flash

7ZDbt9EUgm

Status: finished
Submission Time: 22.02.2020 20:31:22
Malicious
Trojan
Evader
XorDDoS

Comments

Tags

Details

  • Analysis ID:
    210233
  • API (Web) ID:
    317728
  • Analysis Started:
    22.02.2020 20:31:30
  • Analysis Finished:
    22.02.2020 20:37:28
  • MD5:
    35793cbfd0a4376ea9380ffed9182334
  • SHA1:
    31e5d905407966ca953def90eb45df417127cf38
  • SHA256:
    303bb187a06415eedc0c5ece5692fe05b03e286435472d0e4fd4ca9386d9acf4
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

malicious
100/100

malicious
38/61

malicious
13/37

malicious

IPs

IP Country Detection
51.89.70.85
France

Domains

Name IP Detection
ppp.gggatat456.com
51.89.70.85
aa.hostasa.org
0.0.0.0

URLs

Name Detection
http://www.gnu.org/software/libc/bugs.html

Dropped files

Name File Type Hashes Detection
/etc/cron.hourly/gcc.sh
POSIX shell script, ASCII text executable
#
/etc/crontab
ASCII text
#
/etc/init.d/.depend.boot
ASCII text, with very long lines
#
Click to see the 20 hidden entries
/etc/init.d/.depend.start
ASCII text, with very long lines
#
/etc/init.d/.depend.stop
ASCII text, with very long lines
#
/etc/init.d/7ZDbt9EUgm
POSIX shell script, ASCII text executable
#
/lib/libudev.so
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/glqextqofd
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/ijcqwxbdhz
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/irfnqzsahb
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/nbfxmtmegk
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/nvuitguduy
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/oaoqcduvnb
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/oznztmtuky
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/pabosymmxs
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/pcuwuugyyb
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/qntdgcmcoc
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, missing section headers
#
/usr/bin/rsgfjuzzjl
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/sbxtrbnjfg
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/whhdehxlbh
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/usr/bin/wtpmrwxnnu
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
#
/etc/sedmiMd1h
ASCII text
#
/run/gcc.pid
ASCII text, with no line terminators
#