Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Hl1XYulacW.elf

Overview

General Information

Sample name:Hl1XYulacW.elf
renamed because original name is a hash value
Original sample name:489a5eaa642b85daf6a55557945272bb.elf
Analysis ID:1438522
MD5:489a5eaa642b85daf6a55557945272bb
SHA1:0e1f8a4c42c3dd0935903c89ef31d74ecf30aa7e
SHA256:65adaaa446f4a620994134865d20c2f1df389580eb56aa287968c1a89edcbccb
Tags:32elfmiraipowerpc
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
ELF contains segments with high entropy indicating compressed/encrypted content
Executes the "rm" command used to delete files or directories
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Exit code information suggests that the sample terminated abnormally, try to lookup the sample's target architecture.
Non-zero exit code suggests an error during the execution. Lookup the error code for hints.

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1438522
Start date and time:2024-05-08 20:14:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 45s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Hl1XYulacW.elf
renamed because original name is a hash value
Original Sample Name:489a5eaa642b85daf6a55557945272bb.elf
Detection:MAL
Classification:mal56.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: Hl1XYulacW.elf

Runtime Messages

Command:/tmp/Hl1XYulacW.elf
PID:6238
Exit Code:134
Exit Code Info:SIGABRT (6) Abort signal from abort
Killed:False
Standard Output:

Standard Error:qemu: fatal: Tried to call a TRAP

NIP 100095d8 LR 1000954c CTR 00000000 XER 00000000 CPU#0
MSR 00006940 HID0 00000000 HF 00006000 iidx 2 didx 2
TB 00000216 930866454616
GPR00 000000000000005a 00000000ffffece0 0000000000000000 0000000000000009
GPR04 0000000000009d47 0000000000000003 0000000000000012 0000000000000003
GPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20 0000000000000000 0000000000000fd8 0000000010009638 0000000000000000
GPR24 0000000000000000 0000000010000000 00000000ffffedbc 0000000000000003
GPR28 000000000000a610 00000000ff7f3000 00000000fffff000 0000000010008a24
CR 50000002 [ GO - - - - - - E ] RES ffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 00000000

Process Tree

  • system is lnxubuntu20
  • Hl1XYulacW.elf (PID: 6238, Parent: 6160, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/Hl1XYulacW.elf
  • dash New Fork (PID: 6312, Parent: 4333)
  • rm (PID: 6312, Parent: 4333, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.1dHBsZ9vQm /tmp/tmp.QBpcbtzv5e /tmp/tmp.nIbwx9jBcD
  • dash New Fork (PID: 6313, Parent: 4333)
  • rm (PID: 6313, Parent: 4333, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.1dHBsZ9vQm /tmp/tmp.QBpcbtzv5e /tmp/tmp.nIbwx9jBcD
  • cleanup

Yara Signatures

No yara matches

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Hl1XYulacW.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: Hl1XYulacW.elfReversingLabs: Detection: 31%
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownNetwork traffic detected: HTTP traffic on port 39244 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39244
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: LOAD without section mappingsProgram segment: 0x10000000
Source: classification engineClassification label: mal56.linELF@0/0@0/0
Source: /usr/bin/dash (PID: 6312)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.1dHBsZ9vQm /tmp/tmp.QBpcbtzv5e /tmp/tmp.nIbwx9jBcDJump to behavior
Source: /usr/bin/dash (PID: 6313)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.1dHBsZ9vQm /tmp/tmp.QBpcbtzv5e /tmp/tmp.nIbwx9jBcDJump to behavior
Source: Hl1XYulacW.elfSubmission file: segment LOAD with 7.9641 entropy (max. 8.0)
Source: /tmp/Hl1XYulacW.elf (PID: 6238)Queries kernel information via 'uname': Jump to behavior
Source: Hl1XYulacW.elf, 6238.1.000055779e092000.000055779e121000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: Hl1XYulacW.elf, 6238.1.000055779e092000.000055779e121000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
Source: Hl1XYulacW.elf, 6238.1.00007ffd8ff82000.00007ffd8ffa3000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc
Source: Hl1XYulacW.elf, 6238.1.00007ffd8ff82000.00007ffd8ffa3000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc/tmp/Hl1XYulacW.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Hl1XYulacW.elf

