Linux Analysis Report
SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf
Analysis ID: 1531105
MD5: 2e952350c23d3440f9ca7f7148b054d6
SHA1: 875134b6824b68f7a986becdb17c13437df413e1
SHA256: 7e53496be3e341fe94dc8eb09f421c6c94b349334b8e62cdcf1796392b9f4148
Tags: elf
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf ReversingLabs: Detection: 15%
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@2/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf (PID: 5486) Queries kernel information via 'uname': Jump to behavior
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf, 5486.1.00007ffc0432f000.00007ffc04350000.rw-.sdmp Binary or memory string: /usr/bin/qemu-mips64el
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf, 5486.1.00007ffc0432f000.00007ffc04350000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-mips64el/tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf, 5486.1.00005566c7a0c000.00005566c7aba000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mips64el
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf, 5486.1.00005566c7a0c000.00005566c7aba000.rw-.sdmp Binary or memory string: fU1MIPS64R2-generic-mips64-cpu1/etc/qemu-binfmt/mips64elu
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.24480.17315.19960.elf, 5486.1.00007ffc0432f000.00007ffc04350000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
windows-stand
No contacted IP infos

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.25 true