XPost: alt.comp.os.windows-10   
   From: dwhodgins@nomail.afraid.org   
      
   On Sun, 28 Jul 2024 09:01:45 -0400, Paul  wrote:   
      
   > What could it be ?   
   >   
   > A Surprise Cake ??? A 12MB POC Surprise Cake ?   
      
   It is an ELF exectuable.   
   $ file numbers   
   numbers: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically   
   linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32,   
   BuildID[sha1]=6a2dbcf02501d226c1f4a63708dc055a48fc158b, stripped   
      
   Looking at "strings numbers", one of the error messages is   
   "Failed to initialize PAL layer", which based on what I can find in searches   
   is most likely due to a problem trying to flash the firmware on a pre uefi   
   system.   
      
   Given that and the strings for error messages related to UEFI, combined with   
   the With the vm blocking, it looks like a ploy to see if they can find any   
   linux users dumb enough to install a root kit on their hardware.   
      
   I'm surprised they didn't bother encrypting the executable, not that it would   
   help convince anyone to run the untrusted executable.   
      
   The user posting as Murry is either hoping for a few stupid readers dumb enough   
   to run the program as root, or Murry is testing our response to AI generated   
   malware.   
      
   The strings output does have some stuff that looks like AI generated filler.   
      
   My guess is Murry asked an AI to generate a linux root kit with a size   
   specified.   
      
   Regards, Dave Hodgins   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)