Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
oTdXpH4hrI

Overview

General Information

Sample Name:oTdXpH4hrI
Analysis ID:557422
MD5:0dbe787e1b8ab7f004a55b418e3141c4
SHA1:0506160d345965ffb7ffa6edb155ddfab10d1ae4
SHA256:d7d2cab6f55b5b9b2bbd12911c450981eb6d84da22ef13ae1cf9b2d31a336b2d
Tags:32elfmipsmirai
Infos:

Detection

Mirai
Score:64
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:557422
Start date:21.01.2022
Start time:04:26:28
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 46s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:oTdXpH4hrI
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal64.troj.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/oTdXpH4hrI
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
DaddyL33T Infected Your Shit
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: oTdXpH4hrIVirustotal: Detection: 50%Perma Link
    Source: oTdXpH4hrIReversingLabs: Detection: 58%

    Networking

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.27.182.36:23 -> 192.168.2.23:43438
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.27.182.36:23 -> 192.168.2.23:43438
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35172
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35172
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46324
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46324
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35204
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35204
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46378
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46378
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35266
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35266
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46396
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46396
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:32798
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35302 -> 171.101.68.7:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48158
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46424
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46424
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35302
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35302
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:32870
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48188
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48204
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:32896
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48216
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46504
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46504
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35384
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35384
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48256
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48346
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46636
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46636
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:33052
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48372
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:48372 -> 59.106.42.241:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35540
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35540
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48404
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38338
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38338
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48418
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46704
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46704
    Source: TrafficSnort IDS: 716 INFO TELNET access 59.106.42.241:23 -> 192.168.2.23:48446
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:33126
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38386
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38386
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35614
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35614
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46750
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46750
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:33178 -> 14.205.71.245:23
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:33178
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38432
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38432
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35690 -> 171.101.68.7:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35690
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35690
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46818
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46818
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:33222
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38470
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38470
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 109.170.93.178:23 -> 192.168.2.23:37092
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 109.170.93.178:23 -> 192.168.2.23:37092
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:33258
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 195.242.232.60:23 -> 192.168.2.23:46868
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 195.242.232.60:23 -> 192.168.2.23:46868
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38518
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38518
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35746
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35746
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:33314 -> 14.205.71.245:23
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:33314
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38566
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38566
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.205.71.245:23 -> 192.168.2.23:33332
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 171.101.68.7:23 -> 192.168.2.23:35806
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 171.101.68.7:23 -> 192.168.2.23:35806
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38594
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38594
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:43096 -> 113.69.138.27:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38666
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38666
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 109.170.93.178:23 -> 192.168.2.23:37294
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 109.170.93.178:23 -> 192.168.2.23:37294
    Source: TrafficSnort IDS: 716 INFO TELNET access 211.210.93.93:23 -> 192.168.2.23:54376
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:54376 -> 211.210.93.93:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.210.93.93:23 -> 192.168.2.23:54376
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.210.93.93:23 -> 192.168.2.23:54376
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38718
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38718
    Source: TrafficSnort IDS: 716 INFO TELNET access 211.210.93.93:23 -> 192.168.2.23:54414
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.210.93.93:23 -> 192.168.2.23:54414
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.210.93.93:23 -> 192.168.2.23:54414
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.97.39.118:23 -> 192.168.2.23:38748
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.97.39.118:23 -> 192.168.2.23:38748
    Source: TrafficSnort IDS: 716 INFO TELNET access 211.210.93.93:23 -> 192.168.2.23:54496
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 109.248.224.142:23 -> 192.168.2.23:33122
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 109.248.224.142:23 -> 192.168.2.23:33122
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.247.156.224:23 -> 192.168.2.23:48824
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.247.156.224:23 -> 192.168.2.23:48824
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.210.93.93:23 -> 192.168.2.23:54496
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.210.93.93:23 -> 192.168.2.23:54496
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 109.170.93.178:23 -> 192.168.2.23:37460
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 109.170.93.178:23 -> 192.168.2.23:37460
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 109.248.224.142:23 -> 192.168.2.23:33248
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 109.248.224.142:23 -> 192.168.2.23:33248
    Source: TrafficSnort IDS: 716 INFO TELNET access 211.210.93.93:23 -> 192.168.2.23:54710
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.210.93.93:23 -> 192.168.2.23:54710
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.210.93.93:23 -> 192.168.2.23:54710
    Source: TrafficSnort IDS: 716 INFO TELNET access 210.86.160.30:23 -> 192.168.2.23:35598
    Source: TrafficSnort IDS: 716 INFO TELNET access 37.210.150.224:23 -> 192.168.2.23:38740
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 109.248.224.142:23 -> 192.168.2.23:33432
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 109.248.224.142:23 -> 192.168.2.23:33432
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 37.210.150.224:23 -> 192.168.2.23:38740
    Source: TrafficSnort IDS: 716 INFO TELNET access 189.109.99.86:23 -> 192.168.2.23:45562
    Source: TrafficSnort IDS: 2023436 ET TROJAN Possible Linux.Mirai Login Attempt (anko) 192.168.2.23:45340 -> 92.27.32.168:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 181.208.148.198:23 -> 192.168.2.23:35062
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 181.208.148.198:23 -> 192.168.2.23:35062
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.87.82.70:23 -> 192.168.2.23:40016
    Source: TrafficSnort IDS: 716 INFO TELNET access 125.40.199.178:23 -> 192.168.2.23:55972
    Source: TrafficSnort IDS: 716 INFO TELNET access 37.210.150.224:23 -> 192.168.2.23:38892
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 37.210.150.224:23 -> 192.168.2.23:38892
    Source: TrafficSnort IDS: 716 INFO TELNET access 211.210.93.93:23 -> 192.168.2.23:55008
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 125.40.199.178:23 -> 192.168.2.23:55972
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.210.93.93:23 -> 192.168.2.23:55008
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.210.93.93:23 -> 192.168.2.23:55008
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 223.22.253.150:23 -> 192.168.2.23:50640
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 223.22.253.150:23 -> 192.168.2.23:50640
    Source: TrafficSnort IDS: 716 INFO TELNET access 37.210.150.224:23 -> 192.168.2.23:39048
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 109.248.224.142:23 -> 192.168.2.23:33684
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 109.248.224.142:23 -> 192.168.2.23:33684
    Source: TrafficSnort IDS: 716 INFO TELNET access 125.40.199.178:23 -> 192.168.2.23:56156
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 37.210.150.224:23 -> 192.168.2.23:39048
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 181.208.148.198:23 -> 192.168.2.23:35334
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 181.208.148.198:23 -> 192.168.2.23:35334
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 64.33.204.20:23 -> 192.168.2.23:50184
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 64.33.204.20:23 -> 192.168.2.23:50184
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 125.40.199.178:23 -> 192.168.2.23:56156
    Source: TrafficSnort IDS: 716 INFO TELNET access 190.181.129.62:23 -> 192.168.2.23:50036
    Source: TrafficSnort IDS: 716 INFO TELNET access 41.220.252.22:23 -> 192.168.2.23:60154
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:59584 -> 45.88.181.48:420
    Source: /tmp/oTdXpH4hrI (PID: 5224)Socket: 0.0.0.0::0
    Source: /tmp/oTdXpH4hrI (PID: 5224)Socket: 0.0.0.0::23
    Source: /tmp/oTdXpH4hrI (PID: 5224)Socket: 0.0.0.0::53413
    Source: /tmp/oTdXpH4hrI (PID: 5224)Socket: 0.0.0.0::80
    Source: /tmp/oTdXpH4hrI (PID: 5224)Socket: 0.0.0.0::52869
    Source: /tmp/oTdXpH4hrI (PID: 5224)Socket: 0.0.0.0::37215
    Source: /tmp/oTdXpH4hrI (PID: 5230)Socket: 0.0.0.0::0
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 45.88.181.48
    Source: unknownTCP traffic detected without corresponding DNS query: 13.99.3.91
    Source: unknownTCP traffic detected without corresponding DNS query: 213.48.51.91
    Source: unknownTCP traffic detected without corresponding DNS query: 218.125.48.112
    Source: unknownTCP traffic detected without corresponding DNS query: 18.218.242.197
    Source: unknownTCP traffic detected without corresponding DNS query: 109.194.253.165
    Source: unknownTCP traffic detected without corresponding DNS query: 60.114.129.93
    Source: unknownTCP traffic detected without corresponding DNS query: 129.12.65.33
    Source: unknownTCP traffic detected without corresponding DNS query: 176.251.11.190
    Source: unknownTCP traffic detected without corresponding DNS query: 24.34.248.233
    Source: unknownTCP traffic detected without corresponding DNS query: 16.5.134.136
    Source: unknownTCP traffic detected without corresponding DNS query: 99.40.14.192
    Source: unknownTCP traffic detected without corresponding DNS query: 59.72.151.245
    Source: unknownTCP traffic detected without corresponding DNS query: 206.172.101.52
    Source: unknownTCP traffic detected without corresponding DNS query: 188.248.144.30
    Source: unknownTCP traffic detected without corresponding DNS query: 244.227.74.205
    Source: unknownTCP traffic detected without corresponding DNS query: 179.170.46.168
    Source: unknownTCP traffic detected without corresponding DNS query: 241.191.180.87
    Source: unknownTCP traffic detected without corresponding DNS query: 160.56.37.54
    Source: unknownTCP traffic detected without corresponding DNS query: 153.197.243.208
    Source: unknownTCP traffic detected without corresponding DNS query: 156.90.122.223
    Source: unknownTCP traffic detected without corresponding DNS query: 133.222.56.123
    Source: unknownTCP traffic detected without corresponding DNS query: 118.79.36.7
    Source: unknownTCP traffic detected without corresponding DNS query: 116.136.250.115
    Source: unknownTCP traffic detected without corresponding DNS query: 217.55.73.199
    Source: unknownTCP traffic detected without corresponding DNS query: 117.164.73.184
    Source: unknownTCP traffic detected without corresponding DNS query: 122.92.35.228
    Source: unknownTCP traffic detected without corresponding DNS query: 253.129.94.157
    Source: unknownTCP traffic detected without corresponding DNS query: 216.250.52.131
    Source: unknownTCP traffic detected without corresponding DNS query: 203.236.93.165
    Source: unknownTCP traffic detected without corresponding DNS query: 157.12.95.197
    Source: unknownTCP traffic detected without corresponding DNS query: 163.144.160.244
    Source: unknownTCP traffic detected without corresponding DNS query: 31.68.227.50
    Source: unknownTCP traffic detected without corresponding DNS query: 40.61.42.154
    Source: unknownTCP traffic detected without corresponding DNS query: 157.249.88.204
    Source: unknownTCP traffic detected without corresponding DNS query: 44.17.132.191
    Source: unknownTCP traffic detected without corresponding DNS query: 57.61.211.145
    Source: unknownTCP traffic detected without corresponding DNS query: 104.186.247.49
    Source: unknownTCP traffic detected without corresponding DNS query: 67.194.183.198
    Source: unknownTCP traffic detected without corresponding DNS query: 84.68.236.88
    Source: unknownTCP traffic detected without corresponding DNS query: 175.144.160.84
    Source: unknownTCP traffic detected without corresponding DNS query: 115.107.41.93
    Source: unknownTCP traffic detected without corresponding DNS query: 183.18.226.158
    Source: unknownTCP traffic detected without corresponding DNS query: 109.125.184.245
    Source: unknownTCP traffic detected without corresponding DNS query: 223.251.22.37
    Source: unknownTCP traffic detected without corresponding DNS query: 101.72.146.175
    Source: unknownTCP traffic detected without corresponding DNS query: 40.100.208.70
    Source: unknownTCP traffic detected without corresponding DNS query: 5.83.64.208
    Source: unknownTCP traffic detected without corresponding DNS query: 23.57.120.136
    Source: unknownTCP traffic detected without corresponding DNS query: 114.86.122.204
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/oTdXpH4hrI (PID: 5224)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/oTdXpH4hrI (PID: 5230)SIGKILL sent: pid: 936, result: successful
    Source: classification engineClassification label: mal64.troj.lin@0/0@0/0
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/491/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/793/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/772/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/796/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/774/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/797/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/777/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/799/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/658/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/912/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/759/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/936/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/918/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/1/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/761/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/785/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/884/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/720/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/721/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/788/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/789/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/800/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/801/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/847/fd
