Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
uuC6SqiHEK

Overview

General Information

Sample Name:uuC6SqiHEK
Analysis ID:626460
MD5:772945ce381f38c38472a94893995e6f
SHA1:62c42fe68280e67aa016afa49f844da73a1d2df1
SHA256:cfcdff7a98c3829650988decae442e8daaf67cb471d13048ad0d578d8c5f63cf
Tags:32elfmipsmirai
Infos:

Detection

Mirai
Score:64
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626460
Start date and time: 14/05/202203:44:042022-05-14 03:44:04 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 39s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:uuC6SqiHEK
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal64.troj.evad.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:/tmp/uuC6SqiHEK
PID:6223
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: uuC6SqiHEKVirustotal: Detection: 42%Perma Link

    Networking

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32898
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32900
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32904
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32906
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32910
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32912
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32914
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32916
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32922
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:60988 -> 107.172.197.117:1312
    Source: /tmp/uuC6SqiHEK (PID: 6225)Socket: 0.0.0.0::0Jump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)Socket: 0.0.0.0::23Jump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)Socket: 0.0.0.0::53413Jump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)Socket: 0.0.0.0::80Jump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)Socket: 0.0.0.0::52869Jump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)Socket: 0.0.0.0::37215Jump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)Socket: 0.0.0.0::0Jump to behavior
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 107.172.197.117
    Source: unknownTCP traffic detected without corresponding DNS query: 81.164.18.153
    Source: unknownTCP traffic detected without corresponding DNS query: 81.190.24.117
    Source: unknownTCP traffic detected without corresponding DNS query: 176.255.189.66
    Source: unknownTCP traffic detected without corresponding DNS query: 169.60.0.176
    Source: unknownTCP traffic detected without corresponding DNS query: 158.41.69.167
    Source: unknownTCP traffic detected without corresponding DNS query: 201.168.217.66
    Source: unknownTCP traffic detected without corresponding DNS query: 149.187.54.80
    Source: unknownTCP traffic detected without corresponding DNS query: 186.229.17.36
    Source: unknownTCP traffic detected without corresponding DNS query: 156.122.41.224
    Source: unknownTCP traffic detected without corresponding DNS query: 162.43.188.92
    Source: unknownTCP traffic detected without corresponding DNS query: 80.219.143.79
    Source: unknownTCP traffic detected without corresponding DNS query: 73.215.253.205
    Source: unknownTCP traffic detected without corresponding DNS query: 177.247.14.87
    Source: unknownTCP traffic detected without corresponding DNS query: 170.218.61.135
    Source: unknownTCP traffic detected without corresponding DNS query: 176.229.196.150
    Source: unknownTCP traffic detected without corresponding DNS query: 160.98.192.57
    Source: unknownTCP traffic detected without corresponding DNS query: 73.77.195.60
    Source: unknownTCP traffic detected without corresponding DNS query: 199.95.0.73
    Source: unknownTCP traffic detected without corresponding DNS query: 19.142.189.170
    Source: unknownTCP traffic detected without corresponding DNS query: 178.248.85.9
    Source: unknownTCP traffic detected without corresponding DNS query: 254.184.255.182
    Source: unknownTCP traffic detected without corresponding DNS query: 93.22.122.203
    Source: unknownTCP traffic detected without corresponding DNS query: 178.34.193.211
    Source: unknownTCP traffic detected without corresponding DNS query: 135.200.206.144
    Source: unknownTCP traffic detected without corresponding DNS query: 114.223.243.18
    Source: unknownTCP traffic detected without corresponding DNS query: 164.189.145.57
    Source: unknownTCP traffic detected without corresponding DNS query: 220.108.224.202
    Source: unknownTCP traffic detected without corresponding DNS query: 167.206.70.100
    Source: unknownTCP traffic detected without corresponding DNS query: 93.7.20.188
    Source: unknownTCP traffic detected without corresponding DNS query: 141.156.199.81
    Source: unknownTCP traffic detected without corresponding DNS query: 23.61.30.224
    Source: unknownTCP traffic detected without corresponding DNS query: 186.241.155.185
    Source: unknownTCP traffic detected without corresponding DNS query: 223.30.162.238
    Source: unknownTCP traffic detected without corresponding DNS query: 251.194.244.233
    Source: unknownTCP traffic detected without corresponding DNS query: 253.171.246.232
    Source: unknownTCP traffic detected without corresponding DNS query: 35.50.253.208
    Source: unknownTCP traffic detected without corresponding DNS query: 204.130.38.27
    Source: unknownTCP traffic detected without corresponding DNS query: 146.193.251.221
    Source: unknownTCP traffic detected without corresponding DNS query: 199.100.229.31
    Source: unknownTCP traffic detected without corresponding DNS query: 253.77.247.140
    Source: unknownTCP traffic detected without corresponding DNS query: 68.103.221.205
    Source: unknownTCP traffic detected without corresponding DNS query: 213.182.0.235
    Source: unknownTCP traffic detected without corresponding DNS query: 77.175.88.85
    Source: unknownTCP traffic detected without corresponding DNS query: 123.30.15.218
    Source: unknownTCP traffic detected without corresponding DNS query: 40.61.201.120
    Source: unknownTCP traffic detected without corresponding DNS query: 60.220.22.152
    Source: unknownTCP traffic detected without corresponding DNS query: 19.32.126.236
    Source: uuC6SqiHEKString found in binary or memory: http://upx.sf.net
    Source: LOAD without section mappingsProgram segment: 0x100000
    Source: /tmp/uuC6SqiHEK (PID: 6225)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: classification engineClassification label: mal64.troj.evad.lin@0/0@0/0

