Linux Analysis Report
arm.elf

Overview

Sample name:	arm.elf
Analysis ID:	1541316
MD5:	aea40b20101e1e9895a3c2ce02a260a8
SHA1:	24c4c52ceb4fa325804de531edd2a45b8e3337ed
SHA256:	6e7450ce25f4a3a13fa254a8e23e1f58e53da943ca5137cae05e91c0e6ef62c6
Tags:	elfuser-abuse_ch

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: clean1.linELF@0/0@0/0

Source: /tmp/arm.elf (PID: 5426)

Queries kernel information via 'uname':

Source: arm.elf, 5426.1.00005625368a0000.00005625369ce000.rw-.sdmp	Binary or memory string: 6%V!/etc/qemu-binfmt/arm
Source: arm.elf, 5426.1.00005625368a0000.00005625369ce000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm.elf, 5426.1.00007ffcc3fb4000.00007ffcc3fd5000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: arm.elf, 5426.1.00007ffcc3fb4000.00007ffcc3fd5000.rw-.sdmp	Binary or memory string: 8x86_64/usr/bin/qemu-arm/tmp/arm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm.elf

No Screenshots

⊘No contacted IP infos

ID:	1541316
Product:	CloudBasic
Start time:	17:29:10
Start date:	24.10.2024
Sample:	arm.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	aea40b20101e1e9895a3c2ce02a260a8
SHA1:	24c4c52ceb4fa325804de531edd2a45b8e3337ed
SHA256:	6e7450ce25f4a3a13fa254a8e23e1f58e53da943ca5137cae05e91c0e6ef62c6
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%