Linux Analysis Report
arm7.elf

Overview

General Information

Sample name: arm7.elf
Analysis ID: 1543502
MD5: e85dd67941ef7d5e18bc6c80f07ae4c7
SHA1: 7a3b2dfb608f25a6d3419eb743102c2cc04a79d6
SHA256: 1c861d732ec470f07ba37b9e3b298f14cd603d6b8099dd6f9386966f1e745ad0
Tags: elfuser-abuse_ch

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: arm7.elf ReversingLabs: Detection: 18%
Source: arm7.elf Virustotal: Detection: 12% Perma Link
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@0/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/arm7.elf (PID: 5430) Queries kernel information via 'uname': Jump to behavior
Source: arm7.elf, 5430.1.00007fffab460000.00007fffab481000.rw-.sdmp Binary or memory string: 9x86_64/usr/bin/qemu-arm/tmp/arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7.elf
Source: arm7.elf, 5430.1.000055f7caeaa000.000055f7cafd8000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: arm7.elf, 5430.1.000055f7caeaa000.000055f7cafd8000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: arm7.elf, 5430.1.00007fffab460000.00007fffab481000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
windows-stand
No contacted IP infos