Source: kBNrex15s8.elf |
ReversingLabs: Detection: 71% |
Source: kBNrex15s8.elf |
Virustotal: Detection: 61% |
Perma Link |
Source: unknown |
DNS traffic detected: queries for: daisy.ubuntu.com |
Source: ELF static info symbol of initial sample |
.symtab present: no |
Source: classification engine |
Classification label: mal56.linELF@0/0@2/0 |
Source: /tmp/kBNrex15s8.elf (PID: 5525) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: kBNrex15s8.elf, 5525.1.000055d6d3bb9000.000055d6d3ce7000.rw-.sdmp |
Binary or memory string: U!/etc/qemu-binfmt/arm |
Source: kBNrex15s8.elf, 5525.1.00007fff6e4f6000.00007fff6e517000.rw-.sdmp |
Binary or memory string: qemu: %s: %s |
Source: kBNrex15s8.elf, 5525.1.00007fff6e4f6000.00007fff6e517000.rw-.sdmp |
Binary or memory string: leqemu: %s: %s |
Source: kBNrex15s8.elf, 5525.1.000055d6d3bb9000.000055d6d3ce7000.rw-.sdmp |
Binary or memory string: Urg.qemu.gdb.arm.sys.regs"> |
Source: kBNrex15s8.elf, 5525.1.000055d6d3bb9000.000055d6d3ce7000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/arm |
Source: kBNrex15s8.elf, 5525.1.00007fff6e4f6000.00007fff6e517000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-arm |
Source: kBNrex15s8.elf, 5525.1.00007fff6e4f6000.00007fff6e517000.rw-.sdmp |
Binary or memory string: hx86_64/usr/bin/qemu-arm/tmp/kBNrex15s8.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/kBNrex15s8.elf |
Source: kBNrex15s8.elf, 5525.1.000055d6d3bb9000.000055d6d3ce7000.rw-.sdmp |
Binary or memory string: rg.qemu.gdb.arm.sys.regs"> |