Linux Analysis Report
SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf

Overview

General Information

Sample name:	SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf
Analysis ID:	1417152
MD5:	faf2bce1b9228c738be3f86f031f9ee4
SHA1:	30ab66cbb7d2c1d9dd81ee289ead623f3f541327
SHA256:	5353127308732b5a30d96259d0448c5bf92fba25ebc73bfea014f11cebb21990
Tags:	elf
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample and/or dropped files likely contain functionality related to malicious behavior

Detected TCP or UDP traffic on non-standard ports

Sample and/or dropped files contains symbols with suspicious names

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	Virustotal: Detection: 54%			Perma Link
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ReversingLabs: Detection: 50%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:57058 -> 91.92.249.202:62659

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: to unallocated span \| awk '{print $2}')/usr/share/zoneinfo/37252902984619140625Egyptian_HieroglyphsIDS_Trinary_OperatorInsufficient StorageMAX_HEADER_LIST_SIZEMeroitic_HieroglyphsRequest URI Too LongSIGALRM: alarm clockSIGTERM: terminationSeek: invalid offsetSeek: invalid whenceTerminal_PunctuationUnprocessable Entity__vdso_clock_gettimeasn1: syntax error: assigned stream ID 0bad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpcertificate requiredchan send (nil chan)close of nil channelconn_close_lost_pingconnection error: %sconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorframe_settings_mod_6getCert can't be nilgo of nil func valuegopark: bad g statusgzip: invalid headerheader line too longhttp2: stream closedhttps://blitz.gg/lolhttps://buff.market/https://colyseus.io/https://csgo500.com/https://de.pons.com/https://skin.club/enhttps://twitter.com/https://win.gg/csgo/https://www.gog.com/https://www.hpb.com/https://www.ign.com/https://www.tcm.com/invalid DNS responseinvalid UTF-8 stringinvalid integer typeinvalid request codeinvalid write resultis a named type filekey has been revokedmalloc during signalnotetsleep not on g0number has no digitsout is not a pointerp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubruntime: double waitruntime: pipe failedruntime: unknown pc selectgo: bad wakeupsemaRoot rotateRightstopped (tty output)time: invalid numbertrace: out of memoryunexpected IP lengthunexpected network: unknown PSK identityunknown address typeurgent I/O conditionwirep: already in goworkbuf is not emptywrite of Go pointer x509: malformed spki of unexported method pcHeader.textStart= previous allocCount=, levelBits[level] = /proc/self/setgroups equals www.twitter.com (Twitter)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: to unallocated span \| awk '{print $2}')/usr/share/zoneinfo/37252902984619140625Egyptian_HieroglyphsIDS_Trinary_OperatorInsufficient StorageMAX_HEADER_LIST_SIZEMeroitic_HieroglyphsRequest URI Too LongSIGALRM: alarm clockSIGTERM: terminationSeek: invalid offsetSeek: invalid whenceTerminal_PunctuationUnprocessable Entity__vdso_clock_gettimeasn1: syntax error: assigned stream ID 0bad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpcertificate requiredchan send (nil chan)close of nil channelconn_close_lost_pingconnection error: %sconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorframe_settings_mod_6getCert can't be nilgo of nil func valuegopark: bad g statusgzip: invalid headerheader line too longhttp2: stream closedhttps://blitz.gg/lolhttps://buff.market/https://colyseus.io/https://csgo500.com/https://de.pons.com/https://skin.club/enhttps://twitter.com/https://win.gg/csgo/https://www.gog.com/https://www.hpb.com/https://www.ign.com/https://www.tcm.com/invalid DNS responseinvalid UTF-8 stringinvalid integer typeinvalid request codeinvalid write resultis a named type filekey has been revokedmalloc during signalnotetsleep not on g0number has no digitsout is not a pointerp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubruntime: double waitruntime: pipe failedruntime: unknown pc selectgo: bad wakeupsemaRoot rotateRightstopped (tty output)time: invalid numbertrace: out of memoryunexpected IP lengthunexpected network: unknown PSK identityunknown address typeurgent I/O conditionwirep: already in goworkbuf is not emptywrite of Go pointer x509: malformed spki of unexported method pcHeader.textStart= previous allocCount=, levelBits[level] = /proc/self/setgroups186264514923095703125931322574615478515625Anatolian_HieroglyphsInscriptional_PahlaviInternal Server ErrorOther_Grapheme_ExtendPrecondition RequiredRoundTrip failure: %vUNKNOWN_FRAME_TYPE_%dUnhandled Setting: %v_cgo_unsetenv missingasync stack too largebad type in compare: block device requiredbufio: negative countcheckdead: runnable gcommand not supportedconcurrent map writesdecompression failuredefer on system stackexec: already startedfindrunnable: wrong pframe_ping_has_streamhttp: Handler timeouthttp: nil Request.URLhttps://505games.com/https://bookshop.org/https://csgoskins.gg/https://csgostats.gg/https://forum.cfx.re/https://justfall.lol/https://senpai.gg/lolhttps://valoplant.gg/https://www.friv.com/https://www.hltv.org/https://www.kasd.org/https://www.lulu.com/https://www.nyrb.com/https://zone.msn.com/invalid NumericStringinvalid scalar lengthkey is not comparablelink has been severedlocalhost.localdomainnegative shift amountnet/http: nil Contextpackage not installedpanic on system stackparsenetlinkrouteattrpreempt at unknown pcread-only file systemreflect.Value.Complexreflect.Value.Pointerreflect.Value.SetUintreleasep: invalid argruntime: confused by
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorTime.UnmarshalBinary: unsupported versionasn1: internal error in parseTagAndLengthattempted to add zero-sized address rangebinary: varint overflows a 64-bit integerbytes.Buffer.WriteTo: invalid Write countbytes.Reader.WriteTo: invalid Write countcan't call pointer on a non-pointer Valuecrypto/md5: invalid hash state identifiergcSweep being done but phase is not GCoffhttp2: invalid Upgrade request header: %qhttp2: no cached connection was availablehttps://app.mobalytics.gg/valorant/searchhttps://de.top-games.net/search?keywords=https://downdetector.com/status/valorant/https://liquipedia.net/valorant/Main_Pagehttps://unity.com/solutions/build-backendhttps://www.dictionary.com/browse/lolved=https://www.facebook.com/leagueoflegends/https://www.fiverr.com/search/gigs?query=https://www.flickr.com/photos/lolesports/https://www.games.co.uk/games/multiplayerhttps://www.instagram.com/csgo_dev/?hl=enhttps://www.oculus.com/experiences/quest/https://www.pinterest.com/search/pins/?q=https://www.reddit.com/r/leagueoflegends/https://www.snokido.com/games/multiplayerhttps://www.thefreedictionary.com/streamshttps://www.usanetwork.com/movies/popularhttps://www.wsj.com/news/books-arts/bookshttps://yandex.com/games/category/puzzlesidna: internal error in punycode encodinginvalid value length: expected %d, got %dmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freenet/url: invalid control character in URLobjects added out of order or overlappingreflect.Value.Addr of unaddressable valueruntime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt basetime: Reset called on uninitialized Timertls: internal error: unsupported key (%T)transport got GOAWAY with error code = %vunexpected call to os.Exit(0) during testx509: cannot parse URI %q: invalid domain received but handler not on signal stack equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: GODEBUG: no value specified for "SIGCHLD: child status has changedSIGTTIN: background read from ttySIGXFSZ: file size limit exceededbad point length: %d, expected %dbytes.Buffer.Grow: negative countconcurrent map read and map writeconnection not allowed by rulesetcrypto/aes: output not full blockcrypto/des: output not full blockcrypto: requested hash function #findrunnable: negative nmspinningframe_pushpromise_promiseid_shortfreeing stack not in a stack spanheapBitsSetType: unexpected shifthttp2: invalid pseudo headers: %vhttp2: recursive push not allowedhttp: CloseIdleConnections calledhttp: invalid Read on closed Bodyhttps://activeplayer.io/valorant/https://discord.com/invite/csgofrhttps://gaming.gentside.com/csgo/https://github.com/whatwg/streamshttps://lagged.com/en/multiplayerhttps://poki.com/en/online-worldshttps://twitter.com/hashtag/bookshttps://upcomer.com/category/csgohttps://www.betterworldbooks.com/https://www.dexerto.com/valorant/https://www.exclusivebooks.co.za/https://www.gta5-mods.com/search/https://www.mapban.gg/fr/ban/csgohttps://www.pcgamesn.com/valoranthttps://www.reactive-streams.org/https://www.sentinels.gg/valoranthttps://www.theguardian.com/bookshttps://www.theguardian.com/gameshttps://www.tumblr.com/search/arsindefinite length found (not DER)invalid username/password versionleafCounts[maxBits][maxBits] != nmin must be a non-zero power of 2misrounded allocation in sysAllocnet/http: skip alternate protocolpad size larger than data payloadpseudo header field after regularreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: slice index out of rangeruntime: castogscanstatus oldval=runtime: epollcreate failed with runtime: failed mSpanList.insert runtime: goroutine stack exceeds runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangescalar has high bit set illegallyslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingstruct contains unexported fieldssync: RUnlock of unlocked RWMutextimer period must be non-negativetls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangetoo many Answers to pack (>65535)too many levels of symbolic linksunaligned 64-bit atomic operationunsupported transfer encoding: %qwaiting for unsupported file typex509: SAN rfc822Name is malformedx509: invalid RSA public exponentx509: invalid basic constraints ax509: invalid basic constraints bx509: invalid basic constraints cx509: invalid extended key usages%s %q is excluded by constraint %q/etc/ssl/certs/ca-certificates.crt3552713678800500929355621337890625: day-of-year does not match monthOther_Default_Ignorable_Code_PointSIGURG: urgent condition on socketTLS 1.3, client CertificateVerify equals www.twitter.com (Twitter)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: bytes.Buffer: reader returned negative count from Readcryptobyte: Builder is exceeding its fixed-size buffergcControllerState.findRunnable: blackening not enabledhttp: Request.Write on Request with no Host or URL sethttps://support-leagueoflegends.riotgames.com/hc/en-ushttps://www.amazon.com/Games/b?ie=UTF8&node=9209902011https://www.independent.co.uk/arts-entertainment/bookshttps://www.pinterest.com/pin/lol--830843831236999536/https://www.theloadout.com/league-of-legends/lol-rankshttps://www.tutorialspoint.com/java8/java8_streams.htmname is not in canonical format (it must end with a .)net/http: can't write control character in Request.URLno goroutines (main called runtime.Goexit) - deadlock!read loop ending; caller owns writable underlying conntls: certificate used with invalid signature algorithmtls: server resumed a session with a different versionx509: cannot verify signature: algorithm unimplementedx509: invalid RDNSequence: invalid attribute value: %sbufio.Scanner: SplitFunc returns negative advance countcasfrom_Gscanstatus:top gp->status is not in scan statecipher.NewCBCDecrypter: IV length must equal block sizecipher.NewCBCEncrypter: IV length must equal block sizegentraceback callback cannot be used with non-zero skiphttps://fr.bab.la/dictionnaire/anglais-francais/streamshttps://support.google.com/youtube/answer/2853834?hl=enhttps://www.gamekult.com/jeux/project-a-3050881401.htmlhttps://www.nationalgeographic.org/encyclopedia/stream/https://www.sciencedirect.com/browse/journals-and-bookshttps://www.statista.com/topics/4266/league-of-legends/net/http: invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionos: invalid use of WriteAt on file opened with O_APPENDreflect: internal error: invalid use of makeMethodValuetls: internal error: handshake should have had a resultx509: failed to load system roots and no roots providedx509: too many intermediates for path length constraintb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34http2: request body larger than specified content lengthhttp2: response header list larger than advertised limithttp: Request.RequestURI can't be set in client requestshttps://screencrush.com/best-x-rated-nc-17-rated-movies/https://www.g2g.com/categories/league-of-legends-accounthttps://www.pcgamer.com/gsgo-kart-is-csgo-with-go-karts/https://www.redbull.com/fr-fr/valorant-pearl-carte-guidehttps://www.reviews.org/au/games/best-multiplayer-games/in gcMark expecting to see gcphase as _GCmarkterminationnon-empty pointer map passed for non-pointer-size valuesprofilealloc called without a P or outside bootstrappingstrings: illegal use of non-zero Builder copied by valuex509: internal error: empty chain when appending CA certgentraceback cannot trace user goroutine on its own stackhttps://leagueoflegends.fandom.com/wiki/League_of_Legendshttps://parade.com/1012420/n
