Edit tour
Linux
Analysis Report
0rK5XxDyLK
Overview
General Information
Sample Name: | 0rK5XxDyLK |
Analysis ID: | 626474 |
MD5: | b440222d627a07ae7733f9e706b88902 |
SHA1: | 63be0315c844d0a25b61caa609255d9375306acf |
SHA256: | eae51f23834e02da2ca18bbf28d2327726fd50c18b4e2c2f4ff451fca58a69aa |
Tags: | 32armelfmirai |
Infos: |
Detection
Mirai
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures. |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 626474 |
Start date and time: 14/05/202204:19:55 | 2022-05-14 04:19:55 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 0rK5XxDyLK |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal64.troj.evad.lin@0/0@0/0 |
- Report size exceeded maximum capacity and may have missing network information.
- TCP Packets have been reduced to 100
Command: | /tmp/0rK5XxDyLK |
PID: | 6225 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Connected To CNC |
Standard Error: |
- system is lnxubuntu20
- 0rK5XxDyLK New Fork (PID: 6227, Parent: 6225)
- 0rK5XxDyLK New Fork (PID: 6333, Parent: 6227)
- 0rK5XxDyLK New Fork (PID: 6334, Parent: 6227)
- 0rK5XxDyLK New Fork (PID: 6337, Parent: 6334)
- 0rK5XxDyLK New Fork (PID: 6346, Parent: 6337)
- 0rK5XxDyLK New Fork (PID: 6347, Parent: 6337)
- 0rK5XxDyLK New Fork (PID: 6339, Parent: 6334)
- 0rK5XxDyLK New Fork (PID: 6341, Parent: 6334)
- 0rK5XxDyLK New Fork (PID: 6228, Parent: 6225)
- 0rK5XxDyLK New Fork (PID: 6230, Parent: 6225)
- 0rK5XxDyLK New Fork (PID: 6233, Parent: 6230)
- 0rK5XxDyLK New Fork (PID: 6329, Parent: 6233)
- 0rK5XxDyLK New Fork (PID: 6331, Parent: 6233)
- 0rK5XxDyLK New Fork (PID: 6235, Parent: 6230)
- 0rK5XxDyLK New Fork (PID: 6238, Parent: 6230)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_ELF_LNX_UPX_Compressed_File | Detects a suspicious ELF binary with UPX compression | Florian Roth |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Socket: | ||
Source: | Socket: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | Program segment: |
Source: | Matched rule: |
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Queries kernel information via 'uname': |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Obfuscated Files or Information | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
44% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
40.65.28.97 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
32.162.72.166 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
69.24.167.28 | unknown | United States | 12112 | HICKORYTECHUS | false | |
163.4.93.231 | unknown | United States | 17816 | CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi | false | |
59.108.139.67 | unknown | China | 4847 | CNIX-APChinaNetworksInter-ExchangeCN | false | |
179.116.97.20 | unknown | Brazil | 26599 | TELEFONICABRASILSABR | false | |
198.195.18.138 | unknown | United States | 292 | ESNET-WESTUS | false | |
133.210.98.97 | unknown | Japan | 2518 | BIGLOBEBIGLOBEIncJP | false | |
58.0.56.30 | unknown | Japan | 2510 | INFOWEBFUJITSULIMITEDJP | false | |
217.77.161.109 | unknown | Czech Republic | 16019 | VODAFONE-CZ-ASCZ | false | |
188.88.104.40 | unknown | Netherlands | 31615 | TMO-NL-ASNL | false | |
157.25.81.84 | unknown | Poland | 5588 | GTSCEGTSCentralEuropeAntelGermanyCZ | false | |
208.115.194.18 | unknown | United States | 46475 | LIMESTONENETWORKSUS | false | |
165.12.32.162 | unknown | Australia | 9509 | DESE-AS-APDepartmentofEducationSkillsandEmploymentAU | false | |
