Linux Analysis Report
SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf
Analysis ID: 1531109
MD5: 83f4fd3e3c6c394d3b660217b1832f42
SHA1: 2c17c4ba3cb05f556ee68890c67c699464bf1d99
SHA256: eb29289fb07d0650cc290ab6bcd4aed7b0eda8756610cc474bc8de6f3e0953bc
Tags: elf
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf ReversingLabs: Detection: 15%
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@2/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf (PID: 5545) Queries kernel information via 'uname': Jump to behavior
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf, 5545.1.00007ffc3ca0f000.00007ffc3ca30000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf, 5545.1.000055b43faf2000.000055b43fcb7000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf, 5545.1.000055b43faf2000.000055b43fcb7000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf, 5545.1.00007ffc3ca0f000.00007ffc3ca30000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: SecuriteInfo.com.Trojan.Linux.GenericKD.28454.18122.15386.elf, 5545.1.00007ffc3ca0f000.00007ffc3ca30000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
windows-stand
No contacted IP infos

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.25 true