| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic |
DNS traffic detected: DNS query: daisy.ubuntu.com |
| Source: ELF static info symbol of initial sample |
.symtab present: no |
| Source: classification engine |
Classification label: clean1.linELF@0/0@2/0 |
| Source: /usr/bin/dash (PID: 5471) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.4Xgs4z57Yt /tmp/tmp.nOe17kuunU /tmp/tmp.HsCFf4ukdW |
Jump to behavior |
| Source: /usr/bin/dash (PID: 5472) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.4Xgs4z57Yt /tmp/tmp.nOe17kuunU /tmp/tmp.HsCFf4ukdW |
Jump to behavior |
| Source: /tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.28461.1073.707.elf (PID: 5481) |
Queries kernel information via 'uname': |
Jump to behavior |
| Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28461.1073.707.elf, 5481.1.00007ffcf6bc9000.00007ffcf6bea000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-ppc64 |
| Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28461.1073.707.elf, 5481.1.000055b9114b4000.000055b911549000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/ppc64 |
| Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28461.1073.707.elf, 5481.1.000055b9114b4000.000055b911549000.rw-.sdmp |
Binary or memory string: U!/etc/qemu-binfmt/ppc64 |
| Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28461.1073.707.elf, 5481.1.00007ffcf6bc9000.00007ffcf6bea000.rw-.sdmp |
Binary or memory string: Kex86_64/usr/bin/qemu-ppc64/tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.28461.1073.707.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.28461.1073.707.elf |