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: fmt: unknown base; can't happenframe_headers_prio_weight_shorthttp2: connection error: %v: %vhttps://bigclan.gg/teams/cs-go/https://dotesports.com/valoranthttps://fnatic.com/esports/csgohttps://fritz-martin.com/fivem/https://lolesports.com/live/lflhttps://stadia.google.com/gameshttps://www.addictinggames.com/https://www.barnesandnoble.com/https://www.bookdepository.com/https://www.booksfromfrance.fr/https://www.buff.game/valorant/https://www.chroniclebooks.com/https://www.eclypsia.com/fr/lolhttps://www.esports.com/en/csgohttps://www.facebook.com/games/https://www.game-insight.com/enhttps://www.hoyts.com.au/movieshttps://www.hulu.com/hub/movieshttps://www.leagueofgraphs.com/https://www.metacritic.com/gamehttps://www.mmorpg.com/valoranthttps://www.orbooks.com/mobile/https://www.parisgamesweek.com/https://www.reddit.com/r/FiveM/https://www.reddit.com/r/Games/https://www.reddit.com/r/books/https://www.scholastic.com/homehttps://www.twoplayergames.org/https://www.vulture.com/movies/internal error - misuse of itabinvalid network interface indexmalformed time zone informationnet/http: TLS handshake timeoutnon in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: split stack overflow: slice bounds out of range [%x:]slice bounds out of range [:%x]tls: failed to sign handshake: tls: no certificates configuredtls: unsupported public key: %Ttoo many authentication methodstoo many transfer encodings: %qx509: certificate is valid for x509: malformed GeneralizedTimex509: malformed subjectUniqueIDx509: malformed tbs certificate (types from different packages)/etc/pki/tls/certs/ca-bundle.crt28421709430404007434844970703125: day-of-year does not match dayAccept-Encoding: gzip, deflate equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: streamSafe was not resetstructure needs cleaningtext/html; charset=utf-8unexpected buffer len=%vunpacking Question.Classx509: malformed validity to unused region of span/proc/sys/kernel/hostname2006-01-02T15:04:05Z07:002910383045673370361328125Content-Transfer-EncodingGODEBUG: can not enable "_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercontext deadline exceededexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Framer %p: read %vhttp2: Request.URI is nilhttp2: invalid header: %vhttp2: unsupported schemehttps://blitz.gg/valoranthttps://de.top-games.net/https://diversebooks.org/https://five-rp.de/fivem/https://gamewave.fr/csgo/https://lichess.org/gameshttps://playvalorant.com/https://porofessor.gg/fr/https://valorant.zing.vn/https://www.abebooks.com/https://www.booksinc.net/https://www.boomplay.com/https://www.csgoroll.com/https://www.doabooks.org/https://www.facebook.com/https://www.fandango.com/https://www.gamespot.com/https://www.gamestop.com/https://www.miniclip.com/https://www.mobafire.com/https://www.nba.com/gameshttps://www.northdata.de/https://www.tf1.fr/streamhttps://www.wob.com/en-gbhttps://yandex.com/games/inconsistent poll.fdMutexinvalid cross-device linkinvalid network interfaceinvalid object identifierinvalid username/passwordmissing stack in newstackmissing traceGCSweepStartnet/url: invalid userinfono answer from DNS serverno buffer space availableno such device or addressno such file or directoryno such network interfaceno suitable address foundoperation now in progressport number out of range read_frame_unexpected_eofreflect.Value.OverflowIntreleasep: invalid p stateremaining pointer buffersresource deadlock avoidedruntime: epollwait on fd runtime: program exceeds runtime equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: strings.Builder.Grow: negative countsyntax error scanning complex numbertls: server did not send a key shareuncaching span but s.allocCount == 0unsupported SSLv2 handshake receivedx509: invalid CRL distribution pointx509: invalid subject key identifierx509: malformed algorithm identifierx509: zero or negative DSA parameter) is smaller than minimum page size (2220446049250313080847263336181640625RoundTrip on uninitialized ClientConn_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!bytes.Buffer: truncation out of rangecannot create context from nil parentcannot exec a shared library directlychacha20poly1305: plaintext too largecipher: message authentication failedcrypto/cipher: incorrect GCM tag sizecrypto/cipher: invalid buffer overlapcrypto/rsa: public exponent too largecrypto/rsa: public exponent too smallcrypto/rsa: unsupported hash functioncrypto: Size of unknown hash functionexplicitly tagged member didn't matchfailed to reserve page summary memoryhttps://dotesports.com/counter-strikehttps://en.wiktionary.org/wiki/streamhttps://escharts.com/tournaments/csgohttps://gloot.com/blog/category/cs-gohttps://gta.fandom.com/wiki/Main_Pagehttps://itch.io/games/tag-multiplayerhttps://north.tech/search-results/?q=https://parsec.app/local-co-op-onlinehttps://store.steampowered.com/games/https://upcomer.com/category/valoranthttps://www.1001games.com/multiplayerhttps://www.codingame.com/multiplayerhttps://www.crazygames.com/c/shootinghttps://www.facebook.com/csgoskinscomhttps://www.imdb.com/title/tt1592873/https://www.nintendo.com/store/games/https://www.pacogames.com/multiplayerhttps://www.taptap.io/tag/MultiplayerlogWorkTime: unknown mark worker modemethod ABI and value ABI do not alignoperation not possible due to RF-killout does not point to an integer typereflect.Value.Bytes of non-byte slicereflect: NumField of non-struct type reflect: funcLayout of non-func type runtime: allocation size out of rangeruntime: netpoll: break fd ready for runtime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptls: unsupported certificate key (%T)too many Additionals to pack (>65535)too many Authorities to pack (>65535)unexpected CONTINUATION for stream %dvalue too large for defined data typex509: RSA key missing NULL parametersx509: invalid CRL distribution pointsx509: malformed extension value field1110223024625156540423631668090820312555511151231257827021181583404541015625addtimer called with initialized timerarg size to reflect.call more than 1GBasn1: Unmarshal recipient value is nilcan not access a needed shared librarychacha20poly1305: ciphertext too largeconcurrent map iteration and map writecrypto/sha256: invalid hash state sizecrypto/sha512: invalid hash state sizeencoding alphabet is not 64-bytes longexpected an Ed25519 public key, got %Tfailed to parse Location header %q: %vgcBgMarkWorker: blackening not enabledhttps://cineuropa.org/fr/video/408844/https://fr.wiktionary.org/wiki/str

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://https://www.dexerto.fr/valorant/valorant-cette-ancienne-fonctionnalite-csgo-ideale-contrer-af
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://lollfl.com/https://fivem.net/https://games.lol/https://proton.me/https://unity.com/https://ww
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://streamsescp.com/https://app.gala.games/https://armorgames.com/https://asd-europe.org/https://
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.baidu.com/search/spider.htm)bufio.Scan:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.gembly.fr/category/multiplayer-gameshttps://artsandculture.google.com/project/gameshttps:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.google.com/adsbot.html)Connection:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.google.com/feedfetcher.html)abiRegArgsType
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.googlebot.com/bot.html)attempt
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://505games.com/https://bookshop.org/https://csgoskins.gg/https://csgostats.gg/https://forum.cf
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://abiosgaming.com/press/valorant-data-and-statistics-balanced-game/https://developer.valvesoft
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://activeplayer.io/valorant/https://discord.com/invite/csgofrhttps://gaming.gentside.com/csgo/h
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://afkgaming.com/csgohttps://movies.disney.com/https://pbskids.org/games/https://playruneterra.
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://app.mobalytics.gg/valorant/searchhttps://de.top-games.net/search?keywords=https://downdetect
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://apps.apple.com/us/app/apple-books/id364709193https://dmarket.com/ingame-items/item-list/csgo
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://apps.apple.com/us/app/league-of-legends-wild-rift/id1480616990https://counterstrike.fandom.c
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://apps.apple.com/us/genre/ios-games/id6014https://liquipedia.net/leagueoflegends/Main_Pagehttp
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://armorgames.com/category/multiplayer-gameshttps://downdetector.fr/statut/league-of-legends/ht
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://astucejeuxps4.com/quel-est-le-rang-le-plus-eleve-de-valorant/https://www.clubic.com/telechar
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://beebom.com/best-multiplayer-games-android/https://www.eldorado.gg/valorant-accounts/a/32-1-0
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://bigclan.gg/teams/cs-go/https://dotesports.com/valoranthttps://fnatic.com/esports/csgohttps:/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blitz.gg/lolhttps://buff.market/https://colyseus.io/https://csgo500.com/https://de.pons.com/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blitz.gg/valoranthttps://de.top-games.net/https://diversebooks.org/https://five-rp.de/fivem/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blix.gg/news/ldn-utd-to-leave-valorant-and-esports-competitive-scenehttps://www.digitaltrend
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blockly.games/https://coregames.com/https://csgo-bets.org/https://csgo.exchange/https://csgo
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blog.playstation.com/2022/08/29/welcoming-savage-game-studios-expanding-our-community/43YuNy
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://books.openedition.org/https://se7en.ws/csgo/?lang=enhttps://trovo.live/games/CS:GOhttps://ww
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://cineuropa.org/fr/video/408844/https://fr.wiktionary.org/wiki/streamshttps://onlinebooks.libr
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://cloud9.gg/teams/csgo/https://felgo.com/multiplayerhttps://gamewave.fr/valorant/https://www.b
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://cs.money/https://csgo.com/https://csgo.net/https://kizi.com/https://mubi.com/https://poki.co
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://dak.gg/valorant/en/https://fivem-store.com/?s=https://games.crossfit.com/https://games.usato
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://de.pons.com/%C3%BCbersetzung/englisch-deutsch/north?bidir=1https://fivem-store.com/?s=as&pos
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Media_Capture_and_Streams_APIhttps://news.xbox.com/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://dictionary.cambridge.org/dictionary/english/streamhttps://gameforge.com/en-US/littlegames/mu
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.htmlhttps://play.google.com
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://docs.confluent.io/platform/current/streams/index.htmlhttps://earlygame.com/lol/teams-qualifi
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://docs.oracle.com/javase/8/docs/api/java/util/stream/package-summary.htmltls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://docs.unrealengine.com/5.0/en-US/networking-and-multiplayer-in-unreal-enginehttps://journaldu
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://dotesports.com/counter-strikehttps://en.wiktionary.org/wiki/streamhttps://escharts.com/tourn
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://downloads.digitaltrends.com/https://invictusgamesfoundation.org/https://kbhgames.com/tag/mul
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://earlygame.com/valorant/lore-story-explainedhttps://universe.flyff.com/fr/intro/free-web-mmor
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://electronics.howstuffworks.com/15-league-of-legends-tips-for-beginners.htmhttps://leaguefeed.
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://fivem-store.com/https://key-drop.com/en/https://olympics.com/en/https://openlibrary.org/http
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://fr.bab.la/dictionnaire/anglais-francais/streamshttps://support.google.com/youtube/answer/285
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://fr.pons.com/traduction/anglais-fran%C3%A7ais/streamshttps://play.google.com/store/apps/categ
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://gamerant.com/xbox-game-pass-best-multiplayer-games/https://www.google.com/intl/en/googlebook
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://gamergen.com/actualites/xbox-game-pass-6-futurs-jeux-humble-games-confirmes-day-one-328977-1
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://github.com/ValveSoftware/csgo-docs/blob/main/major-supplemental-rulebook.md/https://www.pink
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://itch.io/https://pley.gg/https://poro.gg/integer
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://kahoot.com/https://win.gg/lol/https://www.vct.gg/https://www.vlr.gg/if-unmodified-sinceilleg
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://kotaku.com/youtuber-streamer-ishowspeed-ban-valorant-riot-keemstar-1848764368https://www.pol
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://leagueoflegends.fandom.com/wiki/League_of_Legendshttps://parade.com/1012420/nicolepajer/best
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://markiplier.fandom.com/wiki/Category:Online_Multiplayer_Gameshttps://www.eldorado.gg/league-o
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://moviestvnetwork.com/https://store.epicgames.com/https://support.bynorth.com/https://vag.gg/s
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://nofrag.com/valorant-presente-sa-prochaine-carte-fracture/https://steamcommunity.com/sharedfi
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://play.google.com/store/apps/details?id=com.riotgames.league.wildrift&hl=en&gl=UShttps://play.
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://rigorousthemes.com/blog/best-multiplayer-online-games-for-couples/https://www.games-workshop
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://screencrush.com/best-x-rated-nc-17-rated-movies/https://www.g2g.com/categories/league-of-leg
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://screenrant.com/old-multiplayer-video-games-with-active-servers/https://www.esquire.com/lifes
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://support-leagueoflegends.riotgames.com/hc/en-ushttps://www.amazon.com/Games/b?ie=UTF8&node=92
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://thesportsrush.com/valorant-news-valorant-mobile-has-now-entered-testing/https://www.91mobile
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://translate.google.com/translate?hl=en&sl=fr&u=http://lollfl.com/&prev=search&pto=auehttps://w
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://vag.gg/https://wol.gg/invalid
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.activision.com/gameshttps://www.bbc.co.uk/cbbc/gameshttps://www.intechopen.com/bookshttp
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.amazon.fr/Multiplayer-Game-Programming-Architecting-Networked-ebook/dp/B0189RXWJQhttps:/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.bloomberg.com/news/newsletters/2022-08-28/critics-and-fans-have-never-disagreed-more-abo
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.cnbc.com/2022/08/30/sony-sets-up-a-playstation-mobile-gaming-unit-in-push-beyond-console
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.cnet.com/culture/entertainment/netflix-the-44-absolute-best-movies-to-see/https://www.ig
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.eclypsia.com/fr/cs-go/actualites/cs-go-source-2-n-arrivera-pas-pour-l-anniversaire-du-je
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.gamingup.fr/csgo/csgo--top-10-des-joueurs-les-mieux-payes-de-l-histoire-760335applicatio
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.jeuxvideo.com/forums/0-19163-0-1-0-1-0-league-of-legends.htmtls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.npr.org/2020/05/08/852170041/can-riot-games-make-valorant-an-esports-success-signs-point
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.oneesports.gg/league-of-legends/react-new-worlds-2022-trophy/tls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.perforce.com/video-tutorials/vcs/what-perforce-streamstls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.pinnacle.com/fr/esports-hub/betting-articles/league-of-legends/the-different-league-of-l
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.pocket-lint.com/games/news/152432-what-is-valorant-a-guide-to-the-free-to-play-shooter-w
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.progressersurleagueoflegends.fr/guides/prendre-le-meme-set-dobjet-quun-challenger-une-er
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.thenorthface.de/shop/SearchDisplay?catalogId=13505&storeId=7007&langId=-3&searchTerm=NoC
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.tomsguide.com/best-picks/best-nintendo-switch-multiplayer-gamestls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.virginiamercury.com/2022/08/30/judge-throws-out-obscenity-case-attempting-to-restrict-sa

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Sample and/or dropped files likely contain functionality related to malicious behavior

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf

ELF static info symbol of initial sample: crypto/tls.(*Config).writeKeyLog

Sample and/or dropped files contains symbols with suspicious names

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: bufio.(*Scanner).Scan
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: crypto/rand.(*hideAgainReader).Read
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: crypto/rand.hideAgainReader.Read
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: crypto/tls.(*Conn).maxPayloadSizeForWrite
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: crypto/x509.IncorrectPasswordError

Source: classification engine

Classification label: mal60.linELF@0/0@0/0

Source: ELF file section

Submission: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.92.249.202	unknown	Bulgaria	34368	THEZONEBG	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	Virustotal: Detection: 54%			Perma Link
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ReversingLabs: Detection: 50%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:57058 -> 91.92.249.202:62659

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.249.202

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: to unallocated span \| awk '{print $2}')/usr/share/zoneinfo/37252902984619140625Egyptian_HieroglyphsIDS_Trinary_OperatorInsufficient StorageMAX_HEADER_LIST_SIZEMeroitic_HieroglyphsRequest URI Too LongSIGALRM: alarm clockSIGTERM: terminationSeek: invalid offsetSeek: invalid whenceTerminal_PunctuationUnprocessable Entity__vdso_clock_gettimeasn1: syntax error: assigned stream ID 0bad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpcertificate requiredchan send (nil chan)close of nil channelconn_close_lost_pingconnection error: %sconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorframe_settings_mod_6getCert can't be nilgo of nil func valuegopark: bad g statusgzip: invalid headerheader line too longhttp2: stream closedhttps://blitz.gg/lolhttps://buff.market/https://colyseus.io/https://csgo500.com/https://de.pons.com/https://skin.club/enhttps://twitter.com/https://win.gg/csgo/https://www.gog.com/https://www.hpb.com/https://www.ign.com/https://www.tcm.com/invalid DNS responseinvalid UTF-8 stringinvalid integer typeinvalid request codeinvalid write resultis a named type filekey has been revokedmalloc during signalnotetsleep not on g0number has no digitsout is not a pointerp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubruntime: double waitruntime: pipe failedruntime: unknown pc selectgo: bad wakeupsemaRoot rotateRightstopped (tty output)time: invalid numbertrace: out of memoryunexpected IP lengthunexpected network: unknown PSK identityunknown address typeurgent I/O conditionwirep: already in goworkbuf is not emptywrite of Go pointer x509: malformed spki of unexported method pcHeader.textStart= previous allocCount=, levelBits[level] = /proc/self/setgroups equals www.twitter.com (Twitter)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: to unallocated span \| awk '{print $2}')/usr/share/zoneinfo/37252902984619140625Egyptian_HieroglyphsIDS_Trinary_OperatorInsufficient StorageMAX_HEADER_LIST_SIZEMeroitic_HieroglyphsRequest URI Too LongSIGALRM: alarm clockSIGTERM: terminationSeek: invalid offsetSeek: invalid whenceTerminal_PunctuationUnprocessable Entity__vdso_clock_gettimeasn1: syntax error: assigned stream ID 0bad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpcertificate requiredchan send (nil chan)close of nil channelconn_close_lost_pingconnection error: %sconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorframe_settings_mod_6getCert can't be nilgo of nil func valuegopark: bad g statusgzip: invalid headerheader line too longhttp2: stream closedhttps://blitz.gg/lolhttps://buff.market/https://colyseus.io/https://csgo500.com/https://de.pons.com/https://skin.club/enhttps://twitter.com/https://win.gg/csgo/https://www.gog.com/https://www.hpb.com/https://www.ign.com/https://www.tcm.com/invalid DNS responseinvalid UTF-8 stringinvalid integer typeinvalid request codeinvalid write resultis a named type filekey has been revokedmalloc during signalnotetsleep not on g0number has no digitsout is not a pointerp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: read_frame_too_largereflect.Value.SetIntreflect.makeFuncStubruntime: double waitruntime: pipe failedruntime: unknown pc selectgo: bad wakeupsemaRoot rotateRightstopped (tty output)time: invalid numbertrace: out of memoryunexpected IP lengthunexpected network: unknown PSK identityunknown address typeurgent I/O conditionwirep: already in goworkbuf is not emptywrite of Go pointer x509: malformed spki of unexported method pcHeader.textStart= previous allocCount=, levelBits[level] = /proc/self/setgroups186264514923095703125931322574615478515625Anatolian_HieroglyphsInscriptional_PahlaviInternal Server ErrorOther_Grapheme_ExtendPrecondition RequiredRoundTrip failure: %vUNKNOWN_FRAME_TYPE_%dUnhandled Setting: %v_cgo_unsetenv missingasync stack too largebad type in compare: block device requiredbufio: negative countcheckdead: runnable gcommand not supportedconcurrent map writesdecompression failuredefer on system stackexec: already startedfindrunnable: wrong pframe_ping_has_streamhttp: Handler timeouthttp: nil Request.URLhttps://505games.com/https://bookshop.org/https://csgoskins.gg/https://csgostats.gg/https://forum.cfx.re/https://justfall.lol/https://senpai.gg/lolhttps://valoplant.gg/https://www.friv.com/https://www.hltv.org/https://www.kasd.org/https://www.lulu.com/https://www.nyrb.com/https://zone.msn.com/invalid NumericStringinvalid scalar lengthkey is not comparablelink has been severedlocalhost.localdomainnegative shift amountnet/http: nil Contextpackage not installedpanic on system stackparsenetlinkrouteattrpreempt at unknown pcread-only file systemreflect.Value.Complexreflect.Value.Pointerreflect.Value.SetUintreleasep: invalid argruntime: confused by
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: 34694469519536141888238489627838134765625MapIter.Next called on exhausted iteratorTime.UnmarshalBinary: unsupported versionasn1: internal error in parseTagAndLengthattempted to add zero-sized address rangebinary: varint overflows a 64-bit integerbytes.Buffer.WriteTo: invalid Write countbytes.Reader.WriteTo: invalid Write countcan't call pointer on a non-pointer Valuecrypto/md5: invalid hash state identifiergcSweep being done but phase is not GCoffhttp2: invalid Upgrade request header: %qhttp2: no cached connection was availablehttps://app.mobalytics.gg/valorant/searchhttps://de.top-games.net/search?keywords=https://downdetector.com/status/valorant/https://liquipedia.net/valorant/Main_Pagehttps://unity.com/solutions/build-backendhttps://www.dictionary.com/browse/lolved=https://www.facebook.com/leagueoflegends/https://www.fiverr.com/search/gigs?query=https://www.flickr.com/photos/lolesports/https://www.games.co.uk/games/multiplayerhttps://www.instagram.com/csgo_dev/?hl=enhttps://www.oculus.com/experiences/quest/https://www.pinterest.com/search/pins/?q=https://www.reddit.com/r/leagueoflegends/https://www.snokido.com/games/multiplayerhttps://www.thefreedictionary.com/streamshttps://www.usanetwork.com/movies/popularhttps://www.wsj.com/news/books-arts/bookshttps://yandex.com/games/category/puzzlesidna: internal error in punycode encodinginvalid value length: expected %d, got %dmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freenet/url: invalid control character in URLobjects added out of order or overlappingreflect.Value.Addr of unaddressable valueruntime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt basetime: Reset called on uninitialized Timertls: internal error: unsupported key (%T)transport got GOAWAY with error code = %vunexpected call to os.Exit(0) during testx509: cannot parse URI %q: invalid domain received but handler not on signal stack equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: GODEBUG: no value specified for "SIGCHLD: child status has changedSIGTTIN: background read from ttySIGXFSZ: file size limit exceededbad point length: %d, expected %dbytes.Buffer.Grow: negative countconcurrent map read and map writeconnection not allowed by rulesetcrypto/aes: output not full blockcrypto/des: output not full blockcrypto: requested hash function #findrunnable: negative nmspinningframe_pushpromise_promiseid_shortfreeing stack not in a stack spanheapBitsSetType: unexpected shifthttp2: invalid pseudo headers: %vhttp2: recursive push not allowedhttp: CloseIdleConnections calledhttp: invalid Read on closed Bodyhttps://activeplayer.io/valorant/https://discord.com/invite/csgofrhttps://gaming.gentside.com/csgo/https://github.com/whatwg/streamshttps://lagged.com/en/multiplayerhttps://poki.com/en/online-worldshttps://twitter.com/hashtag/bookshttps://upcomer.com/category/csgohttps://www.betterworldbooks.com/https://www.dexerto.com/valorant/https://www.exclusivebooks.co.za/https://www.gta5-mods.com/search/https://www.mapban.gg/fr/ban/csgohttps://www.pcgamesn.com/valoranthttps://www.reactive-streams.org/https://www.sentinels.gg/valoranthttps://www.theguardian.com/bookshttps://www.theguardian.com/gameshttps://www.tumblr.com/search/arsindefinite length found (not DER)invalid username/password versionleafCounts[maxBits][maxBits] != nmin must be a non-zero power of 2misrounded allocation in sysAllocnet/http: skip alternate protocolpad size larger than data payloadpseudo header field after regularreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of rangereflect: slice index out of rangeruntime: castogscanstatus oldval=runtime: epollcreate failed with runtime: failed mSpanList.insert runtime: goroutine stack exceeds runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangescalar has high bit set illegallyslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingstruct contains unexported fieldssync: RUnlock of unlocked RWMutextimer period must be non-negativetls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangetoo many Answers to pack (>65535)too many levels of symbolic linksunaligned 64-bit atomic operationunsupported transfer encoding: %qwaiting for unsupported file typex509: SAN rfc822Name is malformedx509: invalid RSA public exponentx509: invalid basic constraints ax509: invalid basic constraints bx509: invalid basic constraints cx509: invalid extended key usages%s %q is excluded by constraint %q/etc/ssl/certs/ca-certificates.crt3552713678800500929355621337890625: day-of-year does not match monthOther_Default_Ignorable_Code_PointSIGURG: urgent condition on socketTLS 1.3, client CertificateVerify equals www.twitter.com (Twitter)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: bytes.Buffer: reader returned negative count from Readcryptobyte: Builder is exceeding its fixed-size buffergcControllerState.findRunnable: blackening not enabledhttp: Request.Write on Request with no Host or URL sethttps://support-leagueoflegends.riotgames.com/hc/en-ushttps://www.amazon.com/Games/b?ie=UTF8&node=9209902011https://www.independent.co.uk/arts-entertainment/bookshttps://www.pinterest.com/pin/lol--830843831236999536/https://www.theloadout.com/league-of-legends/lol-rankshttps://www.tutorialspoint.com/java8/java8_streams.htmname is not in canonical format (it must end with a .)net/http: can't write control character in Request.URLno goroutines (main called runtime.Goexit) - deadlock!read loop ending; caller owns writable underlying conntls: certificate used with invalid signature algorithmtls: server resumed a session with a different versionx509: cannot verify signature: algorithm unimplementedx509: invalid RDNSequence: invalid attribute value: %sbufio.Scanner: SplitFunc returns negative advance countcasfrom_Gscanstatus:top gp->status is not in scan statecipher.NewCBCDecrypter: IV length must equal block sizecipher.NewCBCEncrypter: IV length must equal block sizegentraceback callback cannot be used with non-zero skiphttps://fr.bab.la/dictionnaire/anglais-francais/streamshttps://support.google.com/youtube/answer/2853834?hl=enhttps://www.gamekult.com/jeux/project-a-3050881401.htmlhttps://www.nationalgeographic.org/encyclopedia/stream/https://www.sciencedirect.com/browse/journals-and-bookshttps://www.statista.com/topics/4266/league-of-legends/net/http: invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionos: invalid use of WriteAt on file opened with O_APPENDreflect: internal error: invalid use of makeMethodValuetls: internal error: handshake should have had a resultx509: failed to load system roots and no roots providedx509: too many intermediates for path length constraintb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34http2: request body larger than specified content lengthhttp2: response header list larger than advertised limithttp: Request.RequestURI can't be set in client requestshttps://screencrush.com/best-x-rated-nc-17-rated-movies/https://www.g2g.com/categories/league-of-legends-accounthttps://www.pcgamer.com/gsgo-kart-is-csgo-with-go-karts/https://www.redbull.com/fr-fr/valorant-pearl-carte-guidehttps://www.reviews.org/au/games/best-multiplayer-games/in gcMark expecting to see gcphase as _GCmarkterminationnon-empty pointer map passed for non-pointer-size valuesprofilealloc called without a P or outside bootstrappingstrings: illegal use of non-zero Builder copied by valuex509: internal error: empty chain when appending CA certgentraceback cannot trace user goroutine on its own stackhttps://leagueoflegends.fandom.com/wiki/League_of_Legendshttps://parade.com/1012420/n
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: fmt: unknown base; can't happenframe_headers_prio_weight_shorthttp2: connection error: %v: %vhttps://bigclan.gg/teams/cs-go/https://dotesports.com/valoranthttps://fnatic.com/esports/csgohttps://fritz-martin.com/fivem/https://lolesports.com/live/lflhttps://stadia.google.com/gameshttps://www.addictinggames.com/https://www.barnesandnoble.com/https://www.bookdepository.com/https://www.booksfromfrance.fr/https://www.buff.game/valorant/https://www.chroniclebooks.com/https://www.eclypsia.com/fr/lolhttps://www.esports.com/en/csgohttps://www.facebook.com/games/https://www.game-insight.com/enhttps://www.hoyts.com.au/movieshttps://www.hulu.com/hub/movieshttps://www.leagueofgraphs.com/https://www.metacritic.com/gamehttps://www.mmorpg.com/valoranthttps://www.orbooks.com/mobile/https://www.parisgamesweek.com/https://www.reddit.com/r/FiveM/https://www.reddit.com/r/Games/https://www.reddit.com/r/books/https://www.scholastic.com/homehttps://www.twoplayergames.org/https://www.vulture.com/movies/internal error - misuse of itabinvalid network interface indexmalformed time zone informationnet/http: TLS handshake timeoutnon in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type resetspinning: not a spinning mruntime: cannot allocate memoryruntime: split stack overflow: slice bounds out of range [%x:]slice bounds out of range [:%x]tls: failed to sign handshake: tls: no certificates configuredtls: unsupported public key: %Ttoo many authentication methodstoo many transfer encodings: %qx509: certificate is valid for x509: malformed GeneralizedTimex509: malformed subjectUniqueIDx509: malformed tbs certificate (types from different packages)/etc/pki/tls/certs/ca-bundle.crt28421709430404007434844970703125: day-of-year does not match dayAccept-Encoding: gzip, deflate equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: streamSafe was not resetstructure needs cleaningtext/html; charset=utf-8unexpected buffer len=%vunpacking Question.Classx509: malformed validity to unused region of span/proc/sys/kernel/hostname2006-01-02T15:04:05Z07:002910383045673370361328125Content-Transfer-EncodingGODEBUG: can not enable "_cgo_thread_start missingallgadd: bad status Gidlearena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercontext deadline exceededexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Framer %p: read %vhttp2: Request.URI is nilhttp2: invalid header: %vhttp2: unsupported schemehttps://blitz.gg/valoranthttps://de.top-games.net/https://diversebooks.org/https://five-rp.de/fivem/https://gamewave.fr/csgo/https://lichess.org/gameshttps://playvalorant.com/https://porofessor.gg/fr/https://valorant.zing.vn/https://www.abebooks.com/https://www.booksinc.net/https://www.boomplay.com/https://www.csgoroll.com/https://www.doabooks.org/https://www.facebook.com/https://www.fandango.com/https://www.gamespot.com/https://www.gamestop.com/https://www.miniclip.com/https://www.mobafire.com/https://www.nba.com/gameshttps://www.northdata.de/https://www.tf1.fr/streamhttps://www.wob.com/en-gbhttps://yandex.com/games/inconsistent poll.fdMutexinvalid cross-device linkinvalid network interfaceinvalid object identifierinvalid username/passwordmissing stack in newstackmissing traceGCSweepStartnet/url: invalid userinfono answer from DNS serverno buffer space availableno such device or addressno such file or directoryno such network interfaceno suitable address foundoperation now in progressport number out of range read_frame_unexpected_eofreflect.Value.OverflowIntreleasep: invalid p stateremaining pointer buffersresource deadlock avoidedruntime: epollwait on fd runtime: program exceeds runtime equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: strings.Builder.Grow: negative countsyntax error scanning complex numbertls: server did not send a key shareuncaching span but s.allocCount == 0unsupported SSLv2 handshake receivedx509: invalid CRL distribution pointx509: invalid subject key identifierx509: malformed algorithm identifierx509: zero or negative DSA parameter) is smaller than minimum page size (2220446049250313080847263336181640625RoundTrip on uninitialized ClientConn_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!bytes.Buffer: truncation out of rangecannot create context from nil parentcannot exec a shared library directlychacha20poly1305: plaintext too largecipher: message authentication failedcrypto/cipher: incorrect GCM tag sizecrypto/cipher: invalid buffer overlapcrypto/rsa: public exponent too largecrypto/rsa: public exponent too smallcrypto/rsa: unsupported hash functioncrypto: Size of unknown hash functionexplicitly tagged member didn't matchfailed to reserve page summary memoryhttps://dotesports.com/counter-strikehttps://en.wiktionary.org/wiki/streamhttps://escharts.com/tournaments/csgohttps://gloot.com/blog/category/cs-gohttps://gta.fandom.com/wiki/Main_Pagehttps://itch.io/games/tag-multiplayerhttps://north.tech/search-results/?q=https://parsec.app/local-co-op-onlinehttps://store.steampowered.com/games/https://upcomer.com/category/valoranthttps://www.1001games.com/multiplayerhttps://www.codingame.com/multiplayerhttps://www.crazygames.com/c/shootinghttps://www.facebook.com/csgoskinscomhttps://www.imdb.com/title/tt1592873/https://www.nintendo.com/store/games/https://www.pacogames.com/multiplayerhttps://www.taptap.io/tag/MultiplayerlogWorkTime: unknown mark worker modemethod ABI and value ABI do not alignoperation not possible due to RF-killout does not point to an integer typereflect.Value.Bytes of non-byte slicereflect: NumField of non-struct type reflect: funcLayout of non-func type runtime: allocation size out of rangeruntime: netpoll: break fd ready for runtime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptls: unsupported certificate key (%T)too many Additionals to pack (>65535)too many Authorities to pack (>65535)unexpected CONTINUATION for stream %dvalue too large for defined data typex509: RSA key missing NULL parametersx509: invalid CRL distribution pointsx509: malformed extension value field1110223024625156540423631668090820312555511151231257827021181583404541015625addtimer called with initialized timerarg size to reflect.call more than 1GBasn1: Unmarshal recipient value is nilcan not access a needed shared librarychacha20poly1305: ciphertext too largeconcurrent map iteration and map writecrypto/sha256: invalid hash state sizecrypto/sha512: invalid hash state sizeencoding alphabet is not 64-bytes longexpected an Ed25519 public key, got %Tfailed to parse Location header %q: %vgcBgMarkWorker: blackening not enabledhttps://cineuropa.org/fr/video/408844/https://fr.wiktionary.org/wiki/str

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://https://www.dexerto.fr/valorant/valorant-cette-ancienne-fonctionnalite-csgo-ideale-contrer-af
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://lollfl.com/https://fivem.net/https://games.lol/https://proton.me/https://unity.com/https://ww
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://streamsescp.com/https://app.gala.games/https://armorgames.com/https://asd-europe.org/https://
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.baidu.com/search/spider.htm)bufio.Scan:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.gembly.fr/category/multiplayer-gameshttps://artsandculture.google.com/project/gameshttps:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.google.com/adsbot.html)Connection:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.google.com/feedfetcher.html)abiRegArgsType
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: http://www.googlebot.com/bot.html)attempt
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://505games.com/https://bookshop.org/https://csgoskins.gg/https://csgostats.gg/https://forum.cf
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://abiosgaming.com/press/valorant-data-and-statistics-balanced-game/https://developer.valvesoft
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://activeplayer.io/valorant/https://discord.com/invite/csgofrhttps://gaming.gentside.com/csgo/h
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://afkgaming.com/csgohttps://movies.disney.com/https://pbskids.org/games/https://playruneterra.
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://app.mobalytics.gg/valorant/searchhttps://de.top-games.net/search?keywords=https://downdetect
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://apps.apple.com/us/app/apple-books/id364709193https://dmarket.com/ingame-items/item-list/csgo
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://apps.apple.com/us/app/league-of-legends-wild-rift/id1480616990https://counterstrike.fandom.c
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://apps.apple.com/us/genre/ios-games/id6014https://liquipedia.net/leagueoflegends/Main_Pagehttp
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://armorgames.com/category/multiplayer-gameshttps://downdetector.fr/statut/league-of-legends/ht
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://astucejeuxps4.com/quel-est-le-rang-le-plus-eleve-de-valorant/https://www.clubic.com/telechar
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://beebom.com/best-multiplayer-games-android/https://www.eldorado.gg/valorant-accounts/a/32-1-0
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://bigclan.gg/teams/cs-go/https://dotesports.com/valoranthttps://fnatic.com/esports/csgohttps:/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blitz.gg/lolhttps://buff.market/https://colyseus.io/https://csgo500.com/https://de.pons.com/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blitz.gg/valoranthttps://de.top-games.net/https://diversebooks.org/https://five-rp.de/fivem/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blix.gg/news/ldn-utd-to-leave-valorant-and-esports-competitive-scenehttps://www.digitaltrend
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blockly.games/https://coregames.com/https://csgo-bets.org/https://csgo.exchange/https://csgo
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://blog.playstation.com/2022/08/29/welcoming-savage-game-studios-expanding-our-community/43YuNy
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://books.openedition.org/https://se7en.ws/csgo/?lang=enhttps://trovo.live/games/CS:GOhttps://ww
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://cineuropa.org/fr/video/408844/https://fr.wiktionary.org/wiki/streamshttps://onlinebooks.libr
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://cloud9.gg/teams/csgo/https://felgo.com/multiplayerhttps://gamewave.fr/valorant/https://www.b
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://cs.money/https://csgo.com/https://csgo.net/https://kizi.com/https://mubi.com/https://poki.co
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://dak.gg/valorant/en/https://fivem-store.com/?s=https://games.crossfit.com/https://games.usato
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://de.pons.com/%C3%BCbersetzung/englisch-deutsch/north?bidir=1https://fivem-store.com/?s=as&pos
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Media_Capture_and_Streams_APIhttps://news.xbox.com/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://dictionary.cambridge.org/dictionary/english/streamhttps://gameforge.com/en-US/littlegames/mu
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.htmlhttps://play.google.com
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://docs.confluent.io/platform/current/streams/index.htmlhttps://earlygame.com/lol/teams-qualifi
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://docs.oracle.com/javase/8/docs/api/java/util/stream/package-summary.htmltls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://docs.unrealengine.com/5.0/en-US/networking-and-multiplayer-in-unreal-enginehttps://journaldu
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://dotesports.com/counter-strikehttps://en.wiktionary.org/wiki/streamhttps://escharts.com/tourn
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://downloads.digitaltrends.com/https://invictusgamesfoundation.org/https://kbhgames.com/tag/mul
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://earlygame.com/valorant/lore-story-explainedhttps://universe.flyff.com/fr/intro/free-web-mmor
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://electronics.howstuffworks.com/15-league-of-legends-tips-for-beginners.htmhttps://leaguefeed.
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://fivem-store.com/https://key-drop.com/en/https://olympics.com/en/https://openlibrary.org/http
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://fr.bab.la/dictionnaire/anglais-francais/streamshttps://support.google.com/youtube/answer/285
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://fr.pons.com/traduction/anglais-fran%C3%A7ais/streamshttps://play.google.com/store/apps/categ
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://gamerant.com/xbox-game-pass-best-multiplayer-games/https://www.google.com/intl/en/googlebook
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://gamergen.com/actualites/xbox-game-pass-6-futurs-jeux-humble-games-confirmes-day-one-328977-1
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://github.com/ValveSoftware/csgo-docs/blob/main/major-supplemental-rulebook.md/https://www.pink
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://itch.io/https://pley.gg/https://poro.gg/integer
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://kahoot.com/https://win.gg/lol/https://www.vct.gg/https://www.vlr.gg/if-unmodified-sinceilleg
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://kotaku.com/youtuber-streamer-ishowspeed-ban-valorant-riot-keemstar-1848764368https://www.pol
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://leagueoflegends.fandom.com/wiki/League_of_Legendshttps://parade.com/1012420/nicolepajer/best
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://markiplier.fandom.com/wiki/Category:Online_Multiplayer_Gameshttps://www.eldorado.gg/league-o
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://moviestvnetwork.com/https://store.epicgames.com/https://support.bynorth.com/https://vag.gg/s
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://nofrag.com/valorant-presente-sa-prochaine-carte-fracture/https://steamcommunity.com/sharedfi
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://play.google.com/store/apps/details?id=com.riotgames.league.wildrift&hl=en&gl=UShttps://play.
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://rigorousthemes.com/blog/best-multiplayer-online-games-for-couples/https://www.games-workshop
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://screencrush.com/best-x-rated-nc-17-rated-movies/https://www.g2g.com/categories/league-of-leg
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://screenrant.com/old-multiplayer-video-games-with-active-servers/https://www.esquire.com/lifes
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://support-leagueoflegends.riotgames.com/hc/en-ushttps://www.amazon.com/Games/b?ie=UTF8&node=92
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://thesportsrush.com/valorant-news-valorant-mobile-has-now-entered-testing/https://www.91mobile
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://translate.google.com/translate?hl=en&sl=fr&u=http://lollfl.com/&prev=search&pto=auehttps://w
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://vag.gg/https://wol.gg/invalid
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.activision.com/gameshttps://www.bbc.co.uk/cbbc/gameshttps://www.intechopen.com/bookshttp
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.amazon.fr/Multiplayer-Game-Programming-Architecting-Networked-ebook/dp/B0189RXWJQhttps:/
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.bloomberg.com/news/newsletters/2022-08-28/critics-and-fans-have-never-disagreed-more-abo
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.cnbc.com/2022/08/30/sony-sets-up-a-playstation-mobile-gaming-unit-in-push-beyond-console
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.cnet.com/culture/entertainment/netflix-the-44-absolute-best-movies-to-see/https://www.ig
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.eclypsia.com/fr/cs-go/actualites/cs-go-source-2-n-arrivera-pas-pour-l-anniversaire-du-je
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.gamingup.fr/csgo/csgo--top-10-des-joueurs-les-mieux-payes-de-l-histoire-760335applicatio
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.jeuxvideo.com/forums/0-19163-0-1-0-1-0-league-of-legends.htmtls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.npr.org/2020/05/08/852170041/can-riot-games-make-valorant-an-esports-success-signs-point
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.oneesports.gg/league-of-legends/react-new-worlds-2022-trophy/tls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.perforce.com/video-tutorials/vcs/what-perforce-streamstls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.pinnacle.com/fr/esports-hub/betting-articles/league-of-legends/the-different-league-of-l
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.pocket-lint.com/games/news/152432-what-is-valorant-a-guide-to-the-free-to-play-shooter-w
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.progressersurleagueoflegends.fr/guides/prendre-le-meme-set-dobjet-quun-challenger-une-er
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.thenorthface.de/shop/SearchDisplay?catalogId=13505&storeId=7007&langId=-3&searchTerm=NoC
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.tomsguide.com/best-picks/best-nintendo-switch-multiplayer-gamestls:
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	String found in binary or memory: https://www.virginiamercury.com/2022/08/30/judge-throws-out-obscenity-case-attempting-to-restrict-sa

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Sample and/or dropped files likely contain functionality related to malicious behavior

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf

ELF static info symbol of initial sample: crypto/tls.(*Config).writeKeyLog

Sample and/or dropped files contains symbols with suspicious names

Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: bufio.(*Scanner).Scan
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: crypto/rand.(*hideAgainReader).Read
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: crypto/rand.hideAgainReader.Read
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: crypto/tls.(*Conn).maxPayloadSizeForWrite
Source: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	ELF static info symbol of initial sample: crypto/x509.IncorrectPasswordError

Source: classification engine

Classification label: mal60.linELF@0/0@0/0

Source: ELF file section

Submission: SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf

ID:	1417152
Product:	CloudBasic
Start time:	17:17:10
Start date:	28.03.2024
Sample:	SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	faf2bce1b9228c738be3f86f031f9ee4
SHA1:	30ab66cbb7d2c1d9dd81ee289ead623f3f541327
SHA256:	5353127308732b5a30d96259d0448c5bf92fba25ebc73bfea014f11cebb21990
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Linux Analysis Report SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report
SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf