Sample name: | tUzH4zTmwI.elfrenamed because original name is a hash value |
Original sample name: | 24736e8f0e51be6d768e20591adde1ac.elf |
Analysis ID: | 1427873 |
MD5: | 24736e8f0e51be6d768e20591adde1ac |
SHA1: | e57ca5cf2b641b230c944e2c0480090c771e3e15 |
SHA256: | 844ee6c620e121eb13856b910fbde2694ab7309d69b97ccbc355c01ca90404b9 |
Tags: | 32elfmipsmirai |
Infos: |
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
AV Detection |
---|
Source: |
Virustotal: |
Perma Link |
Networking |
---|
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior |
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
Source: |
Iptables executable: |
Jump to behavior |
Source: |
Socket: |
Jump to behavior | ||
Source: |
Socket: |
Jump to behavior |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
Source: |
DNS traffic detected: |
Source: |
String containing 'busybox' found: |
||
Source: |
String containing 'busybox' found: |
||
Source: |
String containing 'busybox' found: |
Source: |
.symtab present: |
Source: |
Classification label: |
Persistence and Installation Behavior |
---|
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior |
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior |
Source: |
Iptables executable: |
Jump to behavior |
Source: |
Queries kernel information via 'uname': |
Jump to behavior | ||
Source: |
Queries kernel information via 'uname': |
Jump to behavior | ||
Source: |
Queries kernel information via 'uname': |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
No Screenshots
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.196.11.64 | dead-cheap-doma.in | Switzerland | 42624 | SIMPLECARRIERCH | false | |
212.118.43.167 | unknown | Russian Federation | 25308 | CITYLAN-ASRU | false |
Name | IP | Active |
---|---|---|
dead-cheap-doma.in | 185.196.11.64 | true |