Edit tour
Linux
Analysis Report
M5VGS77ZYY
Overview
General Information
Sample Name: | M5VGS77ZYY |
Analysis ID: | 626496 |
MD5: | d415fdebf7bd931bee44ead0bd610670 |
SHA1: | d86d4995ba2709a3a99087c2ddae368d9ffc4a09 |
SHA256: | a24e8198dde3955f7b2007a8b9e25eefa1f1dc30ffaac3f0b31d650930c63c1c |
Tags: | 32elfmiraimotorola |
Infos: |
Detection
Mirai
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 626496 |
Start date and time: 14/05/202204:55:32 | 2022-05-14 04:55:32 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | M5VGS77ZYY |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal60.troj.lin@0/0@0/0 |
- Report size exceeded maximum capacity and may have missing network information.
- TCP Packets have been reduced to 100
Command: | /tmp/M5VGS77ZYY |
PID: | 6250 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Connected To CNC |
Standard Error: |
- system is lnxubuntu20
- M5VGS77ZYY New Fork (PID: 6252, Parent: 6250)
- M5VGS77ZYY New Fork (PID: 6352, Parent: 6252)
- M5VGS77ZYY New Fork (PID: 6354, Parent: 6252)
- M5VGS77ZYY New Fork (PID: 6356, Parent: 6354)
- M5VGS77ZYY New Fork (PID: 6365, Parent: 6356)
- M5VGS77ZYY New Fork (PID: 6366, Parent: 6356)
- M5VGS77ZYY New Fork (PID: 6358, Parent: 6354)
- M5VGS77ZYY New Fork (PID: 6360, Parent: 6354)
- M5VGS77ZYY New Fork (PID: 6253, Parent: 6250)
- M5VGS77ZYY New Fork (PID: 6254, Parent: 6250)
- M5VGS77ZYY New Fork (PID: 6258, Parent: 6254)
- M5VGS77ZYY New Fork (PID: 6348, Parent: 6258)
- M5VGS77ZYY New Fork (PID: 6350, Parent: 6258)
- M5VGS77ZYY New Fork (PID: 6259, Parent: 6254)
- M5VGS77ZYY New Fork (PID: 6260, Parent: 6254)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Socket: | ||
Source: | Socket: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | .symtab present: |
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: |
Source: | Classification label: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Queries kernel information via 'uname': |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
51% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
151.237.40.148 | unknown | Bulgaria | 39024 | NASTECHBG | false | |
53.60.28.134 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
151.13.95.197 | unknown | Italy | 1267 | ASN-WINDTREIUNETEU | false | |
83.41.29.137 | unknown | Spain | 3352 | TELEFONICA_DE_ESPANAES | false | |
162.234.46.48 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
246.230.10.226 | unknown | Reserved | unknown | unknown | false | |
85.204.5.0 | unknown | Romania | 6830 | LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding | false | |
92.123.156.114 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
58.210.144.249 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
45.30.40.126 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
58.170.69.165 | unknown | Australia | 1221 | ASN-TELSTRATelstraCorporationLtdAU | false | |
211.3.200.9 | unknown | Japan | 4725 | ODNSoftBankMobileCorpJP | false | |
42.254.110.115 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
65.3.230.49 | unknown | United States | 16509 | AMAZON-02US | false | |
155.174.218.52 | unknown | United States | 797 | AMERITECH-ASUS | false | |
12.157.160.70 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
123.216.155.190 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | false | |
135.140.7.135 | unknown | United States | 10455 | LUCENT-CIOUS | false | |
191.186.71.159 | unknown | Brazil | 28573 | CLAROSABR | false | |
75.41.107.11 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
173.139.22.47 | unknown | United States | 10507 | SPCSUS | false | |
58.181.254.137 | unknown | Thailand | 7693 | COMNET-THKSCCommercialInternetCoLtdTH | false | |
247.234.69.3 | unknown | Reserved | unknown | unknown | false | |
220.44.187.236 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
221.133.37.91 | unknown | Malaysia | 38199 | MACROLYNX-ASMacroLynxSdnBhdInternetServiceProvider | false | |
111.161.26.53 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
248.88.181.80 | unknown | Reserved | unknown | unknown | false | |
158.86.240.54 | unknown | United States | 20379 | NET-BAKERUS | false | |
252.181.246.233 | unknown | Reserved | unknown | unknown | false | |
212.213.69.86 | unknown | Finland | 1759 | TSF-IP-CORETeliaFinlandOyjEU | false | |
207.161.43.85 | unknown | Canada | 7122 | MTS-ASNCA | false | |
41.54.12.214 | unknown | South Africa | 37168 | CELL-CZA | false | |
19.50.113.160 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
179.100.198.207 | unknown | Brazil | 27699 | TELEFONICABRASILSABR | false | |
169.153.114.127 | unknown | United States | 7867 | TECHDATAUS | false | |
68.43.78.181 | unknown | United States | 7922 | COMCAST-7922US | false | |
198.46.22.165 | unknown | United States | 39970 | ASN-CELLU-4US | false | |
218.127.26.8 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
249.40.124.233 | unknown | Reserved | unknown | unknown | false | |
53.188.22.90 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
20.26.222.244 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
187.130.196.250 | unknown | Mexico | 8151 | UninetSAdeCVMX | false | |
44.152.241.159 | unknown | United States | 62383 | LDS-ASBE | false | |
249.252.219.179 | unknown | Reserved | unknown | unknown | false | |
93.218.249.7 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
203.181.239.233 | unknown | Japan | 2907 | SINET-ASResearchOrganizationofInformationandSystemsN | false | |
179.232.195.123 | unknown | Brazil | 28573 | CLAROSABR | false | |
149.119.245.20 | unknown | United States | 11872 | SYRACUSE-UNIVERSITYUS | false | |
165.156.182.82 | unknown | United States | 203 | CENTURYLINK-LEGACY-LVLT-203US | false | |
145.81.44.110 | unknown | Netherlands | 1103 | SURFNET-NLSURFnetTheNetherlandsNL | false | |
75.172.178.48 | unknown | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false | |
249.154.124.25 | unknown | Reserved | unknown | unknown | false | |
18.134.54.218 | unknown | United States | 16509 | AMAZON-02US | false | |
186.54.121.8 | unknown | Uruguay | 6057 | AdministracionNacionaldeTelecomunicacionesUY | false | |
243.163.195.206 | unknown | Reserved | unknown | unknown | false | |
165.112.68.52 | unknown | United States | 3527 | NIH-NETUS | false | |
139.16.152.241 | unknown | Germany | 9905 | LINKNET-ID-APLinknetASNID | false | |
174.145.65.106 | unknown | United States | 10507 | SPCSUS | false | |
110.133.106.186 | unknown | Japan | 9824 | JTCL-JP-ASJupiterTelecommunicationCoLtdJP | false | |
23.164.102.127 | unknown | Reserved | 19382 | ONCORECA | false | |
245.148.189.114 | unknown | Reserved | unknown | unknown | false | |
133.132.203.243 | unknown | Japan | 9595 | XEPHIONNTT-MECorporationJP | false | |
195.187.223.187 | unknown | Poland | 8308 | NASK-COMMERCIALPL | false | |
8.81.11.14 | unknown | United States | 3356 | LEVEL3US | false | |
79.81.250.63 | unknown | France | 15557 | LDCOMNETFR | false | |
