Linux Analysis Report
m68k.elf

Overview

General Information

Sample name: m68k.elf
Analysis ID: 1543416
MD5: 378ddc590f856ef1806a1de2f7a4c88c
SHA1: e519f2bc903087114ade41485251f914aacad4c4
SHA256: 3cd627eda89bb22bd50f573303076cd2216b3e0c99916e4826d21c53965b2fab
Tags: elfuser-abuse_ch

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: m68k.elf ReversingLabs: Detection: 13%
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@0/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/m68k.elf (PID: 5833) Queries kernel information via 'uname': Jump to behavior
Source: m68k.elf, 5833.1.000055ae0c4ee000.000055ae0c552000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: m68k.elf, 5833.1.00007ffc1e904000.00007ffc1e925000.rw-.sdmp Binary or memory string: /usr/bin/qemu-m68k
Source: m68k.elf, 5833.1.00007ffc1e904000.00007ffc1e925000.rw-.sdmp Binary or memory string: f'x86_64/usr/bin/qemu-m68k/tmp/m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/m68k.elf
Source: m68k.elf, 5833.1.000055ae0c4ee000.000055ae0c552000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/m68k

No Screenshots

No contacted IP infos