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
File Deletion		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Hl1XYulacW.elf32%ReversingLabsLinux.Trojan.Mirai
Hl1XYulacW.elf100%AviraEXP/ELF.Agent.G.22

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
34.249.145.219
unknownUnited States
16509AMAZON-02USfalse
109.202.202.202
unknownSwitzerland
13030INIT7CHfalse
91.189.91.43
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
91.189.91.42
unknownUnited Kingdom
41231CANONICAL-ASGBfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
34.249.145.219SecuriteInfo.com.Linux.Siggen.9999.2998.17754.elfGet hashmaliciousMiraiBrowse
    mYyPA50Mdm.elfGet hashmaliciousMiraiBrowse
      fuckjewishpeople.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
        sT7lbiZZt8.elfGet hashmaliciousMirai, OkiruBrowse
          wIHYeOGiC4.elfGet hashmaliciousMirai, OkiruBrowse
            rJhjUf7BQP.elfGet hashmaliciousMirai, Gafgyt, Moobot, OkiruBrowse
              PBb7j9peqi.elfGet hashmaliciousMiraiBrowse
                boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                    bq3fBe2TgH.elfGet hashmaliciousMiraiBrowse
                      109.202.202.202JupQoUiGIu.elfGet hashmaliciousUnknownBrowse
                        LGVxvlSFHL.elfGet hashmaliciousUnknownBrowse
                          fuckjewishpeople.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                            systemd-resolvedGet hashmaliciousUnknownBrowse
                              SecuriteInfo.com.Linux.Siggen.9999.2998.17754.elfGet hashmaliciousMiraiBrowse
                                SecuriteInfo.com.HEUR.Backdoor.Linux.Gafgyt.cw.32679.18049.elfGet hashmaliciousUnknownBrowse
                                  DyHButIueY.elfGet hashmaliciousMiraiBrowse
                                    39MdRU6Xso.elfGet hashmaliciousMiraiBrowse
                                      luLR9CuIwm.elfGet hashmaliciousGafgyt, MiraiBrowse
                                        h1TlO5AbE7.elfGet hashmaliciousMiraiBrowse
                                          91.189.91.43JupQoUiGIu.elfGet hashmaliciousUnknownBrowse
                                            LGVxvlSFHL.elfGet hashmaliciousUnknownBrowse
                                              fuckjewishpeople.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                systemd-resolvedGet hashmaliciousUnknownBrowse
                                                  SecuriteInfo.com.Linux.Siggen.9999.2998.17754.elfGet hashmaliciousMiraiBrowse
                                                    SecuriteInfo.com.HEUR.Backdoor.Linux.Gafgyt.cw.32679.18049.elfGet hashmaliciousUnknownBrowse
                                                      DyHButIueY.elfGet hashmaliciousMiraiBrowse
                                                        39MdRU6Xso.elfGet hashmaliciousMiraiBrowse
                                                          luLR9CuIwm.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            h1TlO5AbE7.elfGet hashmaliciousMiraiBrowse
                                                              91.189.91.42JupQoUiGIu.elfGet hashmaliciousUnknownBrowse
                                                                LGVxvlSFHL.elfGet hashmaliciousUnknownBrowse
                                                                  fuckjewishpeople.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    systemd-resolvedGet hashmaliciousUnknownBrowse
                                                                      SecuriteInfo.com.Linux.Siggen.9999.2998.17754.elfGet hashmaliciousMiraiBrowse
                                                                        SecuriteInfo.com.HEUR.Backdoor.Linux.Gafgyt.cw.32679.18049.elfGet hashmaliciousUnknownBrowse
                                                                          DyHButIueY.elfGet hashmaliciousMiraiBrowse
                                                                            39MdRU6Xso.elfGet hashmaliciousMiraiBrowse
                                                                              luLR9CuIwm.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                h1TlO5AbE7.elfGet hashmaliciousMiraiBrowse