2.224.26.192 | unknown | Italy | 12874 | FASTWEBIT | false | |
191.196.72.66 | unknown | Brazil | 26599 | TELEFONICABRASILSABR | false | |
73.147.11.134 | unknown | United States | 7922 | COMCAST-7922US | false | |
12.41.212.231 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
210.212.102.255 | unknown | India | 9829 | BSNL-NIBNationalInternetBackboneIN | false | |
149.80.195.122 | unknown | United States | 188 | SAIC-ASUS | false | |
240.86.253.25 | unknown | Reserved | unknown | unknown | false | |
202.163.232.221 | unknown | Philippines | 7629 | EPLDT-AS-AP5FLVLocsinBldgPH | false | |
139.230.83.249 | unknown | Australia | 7575 | AARNET-AS-APAustralianAcademicandResearchNetworkAARNe | false | |
202.27.232.212 | unknown | New Zealand | 9303 | KCCS-AS-APKCComputerServiceLtdNZ | false | |
119.242.183.16 | unknown | Japan | 2518 | BIGLOBEBIGLOBEIncJP | false | |
135.61.219.174 | unknown | United States | 18676 | AVAYAUS | false | |
208.130.249.102 | unknown | United States | 3561 | CENTURYLINK-LEGACY-SAVVISUS | false | |
4.69.47.217 | unknown | United States | 3356 | LEVEL3US | false | |
88.101.33.114 | unknown | Czech Republic | 5610 | O2-CZECH-REPUBLICCZ | false | |
197.191.38.212 | unknown | Ghana | 37140 | zain-asGH | false | |
8.81.11.32 | unknown | United States | 3356 | LEVEL3US | false | |
113.154.228.171 | unknown | Japan | 2516 | KDDIKDDICORPORATIONJP | false | |
114.80.214.95 | unknown | China | 4812 | CHINANET-SH-APChinaTelecomGroupCN | false | |
207.157.237.94 | unknown | United States | 54179 | VCOEUS | false | |
158.110.4.166 | unknown | Italy | 137 | ASGARRConsortiumGARREU | false | |
242.164.162.77 | unknown | Reserved | unknown | unknown | false | |
81.244.107.99 | unknown | Belgium | 5432 | PROXIMUS-ISP-ASBE | false | |
58.129.119.241 | unknown | China | 4847 | CNIX-APChinaNetworksInter-ExchangeCN | false | |
42.115.58.166 | unknown | Viet Nam | 131178 | KINGCORP-KHOpenNetISPCambodiaKH | false | |
221.107.68.221 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
115.71.204.176 | unknown | Korea Republic of | 45996 | GNJ-AS-KRDAOUTECHNOLOGYKR | false | |
58.100.227.112 | unknown | China | 24139 | WASUHZHuashumediaNetworkLimitedCN | false | |
197.141.89.118 | unknown | Algeria | 36891 | ICOSNET-ASDZ | false | |
40.2.62.48 | unknown | United States | 4249 | LILLY-ASUS | false | |
108.117.148.95 | unknown | United States | 10507 | SPCSUS | false | |
41.145.34.47 | unknown | South Africa | 5713 | SAIX-NETZA | false | |
189.246.1.186 | unknown | Mexico | 8151 | UninetSAdeCVMX | false | |
67.254.165.68 | unknown | United States | 12271 | TWC-12271-NYCUS | false | |
180.248.103.16 | unknown | Indonesia | 7713 | TELKOMNET-AS-APPTTelekomunikasiIndonesiaID | false | |
93.41.34.144 | unknown | Italy | 12874 | FASTWEBIT | false | |
34.234.241.12 | unknown | United States | 14618 | AMAZON-AESUS | false | |
32.226.239.62 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
95.76.74.181 | unknown | Romania | 6830 | LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding | false | |
243.235.191.223 | unknown | Reserved | unknown | unknown | false | |
79.112.6.242 | unknown | Romania | 8708 | RCS-RDS73-75DrStaicoviciRO | false | |
147.57.192.50 | unknown | United States | 4193 | WA-STATE-GOVUS | false | |
58.94.183.140 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | false | |
62.90.145.99 | unknown | Israel | 1680 | NV-ASNCELLCOMltdIL | false | |
142.23.219.7 | unknown | Canada | 3633 | PROVINCE-OF-BRITISH-COLUMBIACA | false | |
