Linux Analysis Report
VQemUYjLmL

Overview

General Information

Sample Name:	VQemUYjLmL
Analysis ID:	626465
MD5:	9bf5c9ac9cacd58b0d008938167c3d7d
SHA1:	b57f925cbdad949ad41db5c57c0774a2cbf6d282
SHA256:	9cae0351a33e4b4c74263920dd8f1fee4e03d14022ff2caf631d367023b53fa8
Tags:	32elfintelmirai
Infos:

Detection

Mirai

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Sample contains only a LOAD segment without any section mappings

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample tries to kill a process (SIGKILL)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: VQemUYjLmL

Virustotal: Detection: 40%

Perma Link

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:60988 -> 107.172.197.117:1312

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 107.172.197.117
Source: unknown	TCP traffic detected without corresponding DNS query: 106.38.78.67
Source: unknown	TCP traffic detected without corresponding DNS query: 211.29.213.67
Source: unknown	TCP traffic detected without corresponding DNS query: 167.121.231.169
Source: unknown	TCP traffic detected without corresponding DNS query: 164.59.8.64
Source: unknown	TCP traffic detected without corresponding DNS query: 197.249.7.53
Source: unknown	TCP traffic detected without corresponding DNS query: 208.238.100.146
Source: unknown	TCP traffic detected without corresponding DNS query: 78.22.214.152
Source: unknown	TCP traffic detected without corresponding DNS query: 43.104.156.175
Source: unknown	TCP traffic detected without corresponding DNS query: 193.99.120.233
Source: unknown	TCP traffic detected without corresponding DNS query: 146.252.206.10
Source: unknown	TCP traffic detected without corresponding DNS query: 159.122.186.232
Source: unknown	TCP traffic detected without corresponding DNS query: 68.245.215.101
Source: unknown	TCP traffic detected without corresponding DNS query: 79.182.104.166
Source: unknown	TCP traffic detected without corresponding DNS query: 164.13.129.250
Source: unknown	TCP traffic detected without corresponding DNS query: 79.157.164.86
Source: unknown	TCP traffic detected without corresponding DNS query: 154.187.41.100
Source: unknown	TCP traffic detected without corresponding DNS query: 213.9.35.54
Source: unknown	TCP traffic detected without corresponding DNS query: 204.140.249.124
Source: unknown	TCP traffic detected without corresponding DNS query: 73.196.193.46
Source: unknown	TCP traffic detected without corresponding DNS query: 104.45.93.135
Source: unknown	TCP traffic detected without corresponding DNS query: 155.24.153.232
Source: unknown	TCP traffic detected without corresponding DNS query: 37.133.254.246
Source: unknown	TCP traffic detected without corresponding DNS query: 106.211.14.146
Source: unknown	TCP traffic detected without corresponding DNS query: 187.115.98.97
Source: unknown	TCP traffic detected without corresponding DNS query: 89.253.203.20
Source: unknown	TCP traffic detected without corresponding DNS query: 70.111.42.24
Source: unknown	TCP traffic detected without corresponding DNS query: 246.82.17.49
Source: unknown	TCP traffic detected without corresponding DNS query: 19.55.53.44
Source: unknown	TCP traffic detected without corresponding DNS query: 157.244.187.42
Source: unknown	TCP traffic detected without corresponding DNS query: 20.217.196.70
Source: unknown	TCP traffic detected without corresponding DNS query: 74.44.118.39
Source: unknown	TCP traffic detected without corresponding DNS query: 217.233.198.119
Source: unknown	TCP traffic detected without corresponding DNS query: 206.143.61.82
Source: unknown	TCP traffic detected without corresponding DNS query: 255.130.166.23
Source: unknown	TCP traffic detected without corresponding DNS query: 44.60.194.61
Source: unknown	TCP traffic detected without corresponding DNS query: 98.11.9.51
Source: unknown	TCP traffic detected without corresponding DNS query: 145.118.58.45
Source: unknown	TCP traffic detected without corresponding DNS query: 4.120.246.167
Source: unknown	TCP traffic detected without corresponding DNS query: 113.251.32.216
Source: unknown	TCP traffic detected without corresponding DNS query: 48.187.197.152
Source: unknown	TCP traffic detected without corresponding DNS query: 147.148.103.207
Source: unknown	TCP traffic detected without corresponding DNS query: 98.33.188.200
Source: unknown	TCP traffic detected without corresponding DNS query: 218.240.141.96
Source: unknown	TCP traffic detected without corresponding DNS query: 79.72.104.51
Source: unknown	TCP traffic detected without corresponding DNS query: 223.163.13.70
Source: unknown	TCP traffic detected without corresponding DNS query: 111.53.251.142
Source: unknown	TCP traffic detected without corresponding DNS query: 142.137.143.232
Source: unknown	TCP traffic detected without corresponding DNS query: 84.7.45.117
Source: unknown	TCP traffic detected without corresponding DNS query: 198.119.123.156

