Linux Analysis Report
nsharm6.elf

Overview

General Information

Sample name: nsharm6.elf
Analysis ID: 1542851
MD5: d03056ba611ea613de51135e7aab1d31
SHA1: a9c1af061b570a2627864005a30c01c172bc55da
SHA256: 3aab7e9ba65aafbeeb5663ab2ede3c701e07db6b3c42711707266d580c71d76e
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection

barindex
Source: nsharm6.elf ReversingLabs: Detection: 18%
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@2/0
Source: /tmp/nsharm6.elf (PID: 5491) Queries kernel information via 'uname': Jump to behavior
Source: nsharm6.elf, 5491.1.0000558677567000.0000558677695000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: nsharm6.elf, 5491.1.00007ffeb74b3000.00007ffeb74d4000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/nsharm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/nsharm6.elf
Source: nsharm6.elf, 5491.1.0000558677567000.0000558677695000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: nsharm6.elf, 5491.1.00007ffeb74b3000.00007ffeb74d4000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: nsharm6.elf, 5491.1.00007ffeb74b3000.00007ffeb74d4000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
No contacted IP infos