Geeks for your information Security Independent Organizations Reports v
VirusTotal Multisandbox+= ELF DIGEST
VirusTotal Multisandbox+= ELF DIGEST
harlan4096 Online
MalWare Zoo Team
*******
Posts: 14,998
Threads: 9,765
Thanks Received: 9,132 in 7,284 posts
Thanks Given: 9,953
Joined: 12 September 18
#1
Bug  19 April 22, 06:34 (This post was last modified: 19 April 22, 06:34 by harlan4096.)
Quote:
[Image: Logo_VT_Horizontal.png]


VirusTotal welcomes ELF DIGEST, the first integrated multi-sandox fully dedicated to only processing linux files. This addition helps put the spotlight on linux malware.

In the words of the founder Tolijan Trajanovski:
 
Quote:ELF DIGEST is a cloud-based Linux malware analysis service provided to security researchers, analysts, and academics. The service performs static, behavioral, and network analysis to extract IoCs and IoAs. The static analysis searches for IoCs in the strings and may also identify obfuscation in the form of string encoding and executable packing. The behavioral analysis can recognize various malicious actions, including VM detection, anti-debugging, persistence, process injection, loading of kernel modules, firewall configuration changes, and others. The network analysis can identify C2 endpoints, resolved domains, HTTP requests, and port scanning. In addition, ELF DIGEST utilizes the open-source malware labeling tool AvClass to determine the most probable malware family the analyzed sample belongs to. The currently supported CPU architectures include ARMv5, ARMv7, MIPS, x86 and x86_64. The detailed findings of the analysis are presented in an aggregated view and can be also downloaded as a JSON report.

 Let's take a deeper dive on some samples:

 Botnet on ARM with iptables kernel modulesThis sample is part of the Mirai botnet. At the top of the report we can see the network communication, possibly the command and control server.

 [Image: xyVrplCp9z3rAL6kaae_NMg0c0QeqJA8xN5Hb9Lr...4zKnTvPVFs] 

In the shell commands we can observe the iptables firewall stopped and tables flushed. This would allow the malware to communicate without the firewall obstructing it.

[Image: A8mMHEoAjlAtpOcPxEFpFtUQtoq06WPhw-e9pkT2...JHmy7-sFUM]

The linux kernel modules being loaded, which are most likely related to the iptables command line interactions.

[Image: Ds5d6_aCAUpVDZ0bSPM2bWoqqNz0LMU_XA0eP_RO...AekbQlgbAE]

We can explore other pivots either on the relationships tab, or within VirusTotal Graph. Here we can see more details with respect to the command and control infrastructure as well as relations to other files, URL, and IPs.
...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Surfshark Antivirus Video
Surfshark Antivirus_...jasonX — 05:09
K-Lite Codec Pack 19.1.0 / 19.1.1 Update
Changes in 19.1.1 ...harlan4096 — 07:00
Manjaro Linux 25.0.6 Build 250730
Manjaro Linux 25.0...harlan4096 — 06:57
Brave 1.80.125
Release Channel 1....harlan4096 — 06:55
Vivaldi 7.5 Build 3735.58
Vivaldi 7.5 Build ...harlan4096 — 06:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (41)schanumget
avatar (49)apertosibBip
avatar (43)MatthewTop
avatar (47)RussellRuigh
avatar (54)isyqop
avatar (44)AntoineLer
avatar (38)prefenouff
avatar (39)emogig
avatar (47)riafootgtap
avatar (38)fixlnub
avatar (45)greencek
avatar (46)floraJoumn
avatar (41)Isabelle88Nes
avatar (41)ferpuMip
avatar (38)kinotExaro
avatar (50)HerbertPab
avatar (47)Susanskymn
avatar (41)stepaRurry
avatar (37)torieyang
avatar (44)WilsonHep
avatar (43)pironfub
avatar (38)trafgawark
avatar (46)MichaelPlaup
avatar (50)oskasGok
avatar (39)hattiepn1
avatar (39)JasonSoult
avatar (36)hyxamuc
avatar (25)Arshi1

[-]
Online Staff
There are no staff members currently online.

>