Edit tour
Linux
Analysis Report
IsQzUGbu7m
Overview
General Information
Sample Name: | IsQzUGbu7m |
Analysis ID: | 626493 |
MD5: | f7aa71fcfc26a997be27cbbcbefe0178 |
SHA1: | 97e1d4f09e6452f51b069673b9a25b61e59e35a8 |
SHA256: | 986ec0cf250a130140e912d37abd078d45a0ae03749db84f133d43d380c0ea78 |
Tags: | 32elfmiraisparc |
Infos: |
Detection
Mirai
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 626493 |
Start date and time: 14/05/202204:48:01 | 2022-05-14 04:48:01 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | IsQzUGbu7m |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal60.troj.lin@0/0@0/0 |
- Report size exceeded maximum capacity and may have missing network information.
- TCP Packets have been reduced to 100
Command: | /tmp/IsQzUGbu7m |
PID: | 6233 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Connected To CNC |
Standard Error: |
- system is lnxubuntu20
- IsQzUGbu7m New Fork (PID: 6235, Parent: 6233)
- IsQzUGbu7m New Fork (PID: 6256, Parent: 6235)
- IsQzUGbu7m New Fork (PID: 6257, Parent: 6235)
- IsQzUGbu7m New Fork (PID: 6261, Parent: 6257)
- IsQzUGbu7m New Fork (PID: 6270, Parent: 6261)
- IsQzUGbu7m New Fork (PID: 6272, Parent: 6261)
- IsQzUGbu7m New Fork (PID: 6266, Parent: 6257)
- IsQzUGbu7m New Fork (PID: 6267, Parent: 6257)
- IsQzUGbu7m New Fork (PID: 6237, Parent: 6233)
- IsQzUGbu7m New Fork (PID: 6238, Parent: 6233)
- IsQzUGbu7m New Fork (PID: 6241, Parent: 6238)
- IsQzUGbu7m New Fork (PID: 6253, Parent: 6241)
- IsQzUGbu7m New Fork (PID: 6254, Parent: 6241)
- IsQzUGbu7m New Fork (PID: 6243, Parent: 6238)
- IsQzUGbu7m New Fork (PID: 6245, Parent: 6238)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | .symtab present: |
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: |
Source: | Classification label: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Queries kernel information via 'uname': |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
51% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
126.210.129.153 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
248.164.9.96 | unknown | Reserved | unknown | unknown | false | |
77.144.174.250 | unknown | France | 15557 | LDCOMNETFR | false | |
32.143.225.45 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
66.35.8.87 | unknown | United States | 40033 | RED-SPECTRUMUS | false | |
106.155.249.164 | unknown | Japan | 2516 | KDDIKDDICORPORATIONJP | false | |
20.55.77.85 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
75.216.184.154 | unknown | United States | 22394 | CELLCOUS | false | |
115.79.190.149 | unknown | Viet Nam | 7552 | VIETEL-AS-APViettelGroupVN | false | |
42.253.2.77 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
34.117.135.72 | unknown | United States | 139070 | GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | false | |
120.226.132.1 | unknown | China | 56047 | CMNET-HUNAN-APChinaMobilecommunicationscorporationCN | false | |
13.175.156.143 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
135.103.97.236 | unknown | United States | 10455 | LUCENT-CIOUS | false | |
12.50.176.179 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
17.28.6.77 | unknown | United States | 714 | APPLE-ENGINEERINGUS | false | |
220.8.207.208 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
240.106.155.214 | unknown | Reserved | unknown | unknown | false | |
155.27.126.3 | unknown | United States | 745 | AFCONC-BLOCK2-ASUS | false | |
220.18.216.194 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
111.238.136.117 | unknown | Japan | 2516 | KDDIKDDICORPORATIONJP | false | |
168.151.75.229 | unknown | United States | 204472 | ROYALEASNDE | false | |
154.81.0.139 | unknown | Seychelles | 35916 | MULTA-ASN1US | false | |
47.70.101.144 | unknown | United States | 3209 | VODANETInternationalIP-BackboneofVodafoneDE | false | |
16.35.207.179 | unknown | United States | unknown | unknown | false | |
202.33.85.184 | unknown | Japan | 4725 | ODNSoftBankMobileCorpJP | false | |
255.11.160.128 | unknown | Reserved | unknown | unknown | false | |
60.212.122.204 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
172.255.161.153 | unknown | United States | 395954 | LEASEWEB-USA-LAX-11US | false | |
115.18.127.255 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
208.51.98.38 | unknown | United States | 10753 | LVLT-10753US | false | |
177.146.70.182 | unknown | Brazil | 26599 | TELEFONICABRASILSABR | false | |
44.252.140.191 | unknown | United States | 16509 | AMAZON-02US | false | |
153.233.14.120 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | false | |
103.221.138.182 | unknown | China | 56209 | RKINFRATEL-INRKINFRATELLIMITEDIN | false | |
216.48.63.57 | unknown | United States | 7029 | WINDSTREAMUS | false | |
73.22.72.121 | unknown | United States | 7922 | COMCAST-7922US | false | |
93.139.200.217 | unknown | Croatia (LOCAL Name: Hrvatska) | 5391 | T-HTCroatianTelecomIncHR | false | |
194.62.20.20 | unknown | United Kingdom | 58092 | PAREXELDE | false | |
103.21.90.14 | unknown | Malaysia | 55720 | GIGABIT-MYGigabitHostingSdnBhdMY | false | |
95.137.228.92 | unknown | Georgia | 34797 | SYSTEM-NETGE | false | |
126.57.229.165 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
93.210.14.165 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
133.0.231.35 | unknown | Japan | 385 | AFCONC-BLOCK1-ASUS | false | |
76.23.203.172 | unknown | United States | 7922 | COMCAST-7922US | false | |
216.114.38.175 | unknown | United States | 17306 | RISE-BROADBANDUS | false | |
123.88.124.250 | unknown | China | 9394 | CTTNETChinaTieTongTelecommunicationsCorporationCN | false | |
39.120.100.75 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | false | |
198.156.62.130 | unknown | United States | 18676 | AVAYAUS | false | |
5.204.247.38 | unknown | Hungary | 8448 | PGSM-HUTorokbalintHungaryHU | false | |
1.31.36.230 | unknown | China | 139007 | UNICOM-NM-WULANCHABU-IDCUNICOMInnerMongoliaprovincenetwo | false | |
159.118.81.38 | unknown | United States | 11492 | CABLEONEUS | false | |
184.108.195.223 | unknown | United States | 7922 | COMCAST-7922US | false | |
124.17.131.62 | unknown | China | 7497 | CSTNET-AS-APComputerNetworkInformationCenterCN | false | |
119.25.73.160 | unknown | Japan | 9617 | ZAQJupiterTelecommunicationsCoLtdJP | false | |
112.221.18.251 | unknown | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | false | |
59.97.56.221 | unknown | India | 9829 | BSNL-NIBNationalInternetBackboneIN | false | |
219.116.5.217 | unknown | Japan | 2510 | INFOWEBFUJITSULIMITEDJP | false | |
108.22.174.0 | unknown | United States | 5650 | FRONTIER-FRTRUS | false | |
118.28.46.34 | unknown | China | 45090 | CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa | false | |
126.244.178.203 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
184.53.64.108 | unknown | United States | 6621 | HNS-DIRECPCUS | false | |
41.102.150.123 | unknown | Algeria | 36947 | ALGTEL-ASDZ | false | |
158.169.254.131 | unknown | Luxembourg | 42848 | EC-ASLU | false | |
190.159.114.159 | unknown | Colombia | 10620 | TelmexColombiaSACO | false | |
246.182.90.20 | unknown | Reserved | unknown | unknown | false | |
61.242.187.13 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
152.41.163.222 | unknown | United States | 22854 | CATAWBA-COLLEGEUS | false | |
184.205.51.18 | unknown | United States | 10507 | SPCSUS | false | |
70.77.213.159 | unknown | Canada | 6327 | SHAWCA | false | |
31.113.156.206 | unknown | United Kingdom | 12576 | EELtdGB | false | |
157.98.210.16 | unknown | United States | 3527 | NIH-NETUS | false | |
38.156.61.229 | unknown | United States | 174 | COGENT-174US | false | |
156.158.51.126 | unknown | Tanzania United Republic of | 37133 | airtel-tz-asTZ | false | |
89.236.193.114 | unknown | Uzbekistan | 34718 | TPSUZ-ASUZ | false | |
195.188.7.68 | unknown | United Kingdom | 5089 | NTLGB | false | |
87.251.163.157 | unknown | Russian Federation | 5563 | URALUralRegionalNetRU | false | |
113.91.231.215 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
173.81.206.128 | unknown | United States | 19108 | SUDDENLINK-COMMUNICATIONSUS | false | |
147.26.91.88 | unknown | United States | 18777 | TEXAS-STATE-UNIVERSITYUS | false | |
251.143.162.26 | unknown | Reserved | unknown | unknown | false | |
183.125.44.195 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
173.7.4.46 | unknown | United States | 10507 | SPCSUS | false | |
98.69.192.96 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
62.154.36.40 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
78.176.223.218 | unknown | Turkey | 9121 | TTNETTR | false | |
38.83.59.55 | unknown | United States | 174 | COGENT-174US | false | |
110.228.131.39 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
150.53.79.206 | unknown | Japan | 7522 | STCNSTNetIncorporatedJP | false | |
46.56.82.223 | unknown | Belarus | 25106 | MTSBY-ASBY | false | |
124.135.242.27 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
203.211.68.1 | unknown | New Zealand | 45177 | DEVOLI-AS-APDevoliNZ | false | |
146.239.92.69 | unknown | United States | 2018 | TENET-1ZA | false | |
130.10.80.11 | unknown | United States | 6908 | DATAHOPDatahop-SixDegreesGB | false | |
165.146.217.125 | unknown | South Africa | 5713 | SAIX-NETZA | false | |
36.70.76.239 | unknown | Indonesia | 7713 | TELKOMNET-AS-APPTTelekomunikasiIndonesiaID | false | |
91.105.101.227 | unknown | Latvia | 12578 | APOLLO-ASLatviaLV | false | |
75.237.138.157 | unknown | United States | 22394 | CELLCOUS | false | |
37.222.181.5 | unknown | Spain | 12430 | VODAFONE_ESES | false | |
197.109.109.87 | unknown | South Africa | 37168 | CELL-CZA | false |
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.0357073946651605 |
TrID: |
|
File name: | IsQzUGbu7m |
File size: | 60412 |
MD5: | f7aa71fcfc26a997be27cbbcbefe0178 |
SHA1: | 97e1d4f09e6452f51b069673b9a25b61e59e35a8 |
SHA256: | 986ec0cf250a130140e912d37abd078d45a0ae03749db84f133d43d380c0ea78 |
SHA512: | 005b1f5e0c3c85f21605e212dcc3968792f881b038b5131a4e78ddca4c812f8a9c469c1bd65c9e3ef257051762a11eae5e409630669e2af1f507b463d294ac66 |
SSDEEP: | 768:eLobAxU6q9Hfymp0xginuYvCkLB6WsTwIC1DQdszoDaS0O+DCD3:eL0AxvSHfymp0xgunvCkV6vTMDau4 |
TLSH: | A8432925AD792E26C0D8B57E11F78724F2F2620E25B8C65E3C721E4EEF04740A5537BA |
File Content Preview: | .ELF...........................4...l.....4. ...(.......................................................x............dt.Q................................@..(....@.8R................#.....b0..`.....!..... ...@.....".........`......$ ... ...@...........`.... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x10094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x100b0 | 0xb0 | 0xe180 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x1e230 | 0xe230 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1e248 | 0xe248 | 0x668 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.ctors | PROGBITS | 0x2e8b4 | 0xe8b4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x2e8bc | 0xe8bc | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x2e8c8 | 0xe8c8 | 0x164 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.bss | NOBITS | 0x2ea30 | 0xea2c | 0x288 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.shstrtab | STRTAB | 0x0 | 0xea2c | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x10000 | 0x10000 | 0xe8b0 | 0xe8b0 | 3.3884 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xe8b4 | 0x2e8b4 | 0x2e8b4 | 0x178 | 0x404 | 0.3183 | 0x6 | RW | 0x10000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 14, 2022 04:48:49.657222986 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
May 14, 2022 04:48:49.973232985 CEST | 60988 | 1312 | 192.168.2.23 | 107.172.197.117 |
May 14, 2022 04:48:50.004645109 CEST | 26166 | 23 | 192.168.2.23 | 91.160.26.149 |
May 14, 2022 04:48:50.004775047 CEST | 26166 | 23 | 192.168.2.23 | 72.176.227.158 |
May 14, 2022 04:48:50.004785061 CEST | 26166 | 23 | 192.168.2.23 | 145.240.131.5 |
May 14, 2022 04:48:50.004841089 CEST | 26166 | 23 | 192.168.2.23 | 212.112.175.12 |
May 14, 2022 04:48:50.004878998 CEST | 26166 | 23 | 192.168.2.23 | 81.182.152.203 |
May 14, 2022 04:48:50.004878998 CEST | 26166 | 23 | 192.168.2.23 | 76.166.153.29 |
May 14, 2022 04:48:50.005002022 CEST | 26166 | 23 | 192.168.2.23 | 104.137.71.145 |
May 14, 2022 04:48:50.005048990 CEST | 26166 | 23 | 192.168.2.23 | 118.51.19.207 |
May 14, 2022 04:48:50.005062103 CEST | 26166 | 23 | 192.168.2.23 | 9.124.78.196 |
May 14, 2022 04:48:50.005074024 CEST | 26166 | 23 | 192.168.2.23 | 18.113.38.234 |
May 14, 2022 04:48:50.005270004 CEST | 26166 | 23 | 192.168.2.23 | 45.190.96.73 |
May 14, 2022 04:48:50.005296946 CEST | 26166 | 23 | 192.168.2.23 | 246.192.251.239 |
May 14, 2022 04:48:50.005419016 CEST | 26166 | 23 | 192.168.2.23 | 116.78.119.81 |
May 14, 2022 04:48:50.005431890 CEST | 26166 | 23 | 192.168.2.23 | 202.136.235.247 |
May 14, 2022 04:48:50.005449057 CEST | 26166 | 23 | 192.168.2.23 | 116.187.69.12 |
May 14, 2022 04:48:50.005536079 CEST | 26166 | 23 | 192.168.2.23 | 31.2.93.252 |
May 14, 2022 04:48:50.005604029 CEST | 26166 | 23 | 192.168.2.23 | 196.18.142.193 |
May 14, 2022 04:48:50.005605936 CEST | 26166 | 23 | 192.168.2.23 | 72.214.248.45 |
May 14, 2022 04:48:50.005609035 CEST | 26166 | 23 | 192.168.2.23 | 153.153.244.240 |
May 14, 2022 04:48:50.005614042 CEST | 26166 | 23 | 192.168.2.23 | 113.173.204.100 |
May 14, 2022 04:48:50.005618095 CEST | 26166 | 23 | 192.168.2.23 | 241.254.59.246 |
May 14, 2022 04:48:50.005640030 CEST | 26166 | 23 | 192.168.2.23 | 165.238.35.244 |
May 14, 2022 04:48:50.005654097 CEST | 26166 | 23 | 192.168.2.23 | 39.113.51.236 |
May 14, 2022 04:48:50.005662918 CEST | 26166 | 23 | 192.168.2.23 | 72.157.59.232 |
May 14, 2022 04:48:50.005750895 CEST | 26166 | 23 | 192.168.2.23 | 47.174.234.169 |
May 14, 2022 04:48:50.005759001 CEST | 26166 | 23 | 192.168.2.23 | 194.185.174.186 |
May 14, 2022 04:48:50.005760908 CEST | 26166 | 23 | 192.168.2.23 | 173.159.22.86 |
May 14, 2022 04:48:50.005764008 CEST | 26166 | 23 | 192.168.2.23 | 196.118.234.121 |
May 14, 2022 04:48:50.005779028 CEST | 26166 | 23 | 192.168.2.23 | 180.66.37.195 |
May 14, 2022 04:48:50.005804062 CEST | 26166 | 23 | 192.168.2.23 | 72.91.152.195 |
May 14, 2022 04:48:50.005825043 CEST | 26166 | 23 | 192.168.2.23 | 100.48.208.186 |
May 14, 2022 04:48:50.005834103 CEST | 26166 | 23 | 192.168.2.23 | 124.202.200.248 |
May 14, 2022 04:48:50.005841017 CEST | 26166 | 23 | 192.168.2.23 | 19.186.225.227 |
May 14, 2022 04:48:50.005851984 CEST | 26166 | 23 | 192.168.2.23 | 60.131.156.196 |
May 14, 2022 04:48:50.005865097 CEST | 26166 | 23 | 192.168.2.23 | 200.74.78.189 |
May 14, 2022 04:48:50.005999088 CEST | 26166 | 23 | 192.168.2.23 | 218.6.181.33 |
May 14, 2022 04:48:50.005999088 CEST | 26166 | 23 | 192.168.2.23 | 66.60.220.247 |
May 14, 2022 04:48:50.006031990 CEST | 26166 | 23 | 192.168.2.23 | 193.205.99.14 |
May 14, 2022 04:48:50.006036997 CEST | 26166 | 23 | 192.168.2.23 | 99.206.2.88 |
May 14, 2022 04:48:50.006038904 CEST | 26166 | 23 | 192.168.2.23 | 90.166.185.88 |
May 14, 2022 04:48:50.006211042 CEST | 26166 | 23 | 192.168.2.23 | 181.74.224.48 |
May 14, 2022 04:48:50.006217003 CEST | 26166 | 23 | 192.168.2.23 | 198.175.72.235 |
May 14, 2022 04:48:50.006217957 CEST | 26166 | 23 | 192.168.2.23 | 20.80.238.203 |
May 14, 2022 04:48:50.006302118 CEST | 26166 | 23 | 192.168.2.23 | 156.240.217.32 |
May 14, 2022 04:48:50.006408930 CEST | 26166 | 23 | 192.168.2.23 | 99.205.40.193 |
May 14, 2022 04:48:50.006463051 CEST | 26166 | 23 | 192.168.2.23 | 200.110.24.114 |
May 14, 2022 04:48:50.006473064 CEST | 26166 | 23 | 192.168.2.23 | 135.98.94.210 |
May 14, 2022 04:48:50.006473064 CEST | 26166 | 23 | 192.168.2.23 | 247.243.0.194 |
May 14, 2022 04:48:50.006473064 CEST | 26166 | 23 | 192.168.2.23 | 112.205.216.169 |
May 14, 2022 04:48:50.006480932 CEST | 26166 | 23 | 192.168.2.23 | 242.12.75.124 |
May 14, 2022 04:48:50.006486893 CEST | 26166 | 23 | 192.168.2.23 | 130.251.42.170 |
May 14, 2022 04:48:50.006489038 CEST | 26166 | 23 | 192.168.2.23 | 47.228.44.218 |
May 14, 2022 04:48:50.006489992 CEST | 26166 | 23 | 192.168.2.23 | 218.43.222.227 |
May 14, 2022 04:48:50.006494045 CEST | 26166 | 23 | 192.168.2.23 | 112.181.79.91 |
May 14, 2022 04:48:50.006500006 CEST | 26166 | 23 | 192.168.2.23 | 253.18.55.184 |
May 14, 2022 04:48:50.006509066 CEST | 26166 | 23 | 192.168.2.23 | 45.110.122.56 |
May 14, 2022 04:48:50.006671906 CEST | 26166 | 23 | 192.168.2.23 | 202.115.234.64 |
May 14, 2022 04:48:50.006766081 CEST | 26166 | 23 | 192.168.2.23 | 155.70.141.34 |
May 14, 2022 04:48:50.006923914 CEST | 26166 | 23 | 192.168.2.23 | 212.55.87.15 |
May 14, 2022 04:48:50.006928921 CEST | 26166 | 23 | 192.168.2.23 | 248.38.170.102 |
May 14, 2022 04:48:50.006947041 CEST | 26166 | 23 | 192.168.2.23 | 210.189.99.79 |
May 14, 2022 04:48:50.006947041 CEST | 26166 | 23 | 192.168.2.23 | 37.48.179.43 |
May 14, 2022 04:48:50.006999969 CEST | 26166 | 23 | 192.168.2.23 | 184.86.80.144 |
May 14, 2022 04:48:50.007009983 CEST | 26166 | 23 | 192.168.2.23 | 99.47.0.232 |
May 14, 2022 04:48:50.007010937 CEST | 26166 | 23 | 192.168.2.23 | 170.119.239.91 |
May 14, 2022 04:48:50.007107019 CEST | 26166 | 23 | 192.168.2.23 | 213.42.149.24 |
May 14, 2022 04:48:50.007108927 CEST | 26166 | 23 | 192.168.2.23 | 67.11.142.65 |
May 14, 2022 04:48:50.007114887 CEST | 26166 | 23 | 192.168.2.23 | 223.224.185.207 |
May 14, 2022 04:48:50.007123947 CEST | 26166 | 23 | 192.168.2.23 | 217.166.181.124 |
May 14, 2022 04:48:50.007133007 CEST | 26166 | 23 | 192.168.2.23 | 219.179.44.18 |
May 14, 2022 04:48:50.007198095 CEST | 26166 | 23 | 192.168.2.23 | 34.16.27.171 |
May 14, 2022 04:48:50.007215023 CEST | 26166 | 23 | 192.168.2.23 | 132.1.40.216 |
May 14, 2022 04:48:50.007215977 CEST | 26166 | 23 | 192.168.2.23 | 124.238.3.242 |
May 14, 2022 04:48:50.007216930 CEST | 26166 | 23 | 192.168.2.23 | 57.129.51.62 |
May 14, 2022 04:48:50.007224083 CEST | 26166 | 23 | 192.168.2.23 | 94.26.34.164 |
May 14, 2022 04:48:50.007342100 CEST | 26166 | 23 | 192.168.2.23 | 48.245.39.50 |
May 14, 2022 04:48:50.007388115 CEST | 26166 | 23 | 192.168.2.23 | 202.232.19.43 |
May 14, 2022 04:48:50.007401943 CEST | 26166 | 23 | 192.168.2.23 | 141.187.92.170 |
May 14, 2022 04:48:50.007401943 CEST | 26166 | 23 | 192.168.2.23 | 187.66.113.240 |
May 14, 2022 04:48:50.007402897 CEST | 26166 | 23 | 192.168.2.23 | 45.13.146.43 |
May 14, 2022 04:48:50.007410049 CEST | 26166 | 23 | 192.168.2.23 | 86.30.15.220 |
May 14, 2022 04:48:50.007411957 CEST | 26166 | 23 | 192.168.2.23 | 40.178.51.54 |
May 14, 2022 04:48:50.007416010 CEST | 26166 | 23 | 192.168.2.23 | 96.120.153.65 |
May 14, 2022 04:48:50.007421017 CEST | 26166 | 23 | 192.168.2.23 | 197.30.49.182 |
May 14, 2022 04:48:50.007426023 CEST | 26166 | 23 | 192.168.2.23 | 205.185.102.161 |
May 14, 2022 04:48:50.007432938 CEST | 26166 | 23 | 192.168.2.23 | 251.110.154.226 |
May 14, 2022 04:48:50.007437944 CEST | 26166 | 23 | 192.168.2.23 | 86.18.84.75 |
May 14, 2022 04:48:50.007462978 CEST | 26166 | 23 | 192.168.2.23 | 85.42.4.167 |
May 14, 2022 04:48:50.007481098 CEST | 26166 | 23 | 192.168.2.23 | 189.213.172.41 |
May 14, 2022 04:48:50.007546902 CEST | 26166 | 23 | 192.168.2.23 | 117.40.101.25 |
May 14, 2022 04:48:50.007551908 CEST | 26166 | 23 | 192.168.2.23 | 106.227.144.11 |
May 14, 2022 04:48:50.007553101 CEST | 26166 | 23 | 192.168.2.23 | 13.89.163.142 |
May 14, 2022 04:48:50.007643938 CEST | 26166 | 23 | 192.168.2.23 | 244.60.13.176 |
May 14, 2022 04:48:50.007695913 CEST | 26166 | 23 | 192.168.2.23 | 160.77.115.176 |
May 14, 2022 04:48:50.007719040 CEST | 26166 | 23 | 192.168.2.23 | 203.85.69.5 |
May 14, 2022 04:48:50.007724047 CEST | 26166 | 23 | 192.168.2.23 | 34.38.233.204 |
May 14, 2022 04:48:50.007771015 CEST | 26166 | 23 | 192.168.2.23 | 164.183.33.194 |
May 14, 2022 04:48:50.007776022 CEST | 26166 | 23 | 192.168.2.23 | 125.37.0.36 |
System Behavior
Start time: | 04:48:49 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | /tmp/IsQzUGbu7m |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:49 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:49 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:49 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:49 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:59 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:49 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time: | 04:48:49 |
Start date: | 14/05/2022 |
Path: | /tmp/IsQzUGbu7m |
Arguments: | n/a |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |