Source: tnMrX1z0d5 |
Virustotal: Detection: 34% |
Perma Link |
Source: /tmp/tnMrX1z0d5 (PID: 5225) |
Opens: /proc/net/route |
Jump to behavior |
Source: global traffic |
TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80 |
Source: global traffic |
TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443 |
Source: global traffic |
TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443 |
Source: global traffic |
TCP traffic: 192.168.2.23:44652 -> 167.114.109.203:6525 |
Source: unknown |
Network traffic detected: HTTP traffic on port 43928 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 42836 -> 443 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.114.109.203 |
Source: ELF static info symbol of initial sample |
.symtab present: no |
Source: classification engine |
Classification label: mal52.spre.lin@0/0@0/0 |
Source: /tmp/tnMrX1z0d5 (PID: 5225) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: tnMrX1z0d5, 5225.1.000000004b6d5173.0000000080d1d109.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-sh4 |
Source: tnMrX1z0d5, 5225.1.000000004b6d5173.0000000080d1d109.rw-.sdmp |
Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/tnMrX1z0d5SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/tnMrX1z0d5 |
Source: tnMrX1z0d5, 5225.1.00000000666558cc.000000006856112d.rw-.sdmp |
Binary or memory string: U5!/etc/qemu-binfmt/sh4 |
Source: tnMrX1z0d5, 5225.1.00000000666558cc.000000006856112d.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/sh4 |