    Source: /tmp/oTdXpH4hrI (PID: 5230)File opened: /proc/904/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/491/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/793/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/772/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/796/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/774/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/797/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/777/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/799/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/658/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/912/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/759/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/936/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/918/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/1/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/761/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/785/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/884/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/720/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/721/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/788/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/789/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/800/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/801/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/847/fd
    Source: /tmp/oTdXpH4hrI (PID: 5224)File opened: /proc/904/fd
    Source: /tmp/oTdXpH4hrI (PID: 5222)Queries kernel information via 'uname':
    Source: oTdXpH4hrI, 5222.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5224.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5321.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5338.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5327.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5225.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5334.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5231.1.000000007605e787.000000009fa22cef.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
    Source: oTdXpH4hrI, 5222.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5224.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5321.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5338.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5327.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5225.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5334.1.000000007605e787.000000009fa22cef.rw-.sdmp, oTdXpH4hrI, 5231.1.000000007605e787.000000009fa22cef.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/mipsel
    Source: oTdXpH4hrI, 5222.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5224.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5321.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5338.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5327.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5225.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5334.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5231.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmpBinary or memory string: ux86_64/usr/bin/qemu-mipsel/tmp/oTdXpH4hrISUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/oTdXpH4hrI
    Source: oTdXpH4hrI, 5222.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5224.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5321.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5338.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5327.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5225.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5334.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmp, oTdXpH4hrI, 5231.1.0000000029ef6d05.00000000e9b6e899.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
    Non-Standard Port    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 557422 Sample: oTdXpH4hrI Startdate: 21/01/2022 Architecture: LINUX Score: 64 42 156.127.187.76 XNSTGCA United States 2->42 44 98.23.53.117 WINDSTREAMUS United States 2->44 46 98 other IPs or domains 2->46 48 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected Mirai 2->52 10 oTdXpH4hrI 2->10         started        signatures3 process4 process5 12 oTdXpH4hrI 10->12         started        14 oTdXpH4hrI 10->14         started        16 oTdXpH4hrI 10->16         started        process6 18 oTdXpH4hrI 12->18         started        20 oTdXpH4hrI 12->20         started        22 oTdXpH4hrI 14->22         started        24 oTdXpH4hrI 14->24         started        26 oTdXpH4hrI 14->26         started        process7 28 oTdXpH4hrI 18->28         started        30 oTdXpH4hrI 18->30         started        32 oTdXpH4hrI 18->32         started        34 oTdXpH4hrI 22->34         started        36 oTdXpH4hrI 22->36         started        process8 38 oTdXpH4hrI 28->38         started        40 oTdXpH4hrI 28->40         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    oTdXpH4hrI50%VirustotalBrowse
    oTdXpH4hrI58%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    248.18.203.183
    		unknownReserved
    		unknownunknownfalse
    97.208.122.175
    		unknownUnited States
    		6167CELLCO-PARTUSfalse
    41.253.208.33
    		unknownLibyan Arab Jamahiriya
    		21003GPTC-ASLYfalse
    157.51.180.43
    		unknownIndia
    		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
    146.35.146.91
    		unknownUnited States
    		197938TRAVIANGAMESDEfalse
    161.255.247.82
    		unknownVenezuela
    		25667HOME-SHOPPING-NETWORKUSfalse
    2.239.41.68
    		unknownItaly
    		12874FASTWEBITfalse
    102.254.127.160
    		unknownSouth Africa
    		5713SAIX-NETZAfalse
    208.117.171.2
    		unknownUnited States
    		32748STEADFASTUSfalse
    117.238.129.163
    		unknownIndia
    		9829BSNL-NIBNationalInternetBackboneINfalse
    201.77.110.64
    		unknownunknown
    		265627NIDIXNETWORKSSADECVMXfalse
    157.162.143.44
    		unknownGermany
    		22192SSHENETUSfalse
    166.121.243.148
    		unknownSingapore
    		9911CONNECTPLUS-APSingaporeTelecomSGfalse
    184.202.73.1
    		unknownUnited States
    		10507SPCSUSfalse
    153.144.127.19
    		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
    116.64.179.121
    		unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
    179.133.103.140
    		unknownBrazil
    		26599TELEFONICABRASILSABRfalse
    220.94.246.166
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    189.46.228.49
    		unknownBrazil
    		27699TELEFONICABRASILSABRfalse
    156.127.187.76
    		unknownUnited States
    		393504XNSTGCAfalse
    191.68.118.53
    		unknownColombia
    		26611COMCELSACOfalse
    156.24.81.178
    		unknownUnited States
    		29975VODACOM-ZAfalse
    62.156.228.117
    		unknownGermany
    		3320DTAGInternetserviceprovideroperationsDEfalse
    34.141.74.69
    		unknownUnited States
    		2686ATGS-MMD-ASUSfalse
    154.118.174.227
    		unknownMali
    		30985IKATELNETMLfalse
    17.83.16.172
    		unknownUnited States
    		714APPLE-ENGINEERINGUSfalse
    19.35.34.22
    		unknownUnited States
    		3MIT-GATEWAYSUSfalse
    219.43.181.12
    		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
    206.155.137.26
    		unknownUnited States
    		3561CENTURYLINK-LEGACY-SAVVISUSfalse
    119.98.22.197
    		unknownChina
    		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
    250.139.144.230
    		unknownReserved
    		unknownunknownfalse
    160.63.37.99
    		unknownSwitzerland
    		25031NOVARTIS-CHfalse
    119.143.77.106
    		unknownChina
    		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
    179.77.43.204
    		unknownBrazil
    		26615TIMSABRfalse
    207.138.188.246
    		unknownUnited States
    		3549LVLT-3549USfalse
    88.156.212.231
    		unknownPoland
    		29314VECTRANET-ASAlZwyciestwa25381-525GdyniaPolandPLfalse
    39.237.94.34
    		unknownIndonesia
    		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
    71.118.210.182
    		unknownUnited States
    		701UUNETUSfalse
    67.186.82.247
    		unknownUnited States
    		7922COMCAST-7922USfalse
    169.35.183.186
    		unknownSwitzerland
    		37611AfrihostZAfalse
    162.49.240.214
    		unknownUnited States
    		35893ACPCAfalse
    176.25.33.205
    		unknownUnited Kingdom
    		5607BSKYB-BROADBAND-ASGBfalse
    41.137.15.163
    		unknownMorocco
    		36884MAROCCONNECTMAfalse
    46.183.211.230
    		unknownPoland
    		51996MICROSTRATEGY_POLAND-ASPLfalse
    35.232.98.157
    		unknownUnited States
    		15169GOOGLEUSfalse
    97.202.183.139
    		unknownUnited States
    		6167CELLCO-PARTUSfalse
    115.44.238.221
    		unknownChina
    		17962TOPWAY-NETShenZhenTopwayVideoCommunicationCoLtdCNfalse
    95.172.134.25
    		unknownRussian Federation
    		60879SYSTEMPROJECTS-ASKrasnoyarskRUfalse
    141.55.19.217
    		unknownGermany
    		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
    202.114.33.255
    		unknownChina
    		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
    154.50.188.248
    		unknownUnited States
    		174COGENT-174USfalse
    161.234.123.194
    		unknownVenezuela
    		396269BPL-ASNUSfalse
    66.252.187.196
    		unknownUnited States
    		25606CPVCOMUSfalse
    243.82.211.65
    		unknownReserved
    		unknownunknownfalse
    54.52.248.114
    		unknownUnited States
    		14618AMAZON-AESUSfalse
    206.244.4.20
    		unknownUnited States
    		600OARNET-ASUSfalse
    87.243.148.176
    		unknownAustria
    		35370AINET-ASATfalse
    157.203.98.74
    		unknownUnited Kingdom
    		1759TSF-IP-CORETeliaFinlandOyjEUfalse
    95.156.28.222
    		unknownMacedonia
    		6821MT-AS-OWNbulOrceNikolovbbMKfalse
    164.105.204.209
    		unknownUnited States
    		54060POUDRESCHOOLDISTRICTUSfalse
    129.4.161.230
    		unknownUnited States
    		1906NORTHROP-GRUMMANUSfalse
    197.204.101.18
    		unknownAlgeria
    		36947ALGTEL-ASDZfalse
    113.122.67.53
    		unknownChina
    		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
    250.197.76.186
    		unknownReserved
    		unknownunknownfalse
    79.19.233.101
    		unknownItaly
    		3269ASN-IBSNAZITfalse
    190.84.94.126
    		unknownColombia
    		10620TelmexColombiaSACOfalse
    216.127.235.58
    		unknownUnited States
    		3356LEVEL3USfalse
    98.23.53.117
    		unknownUnited States
    		7029WINDSTREAMUSfalse
    32.212.93.213
    		unknownUnited States
    		46690SNET-FCCUSfalse
    82.66.137.156
    		unknownFrance
    		12322PROXADFRfalse
    142.130.66.40
    		unknownCanada
    		13576SDNW-13576USfalse
    185.0.80.136
    		unknownunknown
    		5778CENTURYLINK-LEGACY-EMBARQ-RCMTUSfalse
    43.87.148.114
    		unknownJapan4249LILLY-ASUSfalse
    182.83.127.87
    		unknownChina
    		23771SXBCTV-APSXBCTVInternetServiceProviderCNfalse
    84.190.75.150
    		unknownGermany
    		3320DTAGInternetserviceprovideroperationsDEfalse
    44.52.114.166
    		unknownUnited States
    		7377UCSDUSfalse
    31.145.206.225
    		unknownTurkey
    		15924BORUSANTELEKOM-ASTRfalse
    129.7.118.186
    		unknownUnited States
    		7276UNIVERSITY-OF-HOUSTONUSfalse
    182.101.237.254
    		unknownChina
    		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
    119.219.228.191
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    156.215.116.37
    		unknownEgypt
    		8452TE-ASTE-ASEGfalse
    62.233.213.0
    		unknownPoland
    		12741AS-NETIAWarszawa02-822PLfalse
    173.249.196.174
    		unknownUnited States
    		11878TZULOUSfalse
    198.227.253.234
    		unknownUnited States
    		18933USCC-MPLS01USfalse
    99.145.18.237
    		unknownUnited States
    		7018ATT-INTERNET4USfalse
    76.134.26.255
    		unknownUnited States
    		7922COMCAST-7922USfalse
    59.211.133.118
    		unknownChina
    		2516KDDIKDDICORPORATIONJPfalse
    139.29.139.114
    		unknownGermany
    		8767MNET-ASGermanyDEfalse
    65.85.104.218
    		unknownUnited States
    		18566MEGAPATH5-USfalse
    38.79.169.249
    		unknownUnited States
    		174COGENT-174USfalse
    14.158.135.47
    		unknownChina
    		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
    158.81.56.222
    		unknownUnited States
    		16746RELIANTENERGYUSfalse
    217.96.200.70
    		unknownPoland
    		5617TPNETPLfalse
    147.137.74.158
    		unknownUnited States
    		20214COMCAST-20214USfalse
    45.239.81.192
    		unknownBrazil
    		268384JCTELECOMBRfalse
    188.90.34.47
    		unknownNetherlands
    		31615TMO-NL-ASNLfalse
    39.207.89.158
    		unknownIndonesia
    		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
    165.7.64.57
    		unknownUnited States
    		46512UT-MEDICAL-CENTERUSfalse
    183.104.26.58
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    13.50.219.72
    		unknownUnited States
    		16509AMAZON-02USfalse

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
    Entropy (8bit):5.426622535894816
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:oTdXpH4hrI
    File size:71528
    MD5:0dbe787e1b8ab7f004a55b418e3141c4
    SHA1:0506160d345965ffb7ffa6edb155ddfab10d1ae4
    SHA256:d7d2cab6f55b5b9b2bbd12911c450981eb6d84da22ef13ae1cf9b2d31a336b2d
    SHA512:9f79dd65e0beb8f8b18db5f19352e95c3bb0ca6aeebb55545b980f29f9b4d7dd76b2abefe84cc8a08db4d8cb650a0c25f6c8c7819bb08232ab9c3ca6ccd52942
    SSDEEP:768:JxNCJ0EYlDYhxD9ZbsFywLX3U6nFW9N6PNo0se15DSeue2qeNncoNjpkGUrXivM0:JxNCJBYld4ww/9wPqe1IT/qSnMhA5
    File Content Preview:.ELF....................`.@.4...`.......4. ...(...............@...@...........................E...E.................Q.td...............................<...'!......'.......................<...'!... .........9'.. ........................<...'!........... .9

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, little endian
    Version:1 (current)
    Machine:MIPS R3000
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x400260
    Flags:0x1007
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:71008
    Section Header Size:40
    Number of Section Headers:13
    Header String Table Index:12

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .initPROGBITS0x4000940x940x8c0x00x6AX004
    .textPROGBITS0x4001200x1200x106700x00x6AX0016
    .finiPROGBITS0x4107900x107900x5c0x00x6AX004
    .rodataPROGBITS0x4107f00x107f00x6100x00x2A0016
    .ctorsPROGBITS0x4510000x110000x80x00x3WA004
    .dtorsPROGBITS0x4510080x110080x80x00x3WA004
    .dataPROGBITS0x4510200x110200x1900x00x3WA0016
    .gotPROGBITS0x4511b00x111b00x3580x40x10000003WA0016
    .sbssNOBITS0x4515080x115080x240x00x10000003WA004
    .bssNOBITS0x4515300x115080x2a00x00x3WA0016
    .mdebug.abi32PROGBITS0x6540x115080x00x00x0001
    .shstrtabSTRTAB0x00x115080x570x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x4000000x4000000x10e000x10e003.35490x5R E0x10000.init .text .fini .rodata
    LOAD0x110000x4510000x4510000x5080x7d02.01070x6RW 0x10000.ctors .dtors .data .got .sbss .bss
    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 21, 2022 04:27:12.973728895 CET59584420192.168.2.2345.88.181.48
    Jan 21, 2022 04:27:13.012566090 CET318123192.168.2.2313.99.3.91
    Jan 21, 2022 04:27:13.012772083 CET318123192.168.2.23213.48.51.91
    Jan 21, 2022 04:27:13.012819052 CET318123192.168.2.23218.125.48.112
    Jan 21, 2022 04:27:13.012820005 CET318123192.168.2.2318.218.242.197
    Jan 21, 2022 04:27:13.012841940 CET318123192.168.2.23109.194.253.165
    Jan 21, 2022 04:27:13.012861013 CET318123192.168.2.2360.114.129.93
    Jan 21, 2022 04:27:13.012872934 CET318123192.168.2.23129.12.65.33
    Jan 21, 2022 04:27:13.012881994 CET318123192.168.2.23176.251.11.190
    Jan 21, 2022 04:27:13.012892962 CET318123192.168.2.2324.34.248.233
    Jan 21, 2022 04:27:13.012906075 CET318123192.168.2.2316.5.134.136
    Jan 21, 2022 04:27:13.012923002 CET318123192.168.2.2399.40.14.192
    Jan 21, 2022 04:27:13.012947083 CET318123192.168.2.2359.72.151.245
    Jan 21, 2022 04:27:13.012953043 CET318123192.168.2.23206.172.101.52
    Jan 21, 2022 04:27:13.012963057 CET318123192.168.2.23103.22.210.201
    Jan 21, 2022 04:27:13.013010025 CET318123192.168.2.23188.248.144.30
    Jan 21, 2022 04:27:13.013051033 CET318123192.168.2.23244.227.74.205
    Jan 21, 2022 04:27:13.013058901 CET318123192.168.2.23179.170.46.168
    Jan 21, 2022 04:27:13.013088942 CET318123192.168.2.23241.191.180.87
    Jan 21, 2022 04:27:13.013230085 CET318123192.168.2.23160.56.37.54
    Jan 21, 2022 04:27:13.013340950 CET318123192.168.2.23153.197.243.208
    Jan 21, 2022 04:27:13.013369083 CET318123192.168.2.23156.90.122.223
    Jan 21, 2022 04:27:13.013386011 CET318123192.168.2.23133.222.56.123
    Jan 21, 2022 04:27:13.013436079 CET318123192.168.2.23118.79.36.7
    Jan 21, 2022 04:27:13.013438940 CET318123192.168.2.23116.136.250.115
    Jan 21, 2022 04:27:13.013439894 CET318123192.168.2.23217.55.73.199
    Jan 21, 2022 04:27:13.013442993 CET318123192.168.2.23117.164.73.184
    Jan 21, 2022 04:27:13.013545036 CET318123192.168.2.23122.92.35.228
    Jan 21, 2022 04:27:13.013555050 CET318123192.168.2.23253.129.94.157
    Jan 21, 2022 04:27:13.013556004 CET318123192.168.2.23216.250.52.131
    Jan 21, 2022 04:27:13.013565063 CET318123192.168.2.23203.236.93.165
    Jan 21, 2022 04:27:13.013571024 CET318123192.168.2.23157.12.95.197
    Jan 21, 2022 04:27:13.013581038 CET318123192.168.2.23163.144.160.244
    Jan 21, 2022 04:27:13.013586998 CET318123192.168.2.2331.68.227.50
    Jan 21, 2022 04:27:13.013592958 CET318123192.168.2.2340.61.42.154
    Jan 21, 2022 04:27:13.013638973 CET318123192.168.2.23157.249.88.204
    Jan 21, 2022 04:27:13.013641119 CET318123192.168.2.2344.17.132.191
    Jan 21, 2022 04:27:13.013669014 CET318123192.168.2.2357.61.211.145
    Jan 21, 2022 04:27:13.013748884 CET318123192.168.2.23104.186.247.49
    Jan 21, 2022 04:27:13.013748884 CET318123192.168.2.2367.194.183.198
    Jan 21, 2022 04:27:13.013761044 CET318123192.168.2.2384.68.236.88
    Jan 21, 2022 04:27:13.013761997 CET318123192.168.2.23175.144.160.84
    Jan 21, 2022 04:27:13.013763905 CET318123192.168.2.23115.107.41.93
    Jan 21, 2022 04:27:13.013765097 CET318123192.168.2.23183.18.226.158
    Jan 21, 2022 04:27:13.013762951 CET318123192.168.2.23109.125.184.245
    Jan 21, 2022 04:27:13.013768911 CET318123192.168.2.23223.251.22.37
    Jan 21, 2022 04:27:13.013775110 CET318123192.168.2.23101.72.146.175
    Jan 21, 2022 04:27:13.013777018 CET318123192.168.2.2340.100.208.70
    Jan 21, 2022 04:27:13.013796091 CET318123192.168.2.235.83.64.208
    Jan 21, 2022 04:27:13.013827085 CET318123192.168.2.2323.57.120.136
    Jan 21, 2022 04:27:13.013873100 CET318123192.168.2.23114.86.122.204
    Jan 21, 2022 04:27:13.013880014 CET318123192.168.2.23180.37.66.108
    Jan 21, 2022 04:27:13.013880968 CET318123192.168.2.23106.95.142.235
    Jan 21, 2022 04:27:13.013914108 CET318123192.168.2.23122.1.245.166
    Jan 21, 2022 04:27:13.013915062 CET318123192.168.2.23218.10.121.55
    Jan 21, 2022 04:27:13.013920069 CET318123192.168.2.23168.232.99.90
    Jan 21, 2022 04:27:13.013933897 CET318123192.168.2.2382.216.206.8
    Jan 21, 2022 04:27:13.013935089 CET318123192.168.2.2368.159.64.105
    Jan 21, 2022 04:27:13.014136076 CET318123192.168.2.2397.19.114.104
    Jan 21, 2022 04:27:13.014147997 CET318123192.168.2.2340.229.71.37
    Jan 21, 2022 04:27:13.014194965 CET318123192.168.2.2391.21.111.132
    Jan 21, 2022 04:27:13.014204025 CET318123192.168.2.23249.214.51.55
    Jan 21, 2022 04:27:13.014204979 CET318123192.168.2.239.56.174.179
    Jan 21, 2022 04:27:13.014205933 CET318123192.168.2.2374.228.112.175
    Jan 21, 2022 04:27:13.014213085 CET318123192.168.2.23254.230.79.17
    Jan 21, 2022 04:27:13.014219046 CET318123192.168.2.23204.97.61.205
    Jan 21, 2022 04:27:13.014220953 CET318123192.168.2.23241.205.88.198
    Jan 21, 2022 04:27:13.014223099 CET318123192.168.2.23119.35.151.118
    Jan 21, 2022 04:27:13.014228106 CET318123192.168.2.2363.234.91.82
    Jan 21, 2022 04:27:13.014235973 CET318123192.168.2.2384.162.54.182
    Jan 21, 2022 04:27:13.014349937 CET318123192.168.2.2327.167.123.37
    Jan 21, 2022 04:27:13.014353037 CET318123192.168.2.23117.176.81.79
    Jan 21, 2022 04:27:13.014364958 CET318123192.168.2.23207.114.245.71
    Jan 21, 2022 04:27:13.014374018 CET318123192.168.2.23157.24.170.11
    Jan 21, 2022 04:27:13.014374971 CET318123192.168.2.23173.181.150.40
    Jan 21, 2022 04:27:13.014381886 CET318123192.168.2.2360.7.237.50
    Jan 21, 2022 04:27:13.014384031 CET318123192.168.2.2334.80.99.191
    Jan 21, 2022 04:27:13.014385939 CET318123192.168.2.2369.244.69.237
    Jan 21, 2022 04:27:13.014386892 CET318123192.168.2.23220.59.79.200
    Jan 21, 2022 04:27:13.014391899 CET318123192.168.2.23218.205.159.84
    Jan 21, 2022 04:27:13.014399052 CET318123192.168.2.23213.120.204.122
    Jan 21, 2022 04:27:13.014450073 CET318123192.168.2.23164.165.80.172
    Jan 21, 2022 04:27:13.014451027 CET318123192.168.2.23153.70.166.99
    Jan 21, 2022 04:27:13.014600039 CET318123192.168.2.231.144.50.253
    Jan 21, 2022 04:27:13.014604092 CET318123192.168.2.23173.188.87.173
    Jan 21, 2022 04:27:13.014606953 CET318123192.168.2.23211.137.176.207
    Jan 21, 2022 04:27:13.014612913 CET318123192.168.2.2317.98.184.117
    Jan 21, 2022 04:27:13.014616013 CET318123192.168.2.23175.59.100.60
    Jan 21, 2022 04:27:13.014622927 CET318123192.168.2.23179.243.157.59
    Jan 21, 2022 04:27:13.014625072 CET318123192.168.2.2336.184.52.135
    Jan 21, 2022 04:27:13.014626980 CET318123192.168.2.23206.164.178.112
    Jan 21, 2022 04:27:13.014627934 CET318123192.168.2.23159.249.39.138
    Jan 21, 2022 04:27:13.014636040 CET318123192.168.2.23245.85.214.132
    Jan 21, 2022 04:27:13.014638901 CET318123192.168.2.2332.207.197.192
    Jan 21, 2022 04:27:13.014640093 CET318123192.168.2.23221.185.136.7
    Jan 21, 2022 04:27:13.014642000 CET318123192.168.2.2324.70.149.141
    Jan 21, 2022 04:27:13.014652014 CET318123192.168.2.23183.37.205.19
    Jan 21, 2022 04:27:13.014677048 CET318123192.168.2.23154.112.254.37
    Jan 21, 2022 04:27:13.014678955 CET318123192.168.2.2345.0.249.15
    Jan 21, 2022 04:27:13.014678955 CET318123192.168.2.23157.211.9.188

    System Behavior

    General

    Start time:04:27:12
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:/tmp/oTdXpH4hrI
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:27:12
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:02
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:02
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:02
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:07
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:07
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:02
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:02
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:27:12
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:27:12
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:27:12
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:03
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:30:03
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:27:12
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

    General

    Start time:04:27:12
    Start date:21/01/2022
    Path:/tmp/oTdXpH4hrI
    Arguments:n/a
    File size:5773336 bytes
    MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9