107.145.98.212 | unknown | United States | 33363 | BHN-33363US | false | |
156.55.64.11 | unknown | United States | 20746 | ASN-IDCTNOOMINCIT | false | |
54.131.116.212 | unknown | United States | 14618 | AMAZON-AESUS | false | |
91.232.101.156 | unknown | Lebanon | 57513 | MIC1-ALFA-ASLB | false | |
164.40.33.156 | unknown | Kazakhstan | 29355 | KCELL-ASKZ | false | |
81.228.227.218 | unknown | Sweden | 3301 | TELIANET-SWEDENTeliaCompanySE | false | |
111.141.71.201 | unknown | China | 9394 | CTTNETChinaTieTongTelecommunicationsCorporationCN | false | |
106.60.197.208 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
133.101.130.45 | unknown | Japan | 24254 | KYOTO-SUKyotoSangyoUniversityJP | false | |
59.155.189.143 | unknown | China | 7474 | OPTUSCOM-AS01-AUSingTelOptusPtyLtdAU | false | |
95.221.2.207 | unknown | Russian Federation | 12714 | TI-ASMoscowRussiaRU | false | |
109.163.11.54 | unknown | Norway | 25400 | TELIA-NORWAY-ASTeliaNorwayCoreNetworksNO | false | |
101.19.76.73 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
34.142.42.104 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
220.44.89.251 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
44.76.143.93 | unknown | United States | 7377 | UCSDUS | false | |
249.208.147.139 | unknown | Reserved | unknown | unknown | false | |
87.242.158.223 | unknown | United Kingdom | 12708 | ONETEL-ASTalkTalkCommunicationsLimitedGB | false | |
20.80.57.39 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
248.133.183.13 | unknown | Reserved | unknown | unknown | false | |
96.9.165.164 | unknown | Singapore | 134809 | VIEWQWEST-AS-APViewQwestSdnBhdMY | false | |
202.165.68.144 | unknown | Australia | 18206 | VPIS-APVADSManagedBusinessInternetServiceProviderMY | false | |
97.181.172.133 | unknown | United States | 6167 | CELLCO-PARTUS | false | |
245.30.195.121 | unknown | Reserved | unknown | unknown | false | |
101.192.59.230 | unknown | China | 58519 | CHINATELECOM-CTCLOUDCloudComputingCorporationCN | false | |
200.2.159.234 | unknown | Haiti | 27759 | ACCESSHAITISAHT | false | |
221.191.185.62 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | false | |
135.205.221.37 | unknown | United States | 6431 | ATT-RESEARCHUS | false | |
92.239.100.223 | unknown | United Kingdom | 5089 | NTLGB | false | |
251.32.142.47 | unknown | Reserved | unknown | unknown | false | |
165.20.0.68 | unknown | United States | 37284 | Aljeel-netLY | false | |
251.49.161.2 | unknown | Reserved | unknown | unknown | false | |
53.115.60.76 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
68.210.193.185 | unknown | United States | 6389 | BELLSOUTH-NET-BLKUS | false | |
37.8.121.95 | unknown | Palestinian Territory Occupied | 15975 | HADARA-ASPS | false | |
208.217.74.34 | unknown | United States | 701 | UUNETUS | false | |
126.122.128.205 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
85.43.244.34 | unknown | Italy | 3269 | ASN-IBSNAZIT | false | |
65.26.228.220 | unknown | United States | 10796 | TWC-10796-MIDWESTUS | false | |
9.146.150.56 | unknown | United States | 3356 | LEVEL3US | false | |
143.248.120.130 | unknown | Korea Republic of | 1781 | KAIST-DAEJEON-AS-KRKoreaAdvancedInstituteofScienceand | false |
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.977316541944295 |
TrID: |
|
File name: | 0rK5XxDyLK |
File size: | 48696 |
MD5: | b440222d627a07ae7733f9e706b88902 |
SHA1: | 63be0315c844d0a25b61caa609255d9375306acf |
SHA256: | eae51f23834e02da2ca18bbf28d2327726fd50c18b4e2c2f4ff451fca58a69aa |
SHA512: | 6004d2d776de254ea3e75a9107656bf61d7692885329f9826a6eaaa9a4a3c0a6237bb1d915721aff3b66aed4dbd7d6dfcc687d0eeae7147d98c3c398f396d180 |
SSDEEP: | 768:nK7y1XGO1LCNgukEkvwtqPnH7u83nc0iFo9q3UELWt/iw+kvBGg6+fYtrBHs:P12O1LCNguovDPH7TcrPLWhiw+kvBGgl |
TLSH: | 702302532093BA03E03058FE45628CCDB51AA6BDB1BE7BA725494E194C35D93ECB18ED |
File Content Preview: | .ELF..............(.........4...........4. ...(......................................... b.. b.. b..................Q.td...............................OUPX!........p...p.......h..........?.E.h;....#..$...o......=..B.*...5N&"a..mk.c.........}<.....M.Q....[ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0x838d | 0x838d | 4.0415 | 0x5 | R E | 0x8000 | ||
LOAD | 0x6220 | 0x26220 | 0x26220 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 14, 2022 04:20:42.177761078 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
May 14, 2022 04:20:42.634776115 CEST | 60988 | 1312 | 192.168.2.23 | 107.172.197.117 |
May 14, 2022 04:20:42.658505917 CEST | 63465 | 23 | 192.168.2.23 | 81.99.115.167 |
May 14, 2022 04:20:42.658581972 CEST | 63465 | 23 | 192.168.2.23 | 111.124.232.167 |
May 14, 2022 04:20:42.658611059 CEST | 63465 | 23 | 192.168.2.23 | 13.107.193.167 |
May 14, 2022 04:20:42.658622026 CEST | 63465 | 23 | 192.168.2.23 | 251.173.250.165 |
May 14, 2022 04:20:42.658655882 CEST | 63465 | 23 | 192.168.2.23 | 254.39.248.169 |
May 14, 2022 04:20:42.658654928 CEST | 63465 | 23 | 192.168.2.23 | 109.160.177.53 |
May 14, 2022 04:20:42.658672094 CEST | 63465 | 23 | 192.168.2.23 | 112.152.227.246 |
May 14, 2022 04:20:42.658682108 CEST | 63465 | 23 | 192.168.2.23 | 76.130.198.29 |
May 14, 2022 04:20:42.658688068 CEST | 63465 | 23 | 192.168.2.23 | 183.53.132.169 |
May 14, 2022 04:20:42.658746004 CEST | 63465 | 23 | 192.168.2.23 | 255.40.246.136 |
May 14, 2022 04:20:42.658777952 CEST | 63465 | 23 | 192.168.2.23 | 65.26.163.51 |
May 14, 2022 04:20:42.658797979 CEST | 63465 | 23 | 192.168.2.23 | 160.182.138.243 |
May 14, 2022 04:20:42.658807039 CEST | 63465 | 23 | 192.168.2.23 | 67.4.135.36 |
May 14, 2022 04:20:42.658819914 CEST | 63465 | 23 | 192.168.2.23 | 58.181.70.78 |
May 14, 2022 04:20:42.658821106 CEST | 63465 | 23 | 192.168.2.23 | 251.243.178.220 |
May 14, 2022 04:20:42.658824921 CEST | 63465 | 23 | 192.168.2.23 | 112.72.198.244 |
May 14, 2022 04:20:42.658833027 CEST | 63465 | 23 | 192.168.2.23 | 1.163.131.166 |
May 14, 2022 04:20:42.658844948 CEST | 63465 | 23 | 192.168.2.23 | 181.187.232.143 |
May 14, 2022 04:20:42.658849955 CEST | 63465 | 23 | 192.168.2.23 | 32.6.162.94 |
May 14, 2022 04:20:42.658862114 CEST | 63465 | 23 | 192.168.2.23 | 70.34.79.129 |
May 14, 2022 04:20:42.658888102 CEST | 63465 | 23 | 192.168.2.23 | 202.248.37.93 |
May 14, 2022 04:20:42.658910036 CEST | 63465 | 23 | 192.168.2.23 | 97.177.195.190 |
May 14, 2022 04:20:42.658921957 CEST | 63465 | 23 | 192.168.2.23 | 174.238.240.206 |
May 14, 2022 04:20:42.658936024 CEST | 63465 | 23 | 192.168.2.23 | 209.155.34.189 |
May 14, 2022 04:20:42.658953905 CEST | 63465 | 23 | 192.168.2.23 | 99.130.137.175 |
May 14, 2022 04:20:42.658966064 CEST | 63465 | 23 | 192.168.2.23 | 34.9.14.83 |
May 14, 2022 04:20:42.658977985 CEST | 63465 | 23 | 192.168.2.23 | 73.36.212.122 |
May 14, 2022 04:20:42.658999920 CEST | 63465 | 23 | 192.168.2.23 | 206.73.3.124 |
May 14, 2022 04:20:42.659013033 CEST | 63465 | 23 | 192.168.2.23 | 109.195.207.87 |
May 14, 2022 04:20:42.659022093 CEST | 63465 | 23 | 192.168.2.23 | 171.232.4.86 |
May 14, 2022 04:20:42.659066916 CEST | 63465 | 23 | 192.168.2.23 | 150.200.195.225 |
May 14, 2022 04:20:42.659528971 CEST | 63465 | 23 | 192.168.2.23 | 16.159.66.220 |
May 14, 2022 04:20:42.659573078 CEST | 63465 | 23 | 192.168.2.23 | 17.61.75.30 |
May 14, 2022 04:20:42.659574986 CEST | 63465 | 23 | 192.168.2.23 | 166.169.246.208 |
May 14, 2022 04:20:42.659591913 CEST | 63465 | 23 | 192.168.2.23 | 116.204.209.141 |
May 14, 2022 04:20:42.659595013 CEST | 63465 | 23 | 192.168.2.23 | 58.99.168.232 |
May 14, 2022 04:20:42.659605980 CEST | 63465 | 23 | 192.168.2.23 | 73.62.112.234 |
May 14, 2022 04:20:42.659640074 CEST | 63465 | 23 | 192.168.2.23 | 205.163.247.5 |
May 14, 2022 04:20:42.659663916 CEST | 63465 | 23 | 192.168.2.23 | 253.55.45.116 |
May 14, 2022 04:20:42.659770012 CEST | 63465 | 23 | 192.168.2.23 | 86.167.29.112 |
May 14, 2022 04:20:42.659787893 CEST | 63465 | 23 | 192.168.2.23 | 4.92.5.202 |
May 14, 2022 04:20:42.659787893 CEST | 63465 | 23 | 192.168.2.23 | 34.52.200.159 |
May 14, 2022 04:20:42.659787893 CEST | 63465 | 23 | 192.168.2.23 | 113.137.31.26 |
May 14, 2022 04:20:42.659791946 CEST | 63465 | 23 | 192.168.2.23 | 73.210.29.244 |
May 14, 2022 04:20:42.659820080 CEST | 63465 | 23 | 192.168.2.23 | 188.108.158.175 |
May 14, 2022 04:20:42.659821987 CEST | 63465 | 23 | 192.168.2.23 | 192.52.0.173 |
May 14, 2022 04:20:42.659825087 CEST | 63465 | 23 | 192.168.2.23 | 195.113.216.20 |
May 14, 2022 04:20:42.659830093 CEST | 63465 | 23 | 192.168.2.23 | 71.124.102.220 |
May 14, 2022 04:20:42.659832001 CEST | 63465 | 23 | 192.168.2.23 | 37.199.215.135 |
May 14, 2022 04:20:42.659842968 CEST | 63465 | 23 | 192.168.2.23 | 197.153.137.27 |
May 14, 2022 04:20:42.659846067 CEST | 63465 | 23 | 192.168.2.23 | 196.37.202.244 |
May 14, 2022 04:20:42.659851074 CEST | 63465 | 23 | 192.168.2.23 | 77.210.89.31 |
May 14, 2022 04:20:42.659861088 CEST | 63465 | 23 | 192.168.2.23 | 38.151.157.84 |
May 14, 2022 04:20:42.659861088 CEST | 63465 | 23 | 192.168.2.23 | 88.246.255.149 |
May 14, 2022 04:20:42.659862995 CEST | 63465 | 23 | 192.168.2.23 | 247.110.227.167 |
May 14, 2022 04:20:42.659869909 CEST | 63465 | 23 | 192.168.2.23 | 126.96.90.102 |
May 14, 2022 04:20:42.659873009 CEST | 63465 | 23 | 192.168.2.23 | 62.83.237.61 |
May 14, 2022 04:20:42.659876108 CEST | 63465 | 23 | 192.168.2.23 | 163.124.249.227 |
May 14, 2022 04:20:42.659877062 CEST | 63465 | 23 | 192.168.2.23 | 142.99.152.123 |
May 14, 2022 04:20:42.659878016 CEST | 63465 | 23 | 192.168.2.23 | 73.174.205.135 |
May 14, 2022 04:20:42.659887075 CEST | 63465 | 23 | 192.168.2.23 | 148.118.221.183 |
May 14, 2022 04:20:42.659920931 CEST | 63465 | 23 | 192.168.2.23 | 218.194.224.1 |
May 14, 2022 04:20:42.659954071 CEST | 63465 | 23 | 192.168.2.23 | 58.4.173.183 |
May 14, 2022 04:20:42.659955978 CEST | 63465 | 23 | 192.168.2.23 | 204.142.154.120 |
May 14, 2022 04:20:42.660059929 CEST | 63465 | 23 | 192.168.2.23 | 80.107.141.63 |
May 14, 2022 04:20:42.660073996 CEST | 63465 | 23 | 192.168.2.23 | 103.151.130.201 |
May 14, 2022 04:20:42.660082102 CEST | 63465 | 23 | 192.168.2.23 | 213.92.132.127 |
May 14, 2022 04:20:42.660087109 CEST | 63465 | 23 | 192.168.2.23 | 60.86.37.91 |
May 14, 2022 04:20:42.660101891 CEST | 63465 | 23 | 192.168.2.23 | 157.234.27.169 |
May 14, 2022 04:20:42.660109043 CEST | 63465 | 23 | 192.168.2.23 | 70.155.144.160 |
May 14, 2022 04:20:42.660110950 CEST | 63465 | 23 | 192.168.2.23 | 35.233.43.32 |
May 14, 2022 04:20:42.660113096 CEST | 63465 | 23 | 192.168.2.23 | 107.132.61.243 |
May 14, 2022 04:20:42.660119057 CEST | 63465 | 23 | 192.168.2.23 | 94.58.197.74 |
May 14, 2022 04:20:42.660124063 CEST | 63465 | 23 | 192.168.2.23 | 163.61.49.109 |
May 14, 2022 04:20:42.660126925 CEST | 63465 | 23 | 192.168.2.23 | 124.239.137.207 |
May 14, 2022 04:20:42.660135031 CEST | 63465 | 23 | 192.168.2.23 | 110.243.1.246 |
May 14, 2022 04:20:42.660140991 CEST | 63465 | 23 | 192.168.2.23 | 182.111.132.67 |
May 14, 2022 04:20:42.660146952 CEST | 63465 | 23 | 192.168.2.23 | 197.150.254.250 |
May 14, 2022 04:20:42.660151005 CEST | 63465 | 23 | 192.168.2.23 | 161.15.167.151 |
May 14, 2022 04:20:42.660157919 CEST | 63465 | 23 | 192.168.2.23 | 34.133.53.197 |
May 14, 2022 04:20:42.660165071 CEST | 63465 | 23 | 192.168.2.23 | 167.239.98.184 |
May 14, 2022 04:20:42.660290003 CEST | 63465 | 23 | 192.168.2.23 | 47.144.6.73 |
May 14, 2022 04:20:42.660294056 CEST | 63465 | 23 | 192.168.2.23 | 18.115.165.254 |
May 14, 2022 04:20:42.660295010 CEST | 63465 | 23 | 192.168.2.23 | 206.43.133.189 |
May 14, 2022 04:20:42.660295010 CEST | 63465 | 23 | 192.168.2.23 | 205.209.93.197 |
May 14, 2022 04:20:42.660295963 CEST | 63465 | 23 | 192.168.2.23 | 141.170.179.128 |
May 14, 2022 04:20:42.660312891 CEST | 63465 | 23 | 192.168.2.23 | 153.111.21.41 |
May 14, 2022 04:20:42.660315990 CEST | 63465 | 23 | 192.168.2.23 | 188.187.101.54 |
May 14, 2022 04:20:42.660320997 CEST | 63465 | 23 | 192.168.2.23 | 212.166.193.44 |
May 14, 2022 04:20:42.660322905 CEST | 63465 | 23 | 192.168.2.23 | 39.136.156.77 |
May 14, 2022 04:20:42.660324097 CEST | 63465 | 23 | 192.168.2.23 | 13.30.8.185 |
May 14, 2022 04:20:42.660325050 CEST | 63465 | 23 | 192.168.2.23 | 197.248.224.0 |
May 14, 2022 04:20:42.660326958 CEST | 63465 | 23 | 192.168.2.23 | 9.125.212.46 |
May 14, 2022 04:20:42.660337925 CEST | 63465 | 23 | 192.168.2.23 | 138.238.224.135 |
May 14, 2022 04:20:42.660340071 CEST | 63465 | 23 | 192.168.2.23 | 172.149.214.3 |
May 14, 2022 04:20:42.660342932 CEST | 63465 | 23 | 192.168.2.23 | 74.44.111.245 |
May 14, 2022 04:20:42.660347939 CEST | 63465 | 23 | 192.168.2.23 | 130.221.43.212 |
May 14, 2022 04:20:42.660351038 CEST | 63465 | 23 | 192.168.2.23 | 217.51.240.162 |
System Behavior
Start time: | 04:20:40 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | /tmp/0rK5XxDyLK |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:20:41 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:35 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:35 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:35 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:40 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:40 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:35 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:35 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:20:41 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:20:41 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:20:41 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:35 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:23:35 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:20:41 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time: | 04:20:41 |
Start date: | 14/05/2022 |
Path: | /tmp/0rK5XxDyLK |
Arguments: | n/a |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |