Source: oZ1FoDBdOx |
Virustotal: Detection: 57% |
Perma Link |
Source: oZ1FoDBdOx |
ReversingLabs: Detection: 57% |
Source: ELF static info symbol of initial sample |
FILE: /home/firmware/build/temp-sh4/gcc-core/gcc/config/sh/lib1funcs.asm |
Source: ELF static info symbol of initial sample |
FILE: /home/firmware/build/temp-sh4/gcc-core/gcc/config/sh/lib1funcs.asm |
Source: ELF static info symbol of initial sample |
FILE: /home/firmware/build/temp-sh4/gcc-core/gcc/config/sh/lib1funcs.asm |
Source: ELF static info symbol of initial sample |
FILE: libc/string/sh/sh4/memcpy.S |
Source: ELF static info symbol of initial sample |
FILE: libc/sysdeps/linux/sh/crt1.S |
Source: ELF static info symbol of initial sample |
FILE: libc/sysdeps/linux/sh/crti.S |
Source: ELF static info symbol of initial sample |
FILE: libc/sysdeps/linux/sh/crtn.S |
Source: ELF static info symbol of initial sample |
FILE: libc/sysdeps/linux/sh/vfork.S |
Source: classification engine |
Classification label: mal48.lin@0/0@0/0 |
Source: oZ1FoDBdOx |
Joe Sandbox Cloud Basic: Detection: clean Score: 0 |
Perma Link |
Source: /tmp/oZ1FoDBdOx (PID: 5297) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: oZ1FoDBdOx, 5297.1.00000000a6705690.0000000068b1c85c.rw-.sdmp |
Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/oZ1FoDBdOxSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/oZ1FoDBdOx |
Source: oZ1FoDBdOx, 5297.1.00000000a6705690.0000000068b1c85c.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-sh4 |
Source: oZ1FoDBdOx, 5297.1.000000006166b501.00000000c51bd2cb.rw-.sdmp |
Binary or memory string: U5!/etc/qemu-binfmt/sh4 |
Source: oZ1FoDBdOx, 5297.1.000000006166b501.00000000c51bd2cb.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/sh4 |