181.129.70.175 | unknown | Colombia | 13489 | EPMTelecomunicacionesSAESPCO | false | |
155.211.62.186 | unknown | Brazil | 766 | REDIRISRedIRISAutonomousSystemES | false | |
146.117.145.247 | unknown | unknown | 17477 | MCT-SYDNEYMacquarieTelecomAU | false | |
170.73.136.4 | unknown | United States | 16761 | FEDMOG-ASN-01US | false | |
209.171.31.17 | unknown | Canada | 852 | ASN852CA | false | |
83.171.56.79 | unknown | Lithuania | 2847 | LITNETLT | false | |
165.206.25.107 | unknown | United States | 6122 | ICN-ASUS | false | |
83.54.133.28 | unknown | Spain | 3352 | TELEFONICA_DE_ESPANAES | false | |
240.192.40.248 | unknown | Reserved | unknown | unknown | false | |
103.154.227.153 | unknown | unknown | 134687 | TWIDC-AS-APTWIDCLimitedHK | false | |
106.113.12.165 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
188.236.68.4 | unknown | Kuwait | 42961 | GPRS-ASZAINKW | false | |
103.61.202.112 | unknown | India | 134363 | EZIT-AS-APEZITSolutionsPteLtdSG | false | |
4.98.147.173 | unknown | United States | 3356 | LEVEL3US | false | |
208.230.47.139 | unknown | United States | 4208 | THE-ISERV-COMPANYUS | false | |
124.168.11.209 | unknown | Australia | 7545 | TPG-INTERNET-APTPGTelecomLimitedAU | false | |
176.82.83.147 | unknown | Spain | 3352 | TELEFONICA_DE_ESPANAES | false | |
156.55.39.71 | unknown | United States | 22146 | LANDAMUS | false | |
220.8.36.218 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
81.169.217.79 | unknown | Germany | 6724 | STRATOSTRATOAGDE | false | |
157.21.237.97 | unknown | United States | 53446 | EVMSUS | false | |
81.198.124.253 | unknown | Latvia | 12578 | APOLLO-ASLatviaLV | false | |
240.251.61.26 | unknown | Reserved | unknown | unknown | false | |
94.85.243.88 | unknown | Italy | 3269 | ASN-IBSNAZIT | false | |
83.46.55.114 | unknown | Spain | 3352 | TELEFONICA_DE_ESPANAES | false | |
44.171.139.253 | unknown | United States | 198785 | SEDMIODJEL-ASHR | false | |
154.110.211.72 | unknown | Tunisia | 37693 | TUNISIANATN | false | |
124.60.248.52 | unknown | Korea Republic of | 17858 | POWERVIS-AS-KRLGPOWERCOMMKR | false | |
124.40.196.71 | unknown | China | 58466 | CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN | false | |
222.162.181.46 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
193.220.12.22 | unknown | Norway | 5377 | MARLINK-EMEANO | false | |
189.61.156.222 | unknown | Brazil | 28573 | CLAROSABR | false | |
245.87.95.189 | unknown | Reserved | unknown | unknown | false | |
24.85.187.207 | unknown | Canada | 6327 | SHAWCA | false | |
108.113.255.120 | unknown | United States | 10507 | SPCSUS | false |
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.208009632389402 |
TrID: |
|
File name: | M5VGS77ZYY |
File size: | 52680 |
MD5: | d415fdebf7bd931bee44ead0bd610670 |
SHA1: | d86d4995ba2709a3a99087c2ddae368d9ffc4a09 |
SHA256: | a24e8198dde3955f7b2007a8b9e25eefa1f1dc30ffaac3f0b31d650930c63c1c |
SHA512: | e0924324036ddd2e9133d39168753b28911855273a627e74e238f4917e1a65be8c77f5db25002788a64cde4e41306aa38c2f8db5cd78245065e8124a2db48e4a |
SSDEEP: | 768:co/evkI0xRC1VNb6B31VVCkWF2QD98ZgFHq9w0fquhWew7p6X5JTa5DWg08i4n:coJI0jCd6GhfF/0fzhpS6X5JW5DW98tn |
TLSH: | AF332BDAB402AD7CF88FEA7E80174E0EB22026545453072B77BFFD937E322949952D46 |
File Content Preview: | .ELF.......................D...4...8.....4. ...(.................................. ....................p.......... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80000094 | 0x94 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.text | PROGBITS | 0x800000a8 | 0xa8 | 0xc4aa | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x8000c552 | 0xc552 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.rodata | PROGBITS | 0x8000c560 | 0xc560 | 0x522 | 0x0 | 0x2 | A | 0 | 0 | 2 |
.ctors | PROGBITS | 0x8000ea88 | 0xca88 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x8000ea90 | 0xca90 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x8000ea9c | 0xca9c | 0x15c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x8000ebf8 | 0xcbf8 | 0x23c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xcbf8 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x80000000 | 0x80000000 | 0xca82 | 0xca82 | 4.2370 | 0x5 | R E | 0x2000 | .init .text .fini .rodata | |
LOAD | 0xca88 | 0x8000ea88 | 0x8000ea88 | 0x170 | 0x3ac | 0.2080 | 0x6 | RW | 0x2000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 14, 2022 04:56:24.756659985 CEST | 23 | 38532 | 62.141.119.126 | 192.168.2.23 |
May 14, 2022 04:56:24.756839991 CEST | 38532 | 23 | 192.168.2.23 | 62.141.119.126 |
May 14, 2022 04:56:25.801326036 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
May 14, 2022 04:56:26.057337999 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
May 14, 2022 04:56:26.880717039 CEST | 39634 | 1312 | 192.168.2.23 | 198.98.54.25 |
May 14, 2022 04:56:26.886991978 CEST | 10886 | 23 | 192.168.2.23 | 203.227.76.157 |
May 14, 2022 04:56:26.887388945 CEST | 10886 | 23 | 192.168.2.23 | 60.57.87.155 |
May 14, 2022 04:56:26.887423992 CEST | 10886 | 23 | 192.168.2.23 | 169.220.25.105 |
May 14, 2022 04:56:26.887443066 CEST | 10886 | 23 | 192.168.2.23 | 12.108.125.203 |
May 14, 2022 04:56:26.887448072 CEST | 10886 | 23 | 192.168.2.23 | 18.72.69.103 |
May 14, 2022 04:56:26.887470007 CEST | 10886 | 23 | 192.168.2.23 | 41.68.123.209 |
May 14, 2022 04:56:26.887521982 CEST | 10886 | 23 | 192.168.2.23 | 73.35.152.69 |
May 14, 2022 04:56:26.887526989 CEST | 10886 | 23 | 192.168.2.23 | 48.57.127.196 |
May 14, 2022 04:56:26.887546062 CEST | 10886 | 23 | 192.168.2.23 | 158.251.86.76 |
May 14, 2022 04:56:26.887619019 CEST | 10886 | 23 | 192.168.2.23 | 150.122.244.200 |
May 14, 2022 04:56:26.887640953 CEST | 10886 | 23 | 192.168.2.23 | 37.130.236.117 |
May 14, 2022 04:56:26.887674093 CEST | 10886 | 23 | 192.168.2.23 | 104.133.180.16 |
May 14, 2022 04:56:26.887715101 CEST | 10886 | 23 | 192.168.2.23 | 63.192.94.233 |
May 14, 2022 04:56:26.887729883 CEST | 10886 | 23 | 192.168.2.23 | 169.243.20.154 |
May 14, 2022 04:56:26.887734890 CEST | 10886 | 23 | 192.168.2.23 | 166.73.193.120 |
May 14, 2022 04:56:26.887775898 CEST | 10886 | 23 | 192.168.2.23 | 221.29.107.237 |
May 14, 2022 04:56:26.887784004 CEST | 10886 | 23 | 192.168.2.23 | 92.135.68.163 |
May 14, 2022 04:56:26.887792110 CEST | 10886 | 23 | 192.168.2.23 | 183.235.148.197 |
May 14, 2022 04:56:26.887794018 CEST | 10886 | 23 | 192.168.2.23 | 216.101.65.207 |
May 14, 2022 04:56:26.887816906 CEST | 10886 | 23 | 192.168.2.23 | 38.116.78.199 |
May 14, 2022 04:56:26.887861967 CEST | 10886 | 23 | 192.168.2.23 | 126.40.190.88 |
May 14, 2022 04:56:26.887876034 CEST | 10886 | 23 | 192.168.2.23 | 187.34.248.129 |
May 14, 2022 04:56:26.887877941 CEST | 10886 | 23 | 192.168.2.23 | 200.206.232.208 |
May 14, 2022 04:56:26.887882948 CEST | 10886 | 23 | 192.168.2.23 | 253.11.162.193 |
May 14, 2022 04:56:26.887943983 CEST | 10886 | 23 | 192.168.2.23 | 155.201.217.73 |
May 14, 2022 04:56:26.887969017 CEST | 10886 | 23 | 192.168.2.23 | 112.14.195.21 |
May 14, 2022 04:56:26.887969971 CEST | 10886 | 23 | 192.168.2.23 | 122.58.177.6 |
May 14, 2022 04:56:26.887985945 CEST | 10886 | 23 | 192.168.2.23 | 151.165.107.248 |
May 14, 2022 04:56:26.887991905 CEST | 10886 | 23 | 192.168.2.23 | 93.85.229.156 |
May 14, 2022 04:56:26.888000965 CEST | 10886 | 23 | 192.168.2.23 | 96.5.216.127 |
May 14, 2022 04:56:26.888012886 CEST | 10886 | 23 | 192.168.2.23 | 105.80.231.155 |
May 14, 2022 04:56:26.888027906 CEST | 10886 | 23 | 192.168.2.23 | 197.65.67.244 |
May 14, 2022 04:56:26.888044119 CEST | 10886 | 23 | 192.168.2.23 | 200.141.226.69 |
May 14, 2022 04:56:26.888072968 CEST | 10886 | 23 | 192.168.2.23 | 112.44.19.72 |
May 14, 2022 04:56:26.888106108 CEST | 10886 | 23 | 192.168.2.23 | 68.239.246.86 |
May 14, 2022 04:56:26.888118982 CEST | 10886 | 23 | 192.168.2.23 | 103.172.116.137 |
May 14, 2022 04:56:26.888155937 CEST | 10886 | 23 | 192.168.2.23 | 192.69.62.239 |
May 14, 2022 04:56:26.888166904 CEST | 10886 | 23 | 192.168.2.23 | 111.190.53.39 |
May 14, 2022 04:56:26.888184071 CEST | 10886 | 23 | 192.168.2.23 | 105.171.30.92 |
May 14, 2022 04:56:26.888186932 CEST | 10886 | 23 | 192.168.2.23 | 187.153.193.172 |
May 14, 2022 04:56:26.888206959 CEST | 10886 | 23 | 192.168.2.23 | 143.2.121.43 |
May 14, 2022 04:56:26.888257980 CEST | 10886 | 23 | 192.168.2.23 | 126.227.239.106 |
May 14, 2022 04:56:26.888261080 CEST | 10886 | 23 | 192.168.2.23 | 149.140.8.224 |
May 14, 2022 04:56:26.888273001 CEST | 10886 | 23 | 192.168.2.23 | 253.163.89.73 |
May 14, 2022 04:56:26.888297081 CEST | 10886 | 23 | 192.168.2.23 | 79.195.253.175 |
May 14, 2022 04:56:26.888324976 CEST | 10886 | 23 | 192.168.2.23 | 66.106.97.181 |
May 14, 2022 04:56:26.888339996 CEST | 10886 | 23 | 192.168.2.23 | 151.162.1.56 |
May 14, 2022 04:56:26.888355970 CEST | 10886 | 23 | 192.168.2.23 | 94.34.11.172 |
May 14, 2022 04:56:26.888356924 CEST | 10886 | 23 | 192.168.2.23 | 94.152.66.11 |
May 14, 2022 04:56:26.888391018 CEST | 10886 | 23 | 192.168.2.23 | 74.106.28.173 |
May 14, 2022 04:56:26.888396025 CEST | 10886 | 23 | 192.168.2.23 | 114.19.85.216 |
May 14, 2022 04:56:26.888412952 CEST | 10886 | 23 | 192.168.2.23 | 83.134.53.171 |
May 14, 2022 04:56:26.888425112 CEST | 10886 | 23 | 192.168.2.23 | 203.55.31.99 |
May 14, 2022 04:56:26.888499022 CEST | 10886 | 23 | 192.168.2.23 | 194.7.89.116 |
May 14, 2022 04:56:26.888515949 CEST | 10886 | 23 | 192.168.2.23 | 144.20.106.7 |
May 14, 2022 04:56:26.888520002 CEST | 10886 | 23 | 192.168.2.23 | 65.62.131.203 |
May 14, 2022 04:56:26.888524055 CEST | 10886 | 23 | 192.168.2.23 | 135.41.193.62 |
May 14, 2022 04:56:26.888988018 CEST | 10886 | 23 | 192.168.2.23 | 253.17.149.205 |
May 14, 2022 04:56:26.888988018 CEST | 10886 | 23 | 192.168.2.23 | 208.53.19.145 |
May 14, 2022 04:56:26.889003038 CEST | 10886 | 23 | 192.168.2.23 | 241.104.208.142 |
May 14, 2022 04:56:26.889009953 CEST | 10886 | 23 | 192.168.2.23 | 240.70.139.137 |
May 14, 2022 04:56:26.889014959 CEST | 10886 | 23 | 192.168.2.23 | 192.96.66.109 |
May 14, 2022 04:56:26.889039040 CEST | 10886 | 23 | 192.168.2.23 | 87.122.126.179 |
May 14, 2022 04:56:26.889058113 CEST | 10886 | 23 | 192.168.2.23 | 113.144.17.193 |
May 14, 2022 04:56:26.889086008 CEST | 10886 | 23 | 192.168.2.23 | 42.187.253.129 |
May 14, 2022 04:56:26.889106035 CEST | 10886 | 23 | 192.168.2.23 | 183.211.247.99 |
May 14, 2022 04:56:26.889117956 CEST | 10886 | 23 | 192.168.2.23 | 178.12.26.97 |
May 14, 2022 04:56:26.889122963 CEST | 10886 | 23 | 192.168.2.23 | 101.76.9.208 |
May 14, 2022 04:56:26.889185905 CEST | 10886 | 23 | 192.168.2.23 | 156.221.191.129 |
May 14, 2022 04:56:26.889187098 CEST | 10886 | 23 | 192.168.2.23 | 218.161.33.100 |
May 14, 2022 04:56:26.889188051 CEST | 10886 | 23 | 192.168.2.23 | 126.106.12.67 |
May 14, 2022 04:56:26.889195919 CEST | 10886 | 23 | 192.168.2.23 | 218.152.92.237 |
May 14, 2022 04:56:26.897347927 CEST | 10886 | 23 | 192.168.2.23 | 145.231.215.45 |
May 14, 2022 04:56:26.897347927 CEST | 10886 | 23 | 192.168.2.23 | 123.181.170.166 |
May 14, 2022 04:56:26.897365093 CEST | 10886 | 23 | 192.168.2.23 | 92.51.248.243 |
May 14, 2022 04:56:26.897365093 CEST | 10886 | 23 | 192.168.2.23 | 220.59.189.186 |
May 14, 2022 04:56:26.897425890 CEST | 10886 | 23 | 192.168.2.23 | 67.205.73.17 |
May 14, 2022 04:56:26.897428989 CEST | 10886 | 23 | 192.168.2.23 | 61.16.125.79 |
May 14, 2022 04:56:26.897454023 CEST | 10886 | 23 | 192.168.2.23 | 166.67.25.153 |
May 14, 2022 04:56:26.897464037 CEST | 10886 | 23 | 192.168.2.23 | 27.110.182.18 |
May 14, 2022 04:56:26.897492886 CEST | 10886 | 23 | 192.168.2.23 | 57.202.30.126 |
May 14, 2022 04:56:26.897516966 CEST | 10886 | 23 | 192.168.2.23 | 54.103.218.159 |
May 14, 2022 04:56:26.897550106 CEST | 10886 | 23 | 192.168.2.23 | 38.211.80.67 |
May 14, 2022 04:56:26.897552013 CEST | 10886 | 23 | 192.168.2.23 | 96.197.105.94 |
May 14, 2022 04:56:26.897558928 CEST | 10886 | 23 | 192.168.2.23 | 250.239.229.118 |
May 14, 2022 04:56:26.897574902 CEST | 10886 | 23 | 192.168.2.23 | 96.164.47.196 |
May 14, 2022 04:56:26.897623062 CEST | 10886 | 23 | 192.168.2.23 | 149.196.31.51 |
May 14, 2022 04:56:26.897624969 CEST | 10886 | 23 | 192.168.2.23 | 34.182.192.211 |
May 14, 2022 04:56:26.897628069 CEST | 10886 | 23 | 192.168.2.23 | 8.78.247.151 |
May 14, 2022 04:56:26.897628069 CEST | 10886 | 23 | 192.168.2.23 | 249.254.224.237 |
May 14, 2022 04:56:26.897635937 CEST | 10886 | 23 | 192.168.2.23 | 240.35.106.157 |
May 14, 2022 04:56:26.897639036 CEST | 10886 | 23 | 192.168.2.23 | 217.201.83.148 |
May 14, 2022 04:56:26.897639990 CEST | 10886 | 23 | 192.168.2.23 | 37.87.246.5 |
May 14, 2022 04:56:26.897661924 CEST | 10886 | 23 | 192.168.2.23 | 222.40.155.158 |
May 14, 2022 04:56:26.897676945 CEST | 10886 | 23 | 192.168.2.23 | 20.57.69.235 |
System Behavior
Start time: | 04:56:26 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | /tmp/M5VGS77ZYY |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:56:26 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:17 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:17 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:17 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:22 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:22 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:17 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:17 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:56:26 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:56:26 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:56:26 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:17 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:59:17 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:56:26 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 04:56:26 |
Start date: | 14/05/2022 |
Path: | /tmp/M5VGS77ZYY |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |