Linux Analysis Report
python.elf

Overview

General Information

Sample name:	python.elf
Analysis ID:	1562736
MD5:	4f592d138e48e1a7806f26453810d932
SHA1:	fa2e96b4c58f797fc8167831acf9aeccdda06f63
SHA256:	40ff8d47de915abbe2ff67e5a562f27874982f5ca6e911467514062cc9d94e72
Tags:	elfuser-abuse_ch

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false

Signatures

Found strings related to Crypto-Mining

Sample and/or dropped files likely contain functionality related to malicious behavior

Sample and/or dropped files contains symbols with suspicious names

Classification

Signatures

Bitcoin Miner

Found strings related to Crypto-Mining

Source: python.elf

String found in binary or memory: MB, and cnt= got= max= ms, ptr tab= top=%s %q%s*%d%s=%s"'&, fp:.avif.html.jpeg.json.wasm.webp/boot/etc//tmp/1562578125:***@:path<nil>AdlamAprilBamumBatakBuhidClassDograECDSAErrorFoundGreekHTTP/JUNOSKhmerLatinLimbuLocalMarchNushuOghamOriyaOsageP-224P-256P-384P-521RangeRealmRunicSHA-1STermSunOSTakriTamilTypeA\u202] = (amd64arraybad nchdirclosedeferfalsefaultfilesgcinggetwdgscanhchanhostshttpsimap2imap3imapsinit int16int32int64linuxlstatmatchmheapmkdirmonthmountpanicparsepipe2pkillpop3srangerune scav schedsleepslicesockssse41sse42ssse3sudogsweeptext/tls: tracetrap:uint8utf-8writexmrig B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...)

Source: python.elf	String found in binary or memory: http://678.hw10376.top:4399input
Source: python.elf	String found in binary or memory: http://door4399.h52l.com:4399integer

System Summary

Sample and/or dropped files likely contain functionality related to malicious behavior

Source: python.elf

ELF static info symbol of initial sample: crypto/tls.(*Config).writeKeyLog

Sample and/or dropped files contains symbols with suspicious names

Source: python.elf	ELF static info symbol of initial sample: bufio.(*Scanner).Scan
Source: python.elf	ELF static info symbol of initial sample: crypto/rand.(*hideAgainReader).Read
Source: python.elf	ELF static info symbol of initial sample: crypto/rand.hideAgainReader.Read
Source: python.elf	ELF static info symbol of initial sample: crypto/tls.(*Conn).maxPayloadSizeForWrite

Source: classification engine

Classification label: mal48.mine.linELF@0/0@0/0

Source: ELF file section

Submission: python.elf

Screenshots

No Screenshots

Network Map

⊘No contacted IP infos

ID:	1562736
Product:	CloudBasic
Start time:	23:50:21
Start date:	25.11.2024
Sample:	python.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	4f592d138e48e1a7806f26453810d932
SHA1:	fa2e96b4c58f797fc8167831acf9aeccdda06f63
SHA256:	40ff8d47de915abbe2ff67e5a562f27874982f5ca6e911467514062cc9d94e72
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 49.77%

Linux Analysis Report python.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

Bitcoin Miner

Networking

System Summary

Screenshots

Network Map

Linux Analysis Report
python.elf