Linux Analysis Report
m68k.elf

Overview

General Information

Sample name: m68k.elf
Analysis ID: 1541741
MD5: ed49ff3731f269129f74dddd59cec8ea
SHA1: c02a7a43904df1d97b0c14da943dd974ffa3e2fd
SHA256: 1a53976e5c50c298a8a99c05927620726e033e08fd51a1a0986e146a6d421f31
Tags: elfuser-abuse_ch

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: m68k.elf ReversingLabs: Detection: 13%
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@0/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/m68k.elf (PID: 5433) Queries kernel information via 'uname': Jump to behavior
Source: m68k.elf, 5433.1.00007ffc85216000.00007ffc85237000.rw-.sdmp Binary or memory string: /usr/bin/qemu-m68k
Source: m68k.elf, 5433.1.0000563812330000.0000563812394000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/m68k
Source: m68k.elf, 5433.1.0000563812330000.0000563812394000.rw-.sdmp Binary or memory string: 8V!/etc/qemu-binfmt/m68k
Source: m68k.elf, 5433.1.00007ffc85216000.00007ffc85237000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/m68k.elf
windows-stand
No contacted IP infos