Source: fsa.elf |
ReversingLabs: Detection: 39% |
Source: fsa.elf |
Virustotal: Detection: 35% |
Perma Link |
Source: unknown |
HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33606 version: TLS 1.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: fsa.elf, 6214.1.000000c000000000.000000c000400000.rw-.sdmp |
String found in binary or memory: http://127.0.0.1:8080 |
Source: fsa.elf |
String found in binary or memory: http://upx.sf.net |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 33606 |
Source: unknown |
Network traffic detected: HTTP traffic on port 33606 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 43928 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 42836 -> 443 |
Source: unknown |
HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33606 version: TLS 1.2 |
Source: LOAD without section mappings |
Program segment: 0x400000 |
Source: classification engine |
Classification label: mal64.evad.linELF@0/0@0/0 |
Source: initial sample |
String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $ |
Source: initial sample |
String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $ |
Source: initial sample |
String containing UPX found: $Id: UPX 3.96 Copyright (C) 1996-2020 the UPX Team. All Rights Reserved. $ |
Source: /usr/bin/dash (PID: 6218) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.eaYG9ch38r /tmp/tmp.qhU28QogYd /tmp/tmp.gr2Bn6czuc |
Jump to behavior |
Source: /usr/bin/dash (PID: 6227) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.eaYG9ch38r /tmp/tmp.qhU28QogYd /tmp/tmp.gr2Bn6czuc |
Jump to behavior |
Source: submitted sample |
Stderr: ___ _ / _ \ ___ ___ _ __ __ _ ___| | __ / /_\/____/ __|/ __| '__/ _` |/ __|
|/ // /_\\_____\__ \ (__| | | (_| | (__| < \____/ |___/\___|_| \__,_|\___|_|\_\ fscan version:
1.8.0Usage of /tmp/fsa.elf: -br int Brute threads (default 1) -c string exec command (ssh) -cookie string set
poc cookie,-cookie rememberMe=login -debug int every time to LogErr (default 60) -domain string smb domain -full
poc full scan,as: shiro 100 key -h string IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255
| 192.168.11.11,192.168.11.12 -hf string host file, -hf ip.txt -hn string the hosts no scan,as: -hn 192.168.1.1/24
-m string Select scan type ,as: -m ssh (default "all") -no not to save output log -nobr not to Brute password
-nopoc not to scan web vul -np not to ping -num int poc rate (default 20) -o string Outputfile (default "result.txt")
-p string Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017")
-pa string add port base DefaultPorts,-pa 3389 -path string fcgismb romote file path -ping using ping replace icmp
-pn string the ports no scan,as: -pn 445 -pocname string use the pocs these contain pocname, -pocname weblogic -pocpath
string poc file path -portf string Port File -proxy string set poc proxy, -proxy http://127.0.0.1:8080 -pwd string
password -pwda string add a password base DefaultPasses,-pwda password -pwdf string password file -rf string redis
file to write sshkey file (as: -rf id_rsa.pub) -rs string redis shell to write cron file (as: -rs 192.168.1.1:6666)
-sc string ms17 shellcode,as -sc add -silent silent scan -socks5 string set socks5 proxy, will be used in tcp connection,
timeout setting will not work -sshkey string sshkey file (id_rsa) -t int Thread nums (default 600) -time int Set
timeout (default 3) -top int show live len top (default 10) -u string url -uf string urlfile -user string
username -usera string add a user base DefaultUsers,-usera user -userf string username file -wt int Set web timeout
(default 5): exit code = 0 |
Source: fsa.elf |
Submission file: segment LOAD with 7.9224 entropy (max. 8.0) |