Linux Analysis Report
arm6.elf

Overview

General Information

Sample name: arm6.elf
Analysis ID: 1544644
MD5: 7c1d655c927699a5580fbec0309cf3f1
SHA1: 5813d86b667f056b195e5065ad868415be850d66
SHA256: 43dd9d9e6b6440db54ae850f43fc081890d3d4035a7e66c21067805dc2ff9025
Tags: elfMiraiuser-abuse_ch
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection

barindex
Source: arm6.elf Avira: detected
Source: arm6.elf ReversingLabs: Detection: 50%
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal56.linELF@0/0@2/0
Source: /tmp/arm6.elf (PID: 5433) Queries kernel information via 'uname': Jump to behavior
Source: arm6.elf, 5433.1.000055aba38a5000.000055aba39d3000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: arm6.elf, 5433.1.000055aba38a5000.000055aba39d3000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: arm6.elf, 5433.1.00007ffcd8fcb000.00007ffcd8fec000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: arm6.elf, 5433.1.00007ffcd8fcb000.00007ffcd8fec000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm6.elf
Source: arm6.elf, 5433.1.00007ffcd8fcb000.00007ffcd8fec000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
No contacted IP infos