Edit tour
Linux
Analysis Report
JX1KTFsitM.elf
Overview
General Information
Sample name: | JX1KTFsitM.elfrenamed because original name is a hash value |
Original sample name: | 9d7167e0d7548f45bb93b80572eeea69.elf |
Analysis ID: | 1428687 |
MD5: | 9d7167e0d7548f45bb93b80572eeea69 |
SHA1: | 0465e8db8a047e880dd215bd2970bd00603c9aed |
SHA256: | fb24c522636c4b3c400b1fd339547e735ce90949b26c539158247769ad853602 |
Tags: | 32elfmiraisparc |
Infos: | |
Detection
Okiru
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Okiru
Executes the "rm" command used to delete files or directories
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
Non-zero exit code suggests an error during the execution. Lookup the error code for hints. |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428687 |
Start date and time: | 2024-04-19 11:53:48 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 10m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | JX1KTFsitM.elfrenamed because original name is a hash value |
Original Sample Name: | 9d7167e0d7548f45bb93b80572eeea69.elf |
Detection: | MAL |
Classification: | mal64.troj.linELF@0/0@0/0 |
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
Command: | /tmp/JX1KTFsitM.elf |
PID: | 6251 |
Exit Code: | 255 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | /lib/ld-uClibc.so.0: No such file or directory |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | String: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
36% | Virustotal | Browse | ||
32% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.249.145.219 | unknown | United States | 16509 | AMAZON-02US | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
34.249.145.219 | Get hash | malicious | Mirai, Okiru | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
109.202.202.202 | Get hash | malicious | Mirai, Moobot, Okiru | Browse | ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai | Browse | |||
91.189.91.43 | Get hash | malicious | Mirai, Moobot, Okiru | Browse | ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
91.189.91.42 | Get hash | malicious | Mirai, Moobot, Okiru | Browse | ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
INIT7CH | Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| |
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
AMAZON-02US | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.0712436700418175 |
TrID: |
|
File name: | JX1KTFsitM.elf |
File size: | 43'192 bytes |
MD5: | 9d7167e0d7548f45bb93b80572eeea69 |
SHA1: | 0465e8db8a047e880dd215bd2970bd00603c9aed |
SHA256: | fb24c522636c4b3c400b1fd339547e735ce90949b26c539158247769ad853602 |
SHA512: | 5657bc5d53dd3fc74943fa3b73f7f56ac6f8b0110eadea886bfd2331a3152345ca1fca30ba0c474f6b7eb43cf36ae7f2356a21f1d1818eaf8ad5569d20b3a8a4 |
SSDEEP: | 768:lULQsJq8SpJGrXgpBTg8AAsDFjR8RgPwZpC/vQ0:rssHp0rQ7Tgjzt6LZpC/vQ0 |
TLSH: | C3133B26A97A6B07C0E1A23A10A78F1275E50BC90594D74F7E760D9FBE603111E1FEF8 |
File Content Preview: | .ELF.......................|...4.........4. ...(...........4...4...4................................................................................................................................................dt.Q............................/lib/ld-uCl |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 6 |
Section Header Offset: | 42472 |
Section Header Size: | 40 |
Number of Section Headers: | 18 |
Header String Table Index: | 17 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.interp | PROGBITS | 0x100f4 | 0xf4 | 0x14 | 0x0 | 0x2 | A | 0 | 0 | 1 |
.hash | HASH | 0x10108 | 0x108 | 0x230 | 0x4 | 0x2 | A | 3 | 0 | 4 |
.dynsym | DYNSYM | 0x10338 | 0x338 | 0x470 | 0x10 | 0x2 | A | 4 | 1 | 4 |
.dynstr | STRTAB | 0x107a8 | 0x7a8 | 0x205 | 0x0 | 0x2 | A | 0 | 0 | 1 |
.rela.plt | RELA | 0x109b0 | 0x9b0 | 0x300 | 0xc | 0x2 | A | 3 | 14 | 4 |
.init | PROGBITS | 0x10cb0 | 0xcb0 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x10ccc | 0xccc | 0x7e84 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x18b50 | 0x8b50 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x18b68 | 0x8b68 | 0x1520 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.ctors | PROGBITS | 0x2a08c | 0xa08c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x2a094 | 0xa094 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dynamic | DYNAMIC | 0x2a0a0 | 0xa0a0 | 0xb8 | 0x8 | 0x3 | WA | 4 | 0 | 4 |
.got | PROGBITS | 0x2a158 | 0xa158 | 0x4 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.plt | PROGBITS | 0x2a15c | 0xa15c | 0x334 | 0x0 | 0x7 | WAX | 0 | 0 | 4 |
.data | PROGBITS | 0x2a490 | 0xa490 | 0xe4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x2a578 | 0xa574 | 0x2d0 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.shstrtab | STRTAB | 0x0 | 0xa574 | 0x74 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
