Linux Analysis Report ZErnXU2XR1

Overview

General Information

Sample Name:	ZErnXU2XR1
Analysis ID:	510751
MD5:	dec1c1dff6adf627db111bb9629e872a
SHA1:	2c22e2e33f8a786ac575f275608f05a0b346c540
SHA256:	fabf187ea5f3a82f9b13083203deccf34ac00881428b080be04b92fbe2a53c42
Tags:	32elfgafgytintel
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: ZErnXU2XR1	Virustotal: Detection: 54%			Perma Link
Source: ZErnXU2XR1	ReversingLabs: Detection: 55%

Machine Learning detection for sample

Source: ZErnXU2XR1

Joe Sandbox ML: detected

Networking:

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:52604 -> 45.148.120.226:666

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226
Source: unknown	TCP traffic detected without corresponding DNS query: 45.148.120.226

Source: ELF static info symbol of initial sample	FILE: libc/sysdeps/linux/i386/crt1.S
Source: ELF static info symbol of initial sample	FILE: libc/sysdeps/linux/i386/crti.S
Source: ELF static info symbol of initial sample	FILE: libc/sysdeps/linux/i386/crtn.S
Source: ELF static info symbol of initial sample	FILE: libc/sysdeps/linux/i386/mmap.S
Source: ELF static info symbol of initial sample	FILE: libc/sysdeps/linux/i386/vfork.S

Source: classification engine

Classification label: mal52.lin@0/0@0/0

Source: ZErnXU2XR1

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
45.148.120.226	unknown	Netherlands	64425	SKB-ENTERPRISENL	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

ID:	510751
Product:	CloudBasic
Start time:	08:07:23
Start date:	28.10.2021
Sample:	ZErnXU2XR1
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	dec1c1dff6adf627db111bb9629e872a
SHA1:	2c22e2e33f8a786ac575f275608f05a0b346c540
SHA256:	fabf187ea5f3a82f9b13083203deccf34ac00881428b080be04b92fbe2a53c42
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Linux Analysis Report ZErnXU2XR1

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Screenshots

Network Map

Contacted Public IPs