                                                                                  Domains

                                                                                  No context

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  CANONICAL-ASGBJupQoUiGIu.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  LGVxvlSFHL.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  fuckjewishpeople.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 91.189.91.42
                                                                                  systemd-resolvedGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  SecuriteInfo.com.Linux.Siggen.9999.2998.17754.elfGet hashmaliciousMiraiBrowse
                                                                                  • 91.189.91.42
                                                                                  SecuriteInfo.com.HEUR.Backdoor.Linux.Gafgyt.cw.32679.18049.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  DyHButIueY.elfGet hashmaliciousMiraiBrowse
                                                                                  • 91.189.91.42
                                                                                  AMrO8CmESP.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                  • 185.125.190.26
                                                                                  g6oxYwoub0.elfGet hashmaliciousGafgytBrowse
                                                                                  • 185.125.190.26
                                                                                  39MdRU6Xso.elfGet hashmaliciousMiraiBrowse
                                                                                  • 91.189.91.42
                                                                                  CANONICAL-ASGBJupQoUiGIu.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  LGVxvlSFHL.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  fuckjewishpeople.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 91.189.91.42
                                                                                  systemd-resolvedGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  SecuriteInfo.com.Linux.Siggen.9999.2998.17754.elfGet hashmaliciousMiraiBrowse
                                                                                  • 91.189.91.42
                                                                                  SecuriteInfo.com.HEUR.Backdoor.Linux.Gafgyt.cw.32679.18049.elfGet hashmaliciousUnknownBrowse
                                                                                  • 91.189.91.42
                                                                                  DyHButIueY.elfGet hashmaliciousMiraiBrowse
                                                                                  • 91.189.91.42
                                                                                  AMrO8CmESP.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                  • 185.125.190.26
                                                                                  g6oxYwoub0.elfGet hashmaliciousGafgytBrowse
                                                                                  • 185.125.190.26
                                                                                  39MdRU6Xso.elfGet hashmaliciousMiraiBrowse
                                                                                  • 91.189.91.42
                                                                                  INIT7CHJupQoUiGIu.elfGet hashmaliciousUnknownBrowse
                                                                                  • 109.202.202.202
                                                                                  LGVxvlSFHL.elfGet hashmaliciousUnknownBrowse
                                                                                  • 109.202.202.202
                                                                                  fuckjewishpeople.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 109.202.202.202
                                                                                  systemd-resolvedGet hashmaliciousUnknownBrowse
                                                                                  • 109.202.202.202
                                                                                  SecuriteInfo.com.Linux.Siggen.9999.2998.17754.elfGet hashmaliciousMiraiBrowse
                                                                                  • 109.202.202.202
                                                                                  SecuriteInfo.com.HEUR.Backdoor.Linux.Gafgyt.cw.32679.18049.elfGet hashmaliciousUnknownBrowse
                                                                                  • 109.202.202.202
                                                                                  DyHButIueY.elfGet hashmaliciousMiraiBrowse
                                                                                  • 109.202.202.202
                                                                                  39MdRU6Xso.elfGet hashmaliciousMiraiBrowse
                                                                                  • 109.202.202.202
                                                                                  luLR9CuIwm.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 109.202.202.202
                                                                                  h1TlO5AbE7.elfGet hashmaliciousMiraiBrowse
                                                                                  • 109.202.202.202
                                                                                  AMAZON-02USqHRqexhc4O.elfGet hashmaliciousUnknownBrowse
                                                                                  • 34.243.160.129
                                                                                  mg5TkCr4DY.elfGet hashmaliciousUnknownBrowse
                                                                                  • 34.243.160.129
                                                                                  https://www.googleadservices.com/pagead/aclk?sa=L&ai=CEPSIY7k7Zpu1AY3rkPIP8q21mAvP_pi8d4PY85XiEsq6jPG-ARABIPT5xiVgyeaGi7ykoBqgAcCz_YIDyAEC4AIAqAMByAMIqgSdAk_QZfhjp8EKKRw8Ud-sac3T3jbhfjxjJ1sRhgU3SOjAuI5huqeTvemsIazylmO5A9WU45_edGutcUqL46MvuNtxU89a64S7xhljcSlyUs-dysnWLJ2j0jUpH_gKnco9owTuaX1dg-lH7IYSpQI3MKj-Dr00v1SC_8ZhuzoINVR1E2pcblzJpyD5_udwujRkOY3Fao0Lt8Mai9Sq-EbJfdXMijbwOeNV94FwcwlSMZ7he13IkHy_a1HexFAPvo5qqjQXKG7VuYCajYpF3q5URq0loIuDY5WXWNc5RPV77yzvPDM2ytOukuK76vBmfoFdcFIyWUc5xZIVsm9dr8SzjJNE1z63RwDOkXHpq4VxrPcl1gRfUlqaUGyYeMbOoMAEp9WvltcE4AQBiAWQgcDhTpAGAaAGAoAHqMyCfYgHAZAHAqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB_jCsQKoB_vCsQLYBwHSCCcIABACGB0yAQA6Dp_QgICAgASAwICAgKAoSL39wTpYjsuajM3-hQOxCUbAF_v0mAHVgAoDmAsByAsBqg0CVVPIDQHiDRMIlf2ajM3-hQMVjTVECB3yVg2z2BMM0BUB-BYBgBcBshgJEgLeaBgCIgEA6BgB&ae=1&gclid=Cj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB&num=1&cid=CAQSQwB7FLtqgUEuOym-5Tn68arUiPJ1jdwPgw46Y6zUHfAkI3hTIEhGQzVeYafsm9LBj6pxutwTRiLFJPhCq9OvYdD7CqQYAQ&sig=AOD64_2G4fRbd2sH1E5jnf1iXQS4SW_Q2g&client=ca-pub-6396844742497208&rf=5&nx=CLICK_X&ny=CLICK_Y&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)&uaw=UACH(wow64)&uafvl=UACH(fullVersionList)&nb=2&adurl=https://browsingwithwave.com/%3Fsrc%3Dd-aff16-cp21142438032%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695418066867%26adp%3D%26plc%3D%26tgt%3D%26sl%3D%26cpd%3D21142438032%26iid%3Dwav%26gclid%3DCj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcBGet hashmaliciousUnknownBrowse
                                                                                  • 3.163.165.44
                                                                                  https://app.degoo.com/share/0qvXztVGLoa7G-ff4OcNewGet hashmaliciousUnknownBrowse
                                                                                  • 44.235.71.62
                                                                                  https://t.co/yKnQGIBNmnGet hashmaliciousHTMLPhisherBrowse
                                                                                  • 3.163.158.17
                                                                                  https://tools.darvin.de/info?url_short=LindahumphGet hashmaliciousHTMLPhisherBrowse
                                                                                  • 99.86.38.77
                                                                                  https://tools.darvin.de/info?url_short=LindahumphGet hashmaliciousHTMLPhisherBrowse
                                                                                  • 99.86.38.103
                                                                                  https://flow.page/dramsdocsGet hashmaliciousUnknownBrowse
                                                                                  • 13.224.0.72
                                                                                  https://chs.caGet hashmaliciousUnknownBrowse
                                                                                  • 52.60.251.102
                                                                                  MR-239-1599-A.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 3.73.27.108

                                                                                  JA3 Fingerprints

                                                                                  No context

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  No created / dropped files found

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), statically linked, no section header
                                                                                  Entropy (8bit):7.962002780826721
                                                                                  TrID:
                                                                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                                  File name:Hl1XYulacW.elf
                                                                                  File size:40'536 bytes
                                                                                  MD5:489a5eaa642b85daf6a55557945272bb
                                                                                  SHA1:0e1f8a4c42c3dd0935903c89ef31d74ecf30aa7e
                                                                                  SHA256:65adaaa446f4a620994134865d20c2f1df389580eb56aa287968c1a89edcbccb
                                                                                  SHA512:826f1b8782ebdf219e15ac7d5aa2eedbe260cce50e708de874d2d3fc7bee5d3144a10c8616f408e09be0ea6f9c5599f55fe822a5eb7bdfe1d19a85d6d075ef2a
                                                                                  SSDEEP:768:tGg6Y1wRsV9swY8XRXqmOgfEkoUANrGfZ3T+hZ1tQcL4uVcqgw02NWXb:tCI9zXRXqyRTBShztlL4u+qgw06WXb
                                                                                  TLSH:BC03E165F1864CC8FEF76EB05CC1A7F023A063A73A73C1A561949E50BF12B639D146CA
                                                                                  File Content Preview:.ELF....................... ...4.........4. ...(.......................W...W...............................t........dt.Q............................Sj`#YTS..@........X...X........V.......?.E.h4...@b...................i....w4.,..R...C..s..Ay........<%.J...

                                                                                  Static ELF Info

                                                                                  ELF header

                                                                                  Class:ELF32
                                                                                  Data:2's complement, big endian
                                                                                  Version:1 (current)
                                                                                  Machine:PowerPC
                                                                                  Version Number:0x1
                                                                                  Type:EXEC (Executable file)
                                                                                  OS/ABI:UNIX - Linux
                                                                                  ABI Version:0
                                                                                  Entry Point Address:0x10008a20
                                                                                  Flags:0x0
                                                                                  ELF Header Size:52
                                                                                  Program Header Offset:52
                                                                                  Program Header Size:32
                                                                                  Number of Program Headers:3
                                                                                  Section Header Offset:0
                                                                                  Section Header Size:40
                                                                                  Number of Section Headers:0
                                                                                  Header String Table Index:0

                                                                                  Program Segments

                                                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                  LOAD0x00x100000000x100000000x9d570x9d577.96410x5R E0x10000
                                                                                  LOAD0x00x100100000x100100000x00x1bb740.00000x6RW 0x10000
                                                                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  May 8, 2024 20:15:01.423065901 CEST43928443192.168.2.2391.189.91.42
                                                                                  May 8, 2024 20:15:07.054279089 CEST42836443192.168.2.2391.189.91.43
                                                                                  May 8, 2024 20:15:08.590070009 CEST4251680192.168.2.23109.202.202.202
                                                                                  May 8, 2024 20:15:16.806646109 CEST39244443192.168.2.2334.249.145.219
                                                                                  May 8, 2024 20:15:16.806685925 CEST4433924434.249.145.219192.168.2.23
                                                                                  May 8, 2024 20:15:16.806819916 CEST39244443192.168.2.2334.249.145.219
                                                                                  May 8, 2024 20:15:16.807148933 CEST39244443192.168.2.2334.249.145.219
                                                                                  May 8, 2024 20:15:16.807162046 CEST4433924434.249.145.219192.168.2.23
                                                                                  May 8, 2024 20:15:21.900377035 CEST43928443192.168.2.2391.189.91.42
                                                                                  May 8, 2024 20:15:34.186525106 CEST42836443192.168.2.2391.189.91.43
                                                                                  May 8, 2024 20:15:38.281924009 CEST4251680192.168.2.23109.202.202.202
                                                                                  May 8, 2024 20:16:02.854465961 CEST43928443192.168.2.2391.189.91.42
                                                                                  May 8, 2024 20:16:16.799071074 CEST39244443192.168.2.2334.249.145.219
                                                                                  May 8, 2024 20:16:16.844134092 CEST4433924434.249.145.219192.168.2.23
                                                                                  May 8, 2024 20:17:06.604325056 CEST4433924434.249.145.219192.168.2.23

                                                                                  System Behavior

                                                                                  General

                                                                                  Start time (UTC):18:15:02
                                                                                  Start date (UTC):08/05/2024
                                                                                  Path:/tmp/Hl1XYulacW.elf
                                                                                  Arguments:/tmp/Hl1XYulacW.elf
                                                                                  File size:5388968 bytes
                                                                                  MD5 hash:ae65271c943d3451b7f026d1fadccea6

                                                                                  Chronological Activities


                                                                                  General

                                                                                  Start time (UTC):18:16:16
                                                                                  Start date (UTC):08/05/2024
                                                                                  Path:/usr/bin/dash
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Chronological Activities


                                                                                  General

                                                                                  Start time (UTC):18:16:16
                                                                                  Start date (UTC):08/05/2024
                                                                                  Path:/usr/bin/rm
                                                                                  Arguments:rm -f /tmp/tmp.1dHBsZ9vQm /tmp/tmp.QBpcbtzv5e /tmp/tmp.nIbwx9jBcD
                                                                                  File size:72056 bytes
                                                                                  MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                                  Chronological Activities


                                                                                  General

                                                                                  Start time (UTC):18:16:16
                                                                                  Start date (UTC):08/05/2024
                                                                                  Path:/usr/bin/dash
                                                                                  Arguments:-
                                                                                  File size:129816 bytes
                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                  Chronological Activities


                                                                                  General

                                                                                  Start time (UTC):18:16:16
                                                                                  Start date (UTC):08/05/2024
                                                                                  Path:/usr/bin/rm
                                                                                  Arguments:rm -f /tmp/tmp.1dHBsZ9vQm /tmp/tmp.QBpcbtzv5e /tmp/tmp.nIbwx9jBcD
                                                                                  File size:72056 bytes
                                                                                  MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                                  Chronological Activities