    Data Obfuscation

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/491/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/793/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/772/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/796/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/774/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/797/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/777/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/799/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/658/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/912/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/759/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/936/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/918/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/1/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/761/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/785/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/884/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/720/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/721/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/788/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/789/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/800/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/801/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/847/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6231)File opened: /proc/904/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/491/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/793/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/772/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/796/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/774/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/797/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/777/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/799/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/658/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/912/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/759/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/936/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/918/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/1/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/761/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/785/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/884/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/720/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/721/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/788/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/789/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/800/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/801/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/847/fdJump to behavior
    Source: /tmp/uuC6SqiHEK (PID: 6225)File opened: /proc/904/fdJump to behavior

    Hooking and other Techniques for Hiding and Protection

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32898
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32900
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32904
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32906
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32910
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32912
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32914
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32916
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 32922
    Source: /tmp/uuC6SqiHEK (PID: 6223)Queries kernel information via 'uname': Jump to behavior
    Source: uuC6SqiHEK, 6223.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6225.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6326.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6343.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6332.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6226.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6337.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6233.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
    Source: uuC6SqiHEK, 6223.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6225.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6326.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6343.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6332.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6226.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6337.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6233.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmpBinary or memory string: #Zx86_64/usr/bin/qemu-mipsel/tmp/uuC6SqiHEKSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/uuC6SqiHEK
    Source: uuC6SqiHEK, 6223.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6225.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6326.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6343.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6332.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6226.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6337.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmp, uuC6SqiHEK, 6233.1.00000000dd7321fd.00000000cd8ca4c8.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
    Source: uuC6SqiHEK, 6223.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6225.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6326.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6343.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6332.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6226.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6337.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmp, uuC6SqiHEK, 6233.1.00000000d7e36c8e.00000000ca13ce42.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Obfuscated Files or Information    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
    Non-Standard Port    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626460 Sample: uuC6SqiHEK Startdate: 14/05/2022 Architecture: LINUX Score: 64 42 152.70.164.7 ZENEDGEUS United States 2->42 44 66.217.160.194 WINDSTREAMUS United States 2->44 46 98 other IPs or domains 2->46 48 Multi AV Scanner detection for submitted file 2->48 50 Yara detected Mirai 2->50 52 Uses known network protocols on non-standard ports 2->52 54 Sample is packed with UPX 2->54 10 uuC6SqiHEK 2->10         started        signatures3 process4 process5 12 uuC6SqiHEK 10->12         started        14 uuC6SqiHEK 10->14         started        16 uuC6SqiHEK 10->16         started        process6 18 uuC6SqiHEK 12->18         started        20 uuC6SqiHEK 12->20         started        22 uuC6SqiHEK 14->22         started        24 uuC6SqiHEK 14->24         started        26 uuC6SqiHEK 14->26         started        process7 28 uuC6SqiHEK 18->28         started        30 uuC6SqiHEK 18->30         started        32 uuC6SqiHEK 18->32         started        34 uuC6SqiHEK 22->34         started        36 uuC6SqiHEK 22->36         started        process8 38 uuC6SqiHEK 28->38         started        40 uuC6SqiHEK 28->40         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    uuC6SqiHEK43%VirustotalBrowse

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://upx.sf.netuuC6SqiHEKfalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      <
      IPDomainCountryFlagASNASN NameMalicious
      106.74.102.98
      		unknownChina
      		133118UNICOM-CNChinaUnicomIPnetworkCNfalse
      16.145.233.90
      		unknownUnited States
      		unknownunknownfalse
      103.48.197.179
      		unknownIndia
      		133982EXCITEL-AS-INExcitelBroadbandPrivateLimitedINfalse
      94.65.166.89
      		unknownGreece
      		6799OTENET-GRAthens-GreeceGRfalse
      4.85.99.192
      		unknownUnited States
      		3356LEVEL3USfalse
      244.229.95.159
      		unknownReserved
      		unknownunknownfalse