Linux Analysis Report
m68k.elf

Overview

General Information

Sample name: m68k.elf
Analysis ID: 1543504
MD5: c4032dca32a9e32d0e7358020a288d39
SHA1: 8d21ef0430cf6049a8ff499857f5bd31fc5b00c7
SHA256: d21092fd7de2839d28e215eeb90d66c40613944d2bf59050c70a9e2799a2fb90
Tags: elfuser-abuse_ch

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: m68k.elf ReversingLabs: Detection: 13%
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.linELF@0/0@0/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/m68k.elf (PID: 5434) Queries kernel information via 'uname': Jump to behavior
Source: m68k.elf, 5434.1.00007ffeafbd3000.00007ffeafbf4000.rw-.sdmp Binary or memory string: /usr/bin/qemu-m68k
Source: m68k.elf, 5434.1.000056004a5eb000.000056004a64f000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/m68k
Source: m68k.elf, 5434.1.000056004a5eb000.000056004a64f000.rw-.sdmp Binary or memory string: ^JV!/etc/qemu-binfmt/m68k
Source: m68k.elf, 5434.1.00007ffeafbd3000.00007ffeafbf4000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/m68k.elf
windows-stand
No contacted IP infos