Linux Analysis Report z0FwvGSnDF

Overview

General Information

Sample Name: z0FwvGSnDF
Analysis ID: 452439
MD5: dafbf75b66b11d7d3b2dcd284c8ac302
SHA1: d1736cc4d7efab8522907550ae0ad5c2e52b296e
SHA256: a524c003fb6dda1f77eda693accef4fff0a0d9fbe7bb0dcfeaa319e526367258
Tags: 32elfmiraimotorola
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: z0FwvGSnDF Virustotal: Detection: 52% Perma Link
Source: z0FwvGSnDF ReversingLabs: Detection: 54%
Source: unknown TCP traffic detected without corresponding DNS query: 62.101.96.107
Source: unknown TCP traffic detected without corresponding DNS query: 89.108.182.73
Source: unknown TCP traffic detected without corresponding DNS query: 27.207.129.233
Source: unknown TCP traffic detected without corresponding DNS query: 212.64.174.180
Source: unknown TCP traffic detected without corresponding DNS query: 193.204.194.25
Source: unknown TCP traffic detected without corresponding DNS query: 218.3.209.122
Source: unknown TCP traffic detected without corresponding DNS query: 116.234.228.208
Source: unknown TCP traffic detected without corresponding DNS query: 121.134.140.247
Source: unknown TCP traffic detected without corresponding DNS query: 121.134.140.247
Source: unknown TCP traffic detected without corresponding DNS query: 27.207.129.233
Source: unknown TCP traffic detected without corresponding DNS query: 112.95.114.170
Source: unknown TCP traffic detected without corresponding DNS query: 27.207.129.233
Source: unknown TCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknown TCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknown TCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknown TCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknown TCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknown TCP traffic detected without corresponding DNS query: 69.162.158.5

System Summary:

barindex
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal48.lin@0/2@0/0

Malware Analysis System Evasion:

barindex
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/z0FwvGSnDF (PID: 4573) Queries kernel information via 'uname': Jump to behavior
Source: /usr/share/apport/apport-gtk (PID: 4618) Queries kernel information via 'uname': Jump to behavior
Source: /usr/share/apport/apport-gtk (PID: 4645) Queries kernel information via 'uname': Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs