Source: 95sOS6Fo3w.elf |
Virustotal: Detection: 33% |
Perma Link |
Source: 95sOS6Fo3w.elf |
ReversingLabs: Detection: 39% |
Source: global traffic |
TCP traffic: 192.168.2.14:43696 -> 93.123.85.49:1337 |
Source: /tmp/95sOS6Fo3w.elf (PID: 5563) |
Socket: 127.0.0.1::24232 |
Jump to behavior |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.123.85.49 |
Source: ELF static info symbol of initial sample |
Name: attack.c |
Source: ELF static info symbol of initial sample |
Name: attack_get_opt_int |
Source: ELF static info symbol of initial sample |
Name: attack_get_opt_ip |
Source: ELF static info symbol of initial sample |
Name: attack_get_opt_str |
Source: ELF static info symbol of initial sample |
Name: attack_init |
Source: ELF static info symbol of initial sample |
Name: attack_method_greeth |
Source: ELF static info symbol of initial sample |
Name: attack_method_greip |
Source: ELF static info symbol of initial sample |
Name: attack_method_handshake |
Source: ELF static info symbol of initial sample |
Name: attack_method_http |
Source: ELF static info symbol of initial sample |
Name: attack_method_tcpack |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5569, result: successful |
Jump to behavior |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5581, result: successful |
Jump to behavior |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5582, result: successful |
Jump to behavior |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5583, result: successful |
Jump to behavior |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5584, result: successful |
Jump to behavior |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5652, result: successful |
Jump to behavior |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5679, result: successful |
Jump to behavior |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5684, result: successful |
Jump to behavior |
Source: /tmp/95sOS6Fo3w.elf (PID: 5565) |
SIGKILL sent: pid: 5686, result: successful |
Jump to behavior |
Source: classification engine |
Classification label: mal68.troj.linELF@0/1@0/0 |
Source: /tmp/95sOS6Fo3w.elf (PID: 5563) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: 95sOS6Fo3w.elf, 5563.1.00005620401d7000.00005620402c7000.rw-.sdmp, 95sOS6Fo3w.elf, 5569.1.00005620401d7000.00005620402c7000.rw-.sdmp |
Binary or memory string: !/etc/qemu-binfmt/ppc1 |
Source: 95sOS6Fo3w.elf, 5569.1.00005620401d7000.00005620402c7000.rw-.sdmp |
Binary or memory string: #/etc/qemu-binfmt/ppc/proc/5565e/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe |
Source: 95sOS6Fo3w.elf, 5563.1.00005620401d7000.00005620402c7000.rw-.sdmp, 95sOS6Fo3w.elf, 5569.1.00005620401d7000.00005620402c7000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/ppc |
Source: 95sOS6Fo3w.elf, 5563.1.00007fffb4bf8000.00007fffb4c19000.rw-.sdmp |
Binary or memory string: /tmp/qemu-open.uVUCYR |
Source: 95sOS6Fo3w.elf, 5563.1.00007fffb4bf8000.00007fffb4c19000.rw-.sdmp, 95sOS6Fo3w.elf, 5569.1.00007fffb4bf8000.00007fffb4c19000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-ppc |
Source: 95sOS6Fo3w.elf, 5563.1.00007fffb4bf8000.00007fffb4c19000.rw-.sdmp, 95sOS6Fo3w.elf, 5569.1.00007fffb4bf8000.00007fffb4c19000.rw-.sdmp |
Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/95sOS6Fo3w.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/95sOS6Fo3w.elf |
Source: 95sOS6Fo3w.elf, 5563.1.00007fffb4bf8000.00007fffb4c19000.rw-.sdmp |
Binary or memory string: Hx= V)dC= V/tmp/qemu-open.uVUCYR\ |
Source: 95sOS6Fo3w.elf, 5569.1.00005620401d7000.00005620402c7000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/ppc/proc/5565e/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe/exe |
Source: Yara match |
File source: 95sOS6Fo3w.elf, type: SAMPLE |
Source: Yara match |
File source: 5563.1.00007f6bcc001000.00007f6bcc016000.r-x.sdmp, type: MEMORY |
Source: Yara match |
File source: 5569.1.00007f6bcc001000.00007f6bcc016000.r-x.sdmp, type: MEMORY |
Source: Yara match |
File source: 95sOS6Fo3w.elf, type: SAMPLE |
Source: Yara match |
File source: 5563.1.00007f6bcc001000.00007f6bcc016000.r-x.sdmp, type: MEMORY |
Source: Yara match |
File source: 5569.1.00007f6bcc001000.00007f6bcc016000.r-x.sdmp, type: MEMORY |