Linux Analysis Report
na.elf

Overview

General Information

Sample name: na.elf
Analysis ID: 1532419
MD5: 110f5f4ab5af7ab5eecba76c412e559c
SHA1: 748f48635c7c9751ab869ba776b7be3c9df3a627
SHA256: 18f193cdc98521cbd75c10fd588bf16cfa539287eb3fff1b159f8113edfb19b0
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: na.elf ReversingLabs: Detection: 15%
Source: na.elf Virustotal: Detection: 15% Perma Link
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x400000
Source: classification engine Classification label: mal48.linELF@0/0@2/0
ELF contains segments with high entropy indicating compressed/encrypted content
Source: na.elf Submission file: segment LOAD with 7.8967 entropy (max. 8.0)
windows-stand
No contacted IP infos

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.25 true