Play interactive tourEdit tour
Linux Analysis Report 7EUcDDmmRE
Overview
General Information
Sample Name: | 7EUcDDmmRE |
Analysis ID: | 452455 |
MD5: | ec4637f5d716f29fd464b15e1c499a5a |
SHA1: | b02af8052352d60b686b3224192f132be747e331 |
SHA256: | 737429af897437fc5315d8861d92502477a801bcd59526f10f30d78b96d88b0a |
Tags: | 32armelfmirai |
Infos: |
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Analysis Advice |
---|
Exit code information suggests that the sample terminated abnormally, try to lookup the sample's target architecture |
Non-zero exit code suggests an error during the execution. Lookup the error code for hints. |
Static ELF header machine description suggests that the sample might not execute correctly on this machine |
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 452455 |
Start date: | 22.07.2021 |
Start time: | 11:36:52 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 7EUcDDmmRE |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal52.evad.lin@0/2@0/0 |
Process Tree |
---|
|
Yara Overview |
---|
No yara matches |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | String found in binary or memory: |
Source: | Program segment: |
Source: | Classification label: |
Data Obfuscation: |
---|
Sample is packed with UPX | Show sources |
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Obfuscated Files or Information1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Malware Configuration |
---|
No configs have been found |
---|
Behavior Graph |
---|
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
40% | ReversingLabs | Linux.Trojan.Mirai |
Dropped Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
Runtime Messages |
---|
Command: | /tmp/7EUcDDmmRE |
Exit Code: | 139 |
Exit Code Info: | SIGSEGV (11) Segmentation fault invalid memory reference |
Killed: | False |
Standard Output: | |
Standard Error: | qemu: uncaught target signal 11 (Segmentation fault) - core dumped |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | /usr/share/apport/apport-checkreports |
File Type: | |
Category: | dropped |
Size (bytes): | 14915 |
Entropy (8bit): | 4.687533212555657 |
Encrypted: | false |
SSDEEP: | 96:G8ck5w+6bplfn4RPfnw4AsKaRdfbvD+HPeKS+muJLOuPWEc+PI9d4YXrM:G/ARPfnw4AsDR8PeD+m2PWEc+PILhbM |
MD5: | 32D9EBEF40AA72B72A288B28D4B4DDA2 |
SHA1: | 5F6D01001F61456508137C5B08C4750118258D48 |
SHA-256: | AA4FF4D879538ED4B8615C1D6F3A6EE3918EF8C47E9C836907E0C817032550A6 |
SHA-512: | 5D84FDED4D780128BADC42F9159074E763F53F59FE0AAFBDBD9C66F96A988FC6DA8361F74B5C7918D08340F822A4885BDD88BA772F27CB3D45FC10CB399148BB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /usr/share/apport/apport-gtk |
File Type: | |
Category: | dropped |
Size (bytes): | 47094 |
Entropy (8bit): | 4.4957982542122705 |
Encrypted: | false |
SSDEEP: | 768:Ki2/4/l/a/J/YYp1a72U7wn4IwxP4MBJ+Cge://l/a/J/bU7FIwxP4MBJ+Cge |
MD5: | 0213F864224D719E30773752FB0B2F7F |
SHA1: | E68B244F8658B304A95C3CEB75A64C3E670252BF |
SHA-256: | 24B8DB0263CBF2D8B22C1E772221538A06BE5E1E39C38A9068771D44EBEE2B9C |
SHA-512: | EB2D76C08BDCEE0DB116EA71CF2893B804D46CF1E2B8FE3224F6B5F07A9B65FC93CE190F342A192AA5CB9920FF2344511977C10B9B4C0A6406F53B577FA1FE57 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.94626883299982 |
TrID: |
|
File name: | 7EUcDDmmRE |
File size: | 29464 |
MD5: | ec4637f5d716f29fd464b15e1c499a5a |
SHA1: | b02af8052352d60b686b3224192f132be747e331 |
SHA256: | 737429af897437fc5315d8861d92502477a801bcd59526f10f30d78b96d88b0a |
SHA512: | 378d232e9e4c5834bfb4ce7f9117d83a90f4fcc7abe3d98c58eed05622e54c78e4d71a4e68502e735f1301c1b4b31b9afa8be45004eb877ab4f5fd59bf69be27 |
SSDEEP: | 768:vusHfRavjynNKnjFcZIhQzhKMXgj9q3UEL7v:HRwynNIOQQ1KMwiL7 |
File Content Preview: | .ELF..............(.........4...........4. ...(......................q...q...............'...'...'..................Q.td...............................OUPX!....................S..........?.E.h;....#..$..1)....tX....K.....E...%.FF..7.|.l]Z... ._......+.. . |
Static ELF Info |
---|
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Program Segments |
---|
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0x71ed | 0x71ed | 4.0285 | 0x5 | R E | 0x8000 | ||
LOAD | 0x2780 | 0x22780 | 0x22780 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Network Behavior |
---|
No network behavior found |
---|
System Behavior |
---|
General |
---|
Start time: | 11:37:24 |
Start date: | 22/07/2021 |
Path: | /tmp/7EUcDDmmRE |
Arguments: | /usr/bin/qemu-arm /tmp/7EUcDDmmRE |
File size: | 29464 bytes |
MD5 hash: | ec4637f5d716f29fd464b15e1c499a5a |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /sbin/upstart |
Arguments: | n/a |
File size: | 0 bytes |
MD5 hash: | 00000000000000000000000000000000 |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | /bin/sh -e /proc/self/fd/9 |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/date |
Arguments: | date |
File size: | 68464 bytes |
MD5 hash: | 54903b613f9019bfca9f5d28a4fff34e |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /usr/share/apport/apport-checkreports |
Arguments: | /usr/bin/python3 /usr/share/apport/apport-checkreports --system |
File size: | 1269 bytes |
MD5 hash: | 1a7d84ebc34df04e55ca3723541f48c9 |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /sbin/upstart |
Arguments: | n/a |
File size: | 0 bytes |
MD5 hash: | 00000000000000000000000000000000 |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | /bin/sh -e /proc/self/fd/9 |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/date |
Arguments: | date |
File size: | 68464 bytes |
MD5 hash: | 54903b613f9019bfca9f5d28a4fff34e |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /usr/share/apport/apport-gtk |
Arguments: | /usr/bin/python3 /usr/share/apport/apport-gtk |
File size: | 23806 bytes |
MD5 hash: | ec58a49a30ef6a29406a204f28cc7d87 |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /sbin/upstart |
Arguments: | n/a |
File size: | 0 bytes |
MD5 hash: | 00000000000000000000000000000000 |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | /bin/sh -e /proc/self/fd/9 |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/date |
Arguments: | date |
File size: | 68464 bytes |
MD5 hash: | 54903b613f9019bfca9f5d28a4fff34e |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 4 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
General |
---|
Start time: | 11:37:25 |
Start date: | 22/07/2021 |
Path: | /usr/share/apport/apport-gtk |
Arguments: | /usr/bin/python3 /usr/share/apport/apport-gtk |
File size: | 23806 bytes |
MD5 hash: | ec58a49a30ef6a29406a204f28cc7d87 |