PHDR | 0x34 | 0x10034 | 0x10034 | 0xc0 | 0xc0 | 2.0109 | 0x5 | R E | 0x4 | ||
INTERP | 0xf4 | 0x100f4 | 0x100f4 | 0x14 | 0x14 | 3.6842 | 0x4 | R | 0x1 | /lib/ld-uClibc.so.0 | .interp |
LOAD | 0x0 | 0x10000 | 0x10000 | 0xa088 | 0xa088 | 6.1406 | 0x5 | R E | 0x10000 | .interp .hash .dynsym .dynstr .rela.plt .init .text .fini .rodata | |
LOAD | 0xa08c | 0x2a08c | 0x2a08c | 0x4e8 | 0x7bc | 3.7672 | 0x7 | RWE | 0x10000 | .ctors .dtors .dynamic .got .plt .data .bss | |
DYNAMIC | 0x0 | 0x0 | 0x2a0a0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Type | Meta | Value | Tag |
---|---|---|---|
DT_NEEDED | sharedlib | libpthread.so.0 | 0x1 |
DT_NEEDED | sharedlib | libc.so.0 | 0x1 |
DT_INIT | value | 0x10cb0 | 0xc |
DT_FINI | value | 0x18b50 | 0xd |
DT_HASH | value | 0x10108 | 0x4 |
DT_STRTAB | value | 0x107a8 | 0x5 |
DT_SYMTAB | value | 0x10338 | 0x6 |
DT_STRSZ | bytes | 517 | 0xa |
DT_SYMENT | bytes | 16 | 0xb |
DT_DEBUG | value | 0x0 | 0x15 |
DT_PLTGOT | value | 0x2a15c | 0x3 |
DT_PLTRELSZ | bytes | 768 | 0x2 |
DT_PLTREL | pltrel | DT_RELA | 0x14 |
DT_JMPREL | value | 0x109b0 | 0x17 |
DT_RELA | value | 0x109b0 | 0x7 |
DT_RELASZ | bytes | 768 | 0x8 |
DT_RELAENT | bytes | 12 | 0x9 |
DT_NULL | value | 0x0 | 0x0 |
Name | Version Info Name | Version Info File Name | Section Name | Value | Size | Symbol Type | Symbol Bind | Symbol Visibility | Ndx |
---|---|---|---|---|---|---|---|---|---|
.dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
.rem | .dynsym | 0x2a3b4 | 44 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
.udiv | .dynsym | 0x2a210 | 20 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
.umul | .dynsym | 0x2a420 | 12 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
.urem | .dynsym | 0x2a3a8 | 32 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
__bss_start | .dynsym | 0x2a574 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_ABS | ||
__errno_location | .dynsym | 0x2a3d8 | 36 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
__uClibc_main | .dynsym | 0x2a33c | 848 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
_edata | .dynsym | 0x2a574 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_ABS | ||
_end | .dynsym | 0x2a848 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_ABS | ||
_exit | .dynsym | 0x2a3fc | 128 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
_fini | .dynsym | 0x18b50 | 0 | FUNC | <unknown> | DEFAULT | 8 | ||
_init | .dynsym | 0x10cb0 | 0 | FUNC | <unknown> | DEFAULT | 6 | ||
_start | .dynsym | 0x10d7c | 56 | FUNC | <unknown> | DEFAULT | 7 | ||
accept | .dynsym | 0x2a27c | 96 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
atoi | .dynsym | 0x2a3f0 | 24 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
bind | .dynsym | 0x2a2ac | 36 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
calloc | .dynsym | 0x2a288 | 284 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
clock | .dynsym | 0x2a42c | 56 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
close | .dynsym | 0x2a468 | 124 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
closedir | .dynsym | 0x2a444 | 208 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
connect | .dynsym | 0x2a1a4 | 96 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
exit | .dynsym | 0x2a3e4 | 168 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
fclose | .dynsym | 0x2a360 | 860 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
fcntl | .dynsym | 0x2a450 | 248 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
fgets | .dynsym | 0x2a1e0 | 260 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
fopen | .dynsym | 0x2a348 | 24 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
fork | .dynsym | 0x2a330 | 16 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
free | .dynsym | 0x2a474 | 564 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
getpid | .dynsym | 0x2a1d4 | 88 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
getppid | .dynsym | 0x2a36c | 32 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
getsockname | .dynsym | 0x2a480 | 36 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
getsockopt | .dynsym | 0x2a3c0 | 44 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
inet_addr | .dynsym | 0x2a2b8 | 40 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
kill | .dynsym | 0x2a2a0 | 92 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
listen | .dynsym | 0x2a324 | 28 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
malloc | .dynsym | 0x2a21c | 2436 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
memcpy | .dynsym | 0x2a1f8 | 4212 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
memmove | .dynsym | 0x2a1bc | 1508 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
