Source: 520VcHQQj7.elf |
ReversingLabs: Detection: 47% |
Source: 520VcHQQj7.elf |
Virustotal: Detection: 54% |
Perma Link |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 34.249.145.219 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 34.249.145.219 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 34.249.145.219 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 34.249.145.219 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 39242 |
Source: unknown |
Network traffic detected: HTTP traffic on port 43928 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 33608 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 39242 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 42836 -> 443 |
Source: ELF static info symbol of initial sample |
.symtab present: no |
Source: classification engine |
Classification label: mal56.linELF@0/0@0/0 |
Source: /usr/bin/dash (PID: 6277) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.VvlajSV6vl /tmp/tmp.ifOWL5gyno /tmp/tmp.8UBmpxyLbq |
Jump to behavior |
Source: /usr/bin/dash (PID: 6278) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.VvlajSV6vl /tmp/tmp.ifOWL5gyno /tmp/tmp.8UBmpxyLbq |
Jump to behavior |
Source: /tmp/520VcHQQj7.elf (PID: 6215) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: 520VcHQQj7.elf, 6215.1.00007ffc5f27f000.00007ffc5f2a0000.rw-.sdmp |
Binary or memory string: qemu: %s: %s |
Source: 520VcHQQj7.elf, 6215.1.00007ffc5f27f000.00007ffc5f2a0000.rw-.sdmp |
Binary or memory string: leqemu: %s: %s |
Source: 520VcHQQj7.elf, 6215.1.0000560daf661000.0000560daf78f000.rw-.sdmp |
Binary or memory string: Vrg.qemu.gdb.arm.sys.regs"> |
Source: 520VcHQQj7.elf, 6215.1.0000560daf661000.0000560daf78f000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/arm |
Source: 520VcHQQj7.elf, 6215.1.00007ffc5f27f000.00007ffc5f2a0000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-arm |
Source: 520VcHQQj7.elf, 6215.1.0000560daf661000.0000560daf78f000.rw-.sdmp |
Binary or memory string: V!/etc/qemu-binfmt/arm |
Source: 520VcHQQj7.elf, 6215.1.0000560daf661000.0000560daf78f000.rw-.sdmp |
Binary or memory string: rg.qemu.gdb.arm.sys.regs"> |
Source: 520VcHQQj7.elf, 6215.1.00007ffc5f27f000.00007ffc5f2a0000.rw-.sdmp |
Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/520VcHQQj7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/520VcHQQj7.elf |