Source: yI52EULGv3.elf |
Virustotal: Detection: 43% |
Perma Link |
Source: global traffic |
TCP traffic: 192.168.2.14:37030 -> 94.156.71.75:5683 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.71.75 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.71.75 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.71.75 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.71.75 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.71.75 |
Source: ELF static info symbol of initial sample |
.symtab present: no |
Source: /tmp/yI52EULGv3.elf (PID: 5517) |
SIGKILL sent: pid: 0 (kernel), result: unknown |
Jump to behavior |
Source: classification engine |
Classification label: mal48.linELF@0/0@0/0 |
Source: /tmp/yI52EULGv3.elf (PID: 5519) |
Shell command executed: sh -c "mkdir /tuqrq95kgq/ && >/tuqrq95kgq/tuqrq95kgq && cd /tuqrq95kgq/ >/dev/null" |
Jump to behavior |
Source: /tmp/yI52EULGv3.elf (PID: 5522) |
Shell command executed: sh -c "mv /tmp/yI52EULGv3.elf /tuqrq95kgq/tuqrq95kgq && chmod 777 /tuqrq95kgq/tuqrq95kgq >/dev/null" |
Jump to behavior |
Source: /bin/sh (PID: 5525) |
Chmod executable: /usr/bin/chmod -> chmod 777 /tuqrq95kgq/tuqrq95kgq |
Jump to behavior |
Source: /bin/sh (PID: 5521) |
Mkdir executable: /usr/bin/mkdir -> mkdir /tuqrq95kgq/ |
Jump to behavior |
Source: /usr/bin/chmod (PID: 5525) |
File: /tuqrq95kgq/tuqrq95kgq (bits: - usr: rwx grp: rwx all: rwx) |
Jump to behavior |
Source: /bin/sh (PID: 5525) |
Chmod executable with 777: /usr/bin/chmod -> chmod 777 /tuqrq95kgq/tuqrq95kgq |
Jump to behavior |
Source: /tmp/yI52EULGv3.elf (PID: 5513) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: yI52EULGv3.elf, 5513.1.000055700709b000.0000557007120000.rw-.sdmp, yI52EULGv3.elf, 5515.1.000055700709b000.00005570070ff000.rw-.sdmp, yI52EULGv3.elf, 5517.1.000055700709b000.00005570070ff000.rw-.sdmp |
Binary or memory string: pU!/etc/qemu-binfmt/m68k |
Source: yI52EULGv3.elf, 5513.1.00007ffca8860000.00007ffca8881000.rw-.sdmp, yI52EULGv3.elf, 5515.1.00007ffca8860000.00007ffca8881000.rw-.sdmp, yI52EULGv3.elf, 5517.1.00007ffca8860000.00007ffca8881000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-m68k |
Source: yI52EULGv3.elf, 5513.1.000055700709b000.0000557007120000.rw-.sdmp, yI52EULGv3.elf, 5515.1.000055700709b000.00005570070ff000.rw-.sdmp, yI52EULGv3.elf, 5517.1.000055700709b000.00005570070ff000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/m68k |
Source: yI52EULGv3.elf, 5513.1.00007ffca8860000.00007ffca8881000.rw-.sdmp, yI52EULGv3.elf, 5515.1.00007ffca8860000.00007ffca8881000.rw-.sdmp, yI52EULGv3.elf, 5517.1.00007ffca8860000.00007ffca8881000.rw-.sdmp |
Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/yI52EULGv3.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/yI52EULGv3.elf |