Linux Analysis Report OisIh0q3Gw

Overview

General Information

Sample Name:	OisIh0q3Gw
Analysis ID:	553484
MD5:	011afa25945a1bfa6c8397da5116ea79
SHA1:	b02c0da3cecab99eae0aac2beb18e43fd73ec8f7
SHA256:	db4e62a9609a515112f043e3ece5998c66d6eb8d5d3766719defb143cfffe31e
Tags:	32elfmirairenesas
Infos:
Most interesting Screenshot:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Sample tries to kill multiple processes (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Executes the "rm" command used to delete files or directories

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample has stripped symbol table

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: OisIh0q3Gw	Virustotal: Detection: 54%			Perma Link
Source: OisIh0q3Gw	ReversingLabs: Detection: 62%

Networking:

Sample listens on a socket

Source: /tmp/OisIh0q3Gw (PID: 5221)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	Socket: 0.0.0.0::80	Jump to behavior

Source: motd-news.31.dr

String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

System Summary:

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/OisIh0q3Gw (PID: 5221)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2275, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2281, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2285, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2294, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 5221, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 5230, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5333)	SIGKILL sent: pid: 5331, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5359)	SIGKILL sent: pid: 5357, result: successful	Jump to behavior

Sample tries to kill a process (SIGKILL)

Source: /tmp/OisIh0q3Gw (PID: 5221)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2275, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2281, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2285, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 2294, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 5221, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	SIGKILL sent: pid: 5230, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5333)	SIGKILL sent: pid: 5331, result: successful	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5359)	SIGKILL sent: pid: 5357, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal52.spre.lin@0/1@0/0

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5221)	File opened: /proc/904/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/5144/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/5146/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1582/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2033/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2275/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/3088/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1612/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1579/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1699/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1335/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1698/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2028/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1334/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1576/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2302/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/3236/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2025/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2146/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/910/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/912/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/759/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/517/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2307/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/918/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/5030/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/4460/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/4461/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1594/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2285/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2281/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1349/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1623/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/761/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1622/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/884/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1983/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2038/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1344/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1465/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1586/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1860/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1463/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2156/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/801/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1629/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/4458/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/4459/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1627/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1900/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/3021/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/491/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2294/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/2050/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1877/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/772/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1633/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1599/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/1632/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/774/exe	Jump to behavior
Source: /tmp/OisIh0q3Gw (PID: 5226)	File opened: /proc/774/fd	Jump to behavior

Executes the "rm" command used to delete files or directories

Source: /usr/bin/dash (PID: 5247)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.44aCm1an2s /tmp/tmp.MG72tyDHko /tmp/tmp.Y5mAFBQOFz

Jump to behavior

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/OisIh0q3Gw (PID: 5219)

Queries kernel information via 'uname':

Jump to behavior

Source: OisIh0q3Gw, 5367.1.0000000096d9f178.00000000bcdc5fcc.rw-.sdmp	Binary or memory string: (V/sh4/0 /proc/491/fd/69!/proc/777/fd/22/sh4/pro1/proc/2242/exe/sh4/0!/proc/491/fd/70!/proc/777/fd/19/sh4/pro1/usr/bin/vmtoolsdh4/0!/proc/491/fd/71!/proc/777/fd/18/sh4/pro1@5-
Source: OisIh0q3Gw, 5219.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5221.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5222.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5367.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5228.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5230.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5331.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5333.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5357.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5359.1.00000000bba3d767.0000000096d9f178.rw-.sdmp	Binary or memory string: (V5!/etc/qemu-binfmt/sh4
Source: OisIh0q3Gw, 5219.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5221.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5222.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5367.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5367.1.0000000096d9f178.00000000bcdc5fcc.rw-.sdmp, OisIh0q3Gw, 5228.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5230.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5331.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5333.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5357.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5359.1.00000000052645ab.000000000c2048ea.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: OisIh0q3Gw, 5367.1.0000000096d9f178.00000000bcdc5fcc.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: OisIh0q3Gw, 5367.1.0000000096d9f178.00000000bcdc5fcc.rw-.sdmp	Binary or memory string: (V/sh4/ro10 /usr/bin/qemu-sh4!/proc/797/fd/331@
Source: OisIh0q3Gw, 5219.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5221.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5222.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5367.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5228.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5230.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5331.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5333.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5357.1.00000000bba3d767.0000000096d9f178.rw-.sdmp, OisIh0q3Gw, 5359.1.00000000bba3d767.0000000096d9f178.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: OisIh0q3Gw, 5219.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5221.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5222.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5367.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5228.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5230.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5331.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5333.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5357.1.00000000052645ab.000000000c2048ea.rw-.sdmp, OisIh0q3Gw, 5359.1.00000000052645ab.000000000c2048ea.rw-.sdmp	Binary or memory string: a*x86_64/usr/bin/qemu-sh4/tmp/OisIh0q3GwSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/OisIh0q3Gw

Screenshots

Network Map

No contacted IP infos

ID:	553484
Product:	CloudBasic
Start time:	01:07:10
Start date:	15.01.2022
Sample:	OisIh0q3Gw
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	011afa25945a1bfa6c8397da5116ea79
SHA1:	b02c0da3cecab99eae0aac2beb18e43fd73ec8f7
SHA256:	db4e62a9609a515112f043e3ece5998c66d6eb8d5d3766719defb143cfffe31e
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report OisIh0q3Gw

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Malware Analysis System Evasion:

Screenshots

Network Map