Edit tour
Linux
Analysis Report
na.elf
Overview
General Information
| Sample name: | na.elf |
| Analysis ID: | 1528913 |
| MD5: | d910d780d44f45c5b9ce6032699f820e |
| SHA1: | 8aae92edcf4138a3c89b6ae5ffc13450899db3c5 |
| SHA256: | e0d8562ac8223ff01d99dd52225966150785e1021ec63b7ab44b01f04471b149 |
| Tags: | elfuser-abuse_ch |
Errors
| |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Classification
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1528913 |
| Start date and time: | 2024-10-08 13:02:07 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 32s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | na.elf |
| Detection: | MAL |
| Classification: | mal48.linELF@0/0@0/0 |
- No process behavior to analyse as no analysis process or sample was found
| Command: | /tmp/na.elf |
| PID: | 5644 |
| Exit Code: | 255 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | |
| Standard Error: |
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | .symtab present: | ||
| Source: | Classification label: | ||
⊘No Mitre Att&ck techniques found
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
Internet| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 11% | ReversingLabs | Linux.Backdoor.Mirai | ||
| 8% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.40170162459827 |
| TrID: |
|
| File name: | na.elf |
| File size: | 124'088 bytes |
| MD5: | d910d780d44f45c5b9ce6032699f820e |
| SHA1: | 8aae92edcf4138a3c89b6ae5ffc13450899db3c5 |
| SHA256: | e0d8562ac8223ff01d99dd52225966150785e1021ec63b7ab44b01f04471b149 |
| SHA512: | b148c4b307d9acc65331904cb2df1f0852c3fa3d8730bd50043adf3853684693d2a105607d7313c5f222538ac3083311ae00b2c4c76938a657628a6b5aa43f90 |
| SSDEEP: | 1536:gQTF0nkjipFHRYrFJ2UIU2Vbl3vi3Rsof2Ut3ealMjVUb/ZlgD/LW:grkjinqZJNIP3vq+U/t0jVUb/ZlgDq |
| TLSH: | 6AC3AD87F24B5990C82502F05BC75BEC1EA331126E1FD8F76C1D663B1A7A4CF1A0A792 |
| File Content Preview: | .ELF..............].........4...`.......4. ...(.................................. .......................?....... ..................................................................Q.td....................................................................... |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 52 |
| Program Header Offset: | 52 |
| Program Header Size: | 32 |
| Number of Program Headers: | 5 |
| Section Header Offset: | 123488 |
| Section Header Size: | 40 |
| Number of Section Headers: | 15 |
| Header String Table Index: | 14 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .init | PROGBITS | 0x10114 | 0x114 | 0x22 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
| .text | PROGBITS | 0x10138 | 0x138 | 0x14464 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .fini | PROGBITS | 0x2459c | 0x1459c | 0x16 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
| .rodata | PROGBITS | 0x245b4 | 0x145b4 | 0x7d2c | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .eh_frame | PROGBITS | 0x2c2e0 | 0x1c2e0 | 0x410 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .tbss | NOBITS | 0x2ffe0 | 0x1dfe0 | 0x8 | 0x0 | 0x403 | WAT | 0 | 0 | 4 |
| .fini_array | FINI_ARRAY | 0x2ffe0 | 0x1dfe0 | 0x4 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
| .ctors | PROGBITS | 0x2ffe4 | 0x1dfe4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dtors | PROGBITS | 0x2ffec | 0x1dfec | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .got | PROGBITS | 0x2fff4 | 0x1dff4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .data | PROGBITS | 0x30008 | 0x1e008 | 0x1b4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .bss | NOBITS | 0x301bc | 0x1e1bc | 0x3dcc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .ARC.attributes | <unknown> | 0x0 | 0x1e1bc | 0x32 | 0x0 | 0x0 | 0 | 0 | 1 | |
| .shstrtab | STRTAB | 0x0 | 0x1e1ee | 0x6f | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| LOAD | 0x0 | 0x10000 | 0x10000 | 0x1c6f0 | 0x1c6f0 | 6.6429 | 0x5 | R E | 0x2000 | .init .text .fini .rodata .eh_frame | |
| LOAD | 0x1dfe0 | 0x2ffe0 | 0x2ffe0 | 0x1dc | 0x3fa8 | 2.5053 | 0x6 | RW | 0x2000 | .tbss .fini_array .ctors .dtors .got .data .bss | |
| NOTE | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x4 | R | 0x4 | ||
| TLS | 0x1dfe0 | 0x2ffe0 | 0x2ffe0 | 0x0 | 0x8 | 0.0000 | 0x4 | R | 0x4 | .tbss | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
⊘No network behavior found