Linux Analysis Report
na.elf

Overview

General Information

Sample name: na.elf
Analysis ID: 1530604
MD5: 521069251bdce0fbd37497b8f527ab23
SHA1: 020730190edde76dec3de9678351aa6e65ab91bf
SHA256: aa5db395352aff621bc290b0eb2f7715230f93556ac99cc056cd22a56a5adc72
Tags: elfuser-abuse_ch

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: na.elf ReversingLabs: Detection: 15%
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@0/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/na.elf (PID: 5490) Queries kernel information via 'uname': Jump to behavior
Source: na.elf, 5490.1.0000563a6ff7e000.0000563a700ac000.rw-.sdmp Binary or memory string: o:V!/etc/qemu-binfmt/arm
Source: na.elf, 5490.1.00007ffed0afd000.00007ffed0b1e000.rw-.sdmp Binary or memory string: wx86_64/usr/bin/qemu-arm/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5490.1.0000563a6ff7e000.0000563a700ac000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: na.elf, 5490.1.00007ffed0afd000.00007ffed0b1e000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm

No Screenshots

No contacted IP infos