Source: VQemUYjLmL

String found in binary or memory: http://upx.sf.net

Sample contains only a LOAD segment without any section mappings

Source: LOAD without section mappings

Program segment: 0xc01000

Sample tries to kill a process (SIGKILL)

Source: /tmp/VQemUYjLmL (PID: 6228)	SIGKILL sent: pid: 936, result: successful			Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	SIGKILL sent: pid: 936, result: successful			Jump to behavior

Source: classification engine

Classification label: mal60.troj.evad.lin@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Enumerates processes within the "proc" file system

Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/6231/exe	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6231)	File opened: /proc/904/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/6228/exe	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/VQemUYjLmL (PID: 6228)	File opened: /proc/904/fd	Jump to behavior

Source: VQemUYjLmL, 6227.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6228.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6320.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6329.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6324.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6229.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6319.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6232.1.00000000c7954095.00000000486baebe.rw-.sdmp	Binary or memory string: ui686143okhp3gb4p2fdSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/VQemUYjLmL
Source: VQemUYjLmL, 6227.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6228.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6320.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6329.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6324.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6229.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6319.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6232.1.00000000c7954095.00000000486baebe.rw-.sdmp	Binary or memory string: =/tmp/VQemUYjLmL
Source: VQemUYjLmL, 6227.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6228.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6228.1.000000006ff2a7f9.0000000067604773.rw-.sdmp, VQemUYjLmL, 6320.1.000000006ff2a7f9.0000000067604773.rw-.sdmp, VQemUYjLmL, 6320.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6329.1.000000006ff2a7f9.0000000067604773.rw-.sdmp, VQemUYjLmL, 6329.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6324.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6324.1.000000006ff2a7f9.0000000067604773.rw-.sdmp, VQemUYjLmL, 6229.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6319.1.00000000c7954095.00000000486baebe.rw-.sdmp, VQemUYjLmL, 6319.1.000000006ff2a7f9.0000000067604773.rw-.sdmp, VQemUYjLmL, 6232.1.00000000c7954095.00000000486baebe.rw-.sdmp	Binary or memory string: /tmp/VQemUYjLmL

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
92.90.232.168	unknown	France	15557	LDCOMNETFR	false
133.76.4.145	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
44.14.96.139	unknown	United States	7377	UCSDUS	false
48.114.250.98	unknown	United States	2686	ATGS-MMD-ASUS	false
180.7.246.116	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
18.54.163.197	unknown	United States	3	MIT-GATEWAYSUS	false
60.226.69.21	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
36.71.246.248	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	false
219.18.123.206	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
174.183.29.88	unknown	United States	7922	COMCAST-7922US	false
104.167.150.185	unknown	United States	54119	BOINGO-MDUUS	false
129.2.240.5	unknown	United States	27	UMDNETUS	false
180.83.51.239	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
83.20.34.90	unknown	Poland	5617	TPNETPL	false
114.215.215.176	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
100.237.194.125	unknown	United States	21928	T-MOBILE-AS21928US	false
157.78.204.8	unknown	Japan	4725	ODNSoftBankMobileCorpJP	false
181.11.124.60	unknown	Argentina	7303	TelecomArgentinaSAAR	false
211.232.248.235	unknown	Korea Republic of	17854	CABLELINE-AS-KRTbroadjeonjubroadcastKR	false
46.111.148.192	unknown	Russian Federation	2854	ROSPRINT-ASRU	false
165.163.148.154	unknown	United States	2381	WISCNET1-ASUS	false
172.218.17.202	unknown	Canada	852	ASN852CA	false
122.117.14.241	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
2.163.240.249	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
247.196.142.63	unknown	Reserved	unknown	unknown	false
86.104.240.210	unknown	Iran (ISLAMIC Republic Of)	58224	TCIIR	false
160.172.158.31	unknown	Morocco	6713	IAM-ASMA	false
72.141.103.237	unknown	Canada	812	ROGERS-COMMUNICATIONSCA	false
110.114.57.238	unknown	China	24138	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
188.22.62.4	unknown	Austria	8447	TELEKOM-ATA1TelekomAustriaAGAT	false
60.181.24.12	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
161.118.143.153	unknown	Japan	13041	CESCA-ACES	false
122.207.7.246	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
169.1.9.95	unknown	South Africa	37611	AfrihostZA	false
32.47.84.117	unknown	United States	7018	ATT-INTERNET4US	false
133.86.79.15	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
167.249.143.193	unknown	Brazil	265191	SapucaiaComercioeinformaticaltda-meBR	false
12.133.82.82	unknown	United States	7018	ATT-INTERNET4US	false
189.59.13.46	unknown	Brazil	18881	TELEFONICABRASILSABR	false
81.2.167.134	unknown	Germany	48945	IFNL-ASGB	false
223.39.61.40	unknown	Korea Republic of	9644	SKTELECOM-NET-ASSKTelecomKR	false
161.162.127.148	unknown	United States	263740	CorporacionLaceibanetsocietyHN	false
47.77.27.116	unknown	United States	9500	VODAFONE-TRANSIT-ASVodafoneNZLtdNZ	false
45.75.223.36	unknown	United Kingdom	49425	DIGITAL-REALTY-UKGB	false
173.157.80.169	unknown	United States	10507	SPCSUS	false
243.114.242.13	unknown	Reserved	unknown	unknown	false
111.105.27.172	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
165.190.212.86	unknown	United States	8122	DQNASUS	false
63.185.84.28	unknown	United States	1239	SPRINTLINKUS	false
207.48.145.200	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
61.201.19.84	unknown	Japan	4725	ODNSoftBankMobileCorpJP	false
44.161.29.169	unknown	United States	7377	UCSDUS	false
8.182.167.78	unknown	Singapore	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
87.74.186.30	unknown	United Kingdom	25310	ASN-CWACCESSGB	false
48.170.71.32	unknown	United States	2686	ATGS-MMD-ASUS	false
120.170.161.61	unknown	Indonesia	4761	INDOSAT-INP-APINDOSATInternetNetworkProviderID	false
91.34.209.170	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
167.97.254.148	unknown	United States	2055	LSU-1US	false
27.220.236.35	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
162.197.117.219	unknown	United States	7018	ATT-INTERNET4US	false
1.74.87.160	unknown	Japan	9605	DOCOMONTTDOCOMOINCJP	false
97.20.82.172	unknown	United States	22394	CELLCOUS	false
196.94.216.24	unknown	Morocco	6713	IAM-ASMA	false
110.127.67.241	unknown	China	134810	CMNET-JILIN-AS-APChinaMobileGroupJiLincommunicationsco	false
245.151.17.52	unknown	Reserved	unknown	unknown	false
5.117.38.89	unknown	Iran (ISLAMIC Republic Of)	44244	IRANCELL-ASIR	false
61.121.4.183	unknown	Japan	2510	INFOWEBFUJITSULIMITEDJP	false
47.112.150.22	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
171.90.160.62	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
195.210.114.17	unknown	United Kingdom	207088	ADOARDGB	false
40.187.124.6	unknown	United States	4249	LILLY-ASUS	false
24.125.4.208	unknown	United States	7922	COMCAST-7922US	false
114.128.202.91	unknown	Thailand	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
91.131.88.159	unknown	Austria	1257	TELE2EU	false
17.22.101.200	unknown	United States	714	APPLE-ENGINEERINGUS	false
105.44.152.180	unknown	Egypt	37069	MOBINILEG	false
113.222.205.206	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
211.52.43.39	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
119.46.20.101	unknown	Thailand	7470	TRUEINTERNET-AS-APTRUEINTERNETCoLtdTH	false
207.10.102.26	unknown	United States	7029	WINDSTREAMUS	false
175.44.144.191	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
111.71.144.64	unknown	Taiwan; Republic of China (ROC)	17421	EMOME-NETMobileBusinessGroupTW	false
116.191.43.142	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
44.60.240.93	unknown	United States	7377	UCSDUS	false
106.140.171.118	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
97.4.220.39	unknown	United States	22394	CELLCOUS	false
4.189.101.243	unknown	United States	3356	LEVEL3US	false
250.57.112.223	unknown	Reserved	unknown	unknown	false
96.224.76.167	unknown	United States	701	UUNETUS	false
207.166.46.247	unknown	United States	2152	CSUNET-NWUS	false
23.164.102.139	unknown	Reserved	19382	ONCORECA	false
63.89.37.130	unknown	United States	701	UUNETUS	false
168.215.26.59	unknown	United States	10753	LVLT-10753US	false
34.194.134.3	unknown	United States	14618	AMAZON-AESUS	false
218.212.188.164	unknown	Singapore	55430	STARHUB-NGNBNStarhubLtdSG	false
249.17.189.36	unknown	Reserved	unknown	unknown	false
252.66.185.166	unknown	Reserved	unknown	unknown	false
85.9.126.180	unknown	Iran (ISLAMIC Republic Of)	49100	IR-THR-PTEIR	false
209.31.82.119	unknown	United States	2828	XO-AS15US	false
197.87.110.49	unknown	South Africa	10474	OPTINETZA	false

ID:	626465
Product:	CloudBasic
Start time:	04:00:30
Start date:	14.05.2022
Sample:	VQemUYjLmL
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	9bf5c9ac9cacd58b0d008938167c3d7d
SHA1:	b57f925cbdad949ad41db5c57c0774a2cbf6d282
SHA256:	9cae0351a33e4b4c74263920dd8f1fee4e03d14022ff2caf631d367023b53fa8
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Linux Analysis Report
VQemUYjLmL

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report VQemUYjLmL

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report
VQemUYjLmL