memset | .dynsym | 0x2a354 | 416 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
open | .dynsym | 0x2a414 | 132 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
opendir | .dynsym | 0x2a384 | 228 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
prctl | .dynsym | 0x2a1ec | 104 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
pthread_create | .dynsym | 0x2a1b0 | 2900 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
pthread_join | .dynsym | 0x2a45c | 380 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
rand | .dynsym | 0x2a2dc | 16 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
read | .dynsym | 0x2a2e8 | 132 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
readdir | .dynsym | 0x2a264 | 184 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
readlink | .dynsym | 0x2a204 | 96 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
realloc | .dynsym | 0x2a30c | 916 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
recv | .dynsym | 0x2a198 | 92 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
recvfrom | .dynsym | 0x2a240 | 96 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
remove | .dynsym | 0x2a228 | 88 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
select | .dynsym | 0x2a258 | 84 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
send | .dynsym | 0x2a270 | 92 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
sendto | .dynsym | 0x2a300 | 96 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
setsid | .dynsym | 0x2a438 | 80 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
setsockopt | .dynsym | 0x2a2c4 | 44 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
sleep | .dynsym | 0x2a234 | 336 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
snprintf | .dynsym | 0x2a1c8 | 48 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
socket | .dynsym | 0x2a24c | 36 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
sprintf | .dynsym | 0x2a39c | 52 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
stat | .dynsym | 0x2a3cc | 116 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
strcmp | .dynsym | 0x2a390 | 648 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
strcpy | .dynsym | 0x2a18c | 804 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
strlen | .dynsym | 0x2a408 | 120 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
strstr | .dynsym | 0x2a2d0 | 288 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
strtok | .dynsym | 0x2a318 | 40 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
time | .dynsym | 0x2a378 | 40 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
unlink | .dynsym | 0x2a2f4 | 88 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
write | .dynsym | 0x2a294 | 132 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 11:54:46.925968885 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 19, 2024 11:54:51.021245003 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 19, 2024 11:54:52.557013988 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 19, 2024 11:54:55.597851038 CEST | 39260 | 443 | 192.168.2.23 | 34.249.145.219 |
Apr 19, 2024 11:54:55.597898960 CEST | 443 | 39260 | 34.249.145.219 | 192.168.2.23 |
Apr 19, 2024 11:54:55.598054886 CEST | 39260 | 443 | 192.168.2.23 | 34.249.145.219 |
Apr 19, 2024 11:54:55.598433971 CEST | 39260 | 443 | 192.168.2.23 | 34.249.145.219 |
Apr 19, 2024 11:54:55.598453999 CEST | 443 | 39260 | 34.249.145.219 | 192.168.2.23 |
Apr 19, 2024 11:55:08.682969093 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 19, 2024 11:55:18.921391964 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 19, 2024 11:55:20.969155073 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 19, 2024 11:55:49.637273073 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 19, 2024 11:55:55.590173006 CEST | 39260 | 443 | 192.168.2.23 | 34.249.145.219 |
Apr 19, 2024 11:55:55.632143021 CEST | 443 | 39260 | 34.249.145.219 | 192.168.2.23 |
Apr 19, 2024 11:57:05.320894003 CEST | 30100 | 39260 | 192.168.2.1 | 192.168.2.23 |
System Behavior
Start time (UTC): | 09:54:47 |
Start date (UTC): | 19/04/2024 |
Path: | /tmp/JX1KTFsitM.elf |
Arguments: | /tmp/JX1KTFsitM.elf |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time (UTC): | 09:55:54 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:55:54 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.uVPj8ZZnc7 /tmp/tmp.nYFAjzZUHo /tmp/tmp.TpafgwzZyt |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 09:55:54 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:55:54 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.uVPj8ZZnc7 /tmp/tmp.nYFAjzZUHo /tmp/tmp.TpafgwzZyt |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |