Linux Analysis Report
arm6.elf

ID:	1545007
Product:	CloudBasic
Start time:	00:47:08
Start date:	30.10.2024
Sample:	arm6.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	2676bf3f45c3a54d86c959ffd5c47902
SHA1:	b2abb8e04c8434eb9d86f1618fab472c1e40a483
SHA256:	430723f14f44b719126a6fcad988c2d93bcbcc2497e7262d79c1fbb78bf175e7
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: arm6.elf

ReversingLabs: Detection: 52%

Networking

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal48.linELF@0/0@2/0

Malware Analysis System Evasion

Source: /tmp/arm6.elf (PID: 5431)

Queries kernel information via 'uname':

Jump to behavior

Source: arm6.elf, 5431.1.0000564c27dde000.0000564c27f0c000.rw-.sdmp	Binary or memory string: 'LV!/etc/qemu-binfmt/arm
Source: arm6.elf, 5431.1.0000564c27dde000.0000564c27f0c000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm6.elf, 5431.1.00007ffd1c9b4000.00007ffd1c9d5000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: arm6.elf, 5431.1.00007ffd1c9b4000.00007ffd1c9d5000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm6.elf
Source: arm6.elf, 5431.1.00007ffd1c9b4000.00007ffd1c9d5000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped