: unknown

Source: LOAD without section mappings

Program segment: 0x400000

Source: na.elf, type: SAMPLE

Matched rule: Linux_Packer_Patched_UPX_62e11c64 reference_sample = 02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669, os = linux, severity = x86, creation_date = 2021-06-08, scan_context = file, reference = https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/, license = Elastic License v2, threat_name = Linux.Packer.Patched_UPX, fingerprint = 3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d, id = 62e11c64-fc7d-4a0a-9d72-ad53ec3987ff, last_modified = 2021-07-28

Source: 5525.1.00007f1e70400000.00007f1e70422000.r-x.sdmp, type: MEMORY

Matched rule: Linux_Packer_Patched_UPX_62e11c64 reference_sample = 02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669, os = linux, severity = x86, creation_date = 2021-06-08, scan_context = file, reference = https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/, license = Elastic License v2, threat_name = Linux.Packer.Patched_UPX, fingerprint = 3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d, id = 62e11c64-fc7d-4a0a-9d72-ad53ec3987ff, last_modified = 2021-07-28

Source: classification engine

Classification label: mal64.linELF@0/0@2/0

Hooking and other Techniques for Hiding and Protection

Source: na.elf

Submission file: segment LOAD with 7.7838 entropy (max. 8.0)

Malware Analysis System Evasion

Source: /tmp/na.elf (PID: 5525)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5525.1.00007ffdd17b8000.00007ffdd17d9000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5525.1.0000556403275000.00005564032fc000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: na.elf, 5525.1.0000556403275000.00005564032fc000.rw-.sdmp	Binary or memory string: dU!/etc/qemu-binfmt/mips
Source: na.elf, 5525.1.00007ffdd17b8000.00007ffdd17d9000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: na.elf, 5525.1.00007ffdd17b8000.00007ffdd17d9000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped