Edit tour

Linux Analysis Report
VfI6kqTt8F

Overview

General Information

Sample Name:	VfI6kqTt8F
Analysis ID:	632622
MD5:	822f65d3280a617a10ace77b164fc87c
SHA1:	9ed00a8ac5ca877a908e8afeedcacfbe0937e156
SHA256:	741cfd59c77ee347bec2b9f14617554fae41bd89ab824f9d5c8e03101cf552f5
Tags:	64elfgafgyt
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Contains symbols with names commonly found in malware

Machine Learning detection for sample

Connects to many ports of the same IP (likely port scanning)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	632622
Start date and time: 23/05/202220:39:28	2022-05-23 20:39:28 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 21s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	VfI6kqTt8F
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal60.troj.lin@0/0@0/0

Runtime Messages

Command:	/tmp/VfI6kqTt8F
PID:	6225
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	$UICIDEBOY$
Standard Error:

Process Tree

system is lnxubuntu20

VfI6kqTt8F (PID: 6225, Parent: 6126, MD5: 822f65d3280a617a10ace77b164fc87c) Arguments: /tmp/VfI6kqTt8F

VfI6kqTt8F New Fork (PID: 6226, Parent: 6225)

VfI6kqTt8F New Fork (PID: 6227, Parent: 6226)

cleanup

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: VfI6kqTt8F	Virustotal: Detection: 26%			Perma Link
Source: VfI6kqTt8F	ReversingLabs: Detection: 36%

Machine Learning detection for sample

Source: VfI6kqTt8F

Joe Sandbox ML: detected

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 149.57.210.157 ports 57468,4,5,6,7,8

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic

TCP traffic: 192.168.2.23:36864 -> 149.57.210.157:57468

Source: /tmp/VfI6kqTt8F (PID: 6225)

Socket: 0.0.0.0::57461

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

System Summary

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample

Name: attack_checksum

Source: classification engine

Classification label: mal60.troj.lin@0/0@0/0

Source: ELF static info symbol of initial sample	FILE: libc/string/x86_64/memcpy.S
Source: ELF static info symbol of initial sample	FILE: libc/string/x86_64/memset.S
Source: ELF static info symbol of initial sample	FILE: libc/sysdeps/linux/x86_64/crt1.S
Source: ELF static info symbol of initial sample	FILE: libc/sysdeps/linux/x86_64/crti.S
Source: ELF static info symbol of initial sample	FILE: libc/sysdeps/linux/x86_64/crtn.S

Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2078/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1582/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2033/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2077/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2275/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2195/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1656/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1579/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1699/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1654/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1698/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2226/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/796/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2302/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/3236/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2025/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2146/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/799/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2307/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2080/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1594/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2242/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2285/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2084/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2083/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2281/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1668/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1349/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1623/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1622/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1389/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1664/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2038/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1465/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1586/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2114/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2235/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1463/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1661/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2079/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2156/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1629/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1627/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2637/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2294/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2009/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2129/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1633/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2128/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1632/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1599/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1477/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2289/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1639/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1638/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2208/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2180/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1809/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1890/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1888/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/2018/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1489/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1642/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/789/fd
Source: /tmp/VfI6kqTt8F (PID: 6227)	File opened: /proc/1648/fd

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
VfI6kqTt8F	26%	Virustotal		Browse
VfI6kqTt8F	37%	ReversingLabs	Linux.Trojan.Gafgyt
VfI6kqTt8F	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.57.210.157	unknown	United States	174	COGENT-174US	true
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.236172899857334
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	VfI6kqTt8F
File size:	44217
MD5:	822f65d3280a617a10ace77b164fc87c
SHA1:	9ed00a8ac5ca877a908e8afeedcacfbe0937e156
SHA256:	741cfd59c77ee347bec2b9f14617554fae41bd89ab824f9d5c8e03101cf552f5
SHA512:	67c7ce958524a9108da708615db4aa85c8558eb3323a5d2e20619f147dbb6897d2b48319585b4410e9ff9b3543392bb9ae113f0fa6fb2de11c4dc04d6ddf2d54
SSDEEP:	768:uhCZkraoM9OW4bNOj/TAUU3Gd1tckrosn:PZGr/1OTsUU3Gdwsn
TLSH:	9B1309272691C67FC8F64BF513D7D5315913B83A1B33220177E8BDAA6F4A9C82E5E104
File Content Preview:	.ELF..............>.......@.....@........i..........@.8...@.......................@.......@......U.......U.......................`.......`P......`P..............L..............Q.td....................................................H...._.....J..H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	26888
Section Header Size:	64
Number of Section Headers:	15
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	0	0	1
.text	PROGBITS	0x400100	0x100	0x4b18	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x404c18	0x4c18	0xe	0x0	0x6	AX	0	0	1
.rodata	PROGBITS	0x404c40	0x4c40	0x960	0x0	0x2	A	0	0	32
.eh_frame	PROGBITS	0x4055a0	0x55a0	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x506000	0x6000	0x10	0x0	0x3	WA	0	0	8
.dtors	PROGBITS	0x506010	0x6010	0x10	0x0	0x3	WA	0	0	8
.jcr	PROGBITS	0x506020	0x6020	0x8	0x0	0x3	WA	0	0	8
.data	PROGBITS	0x506040	0x6040	0x240	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x506280	0x6280	0x4988	0x0	0x3	WA	0	0	32
.comment	PROGBITS	0x0	0x6280	0x61e	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x689e	0x66	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x6cc8	0x2b98	0x18	0x0		14	157	8
.strtab	STRTAB	0x0	0x9860	0x1459	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x55a4	0x55a4	3.2394	0x5	R E	0x100000	.init .text .fini .rodata .eh_frame
LOAD	0x6000	0x506000	0x506000	0x280	0x4c08	1.6975	0x6	RW	0x100000	.ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000e8	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x400100	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x404c18	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x404c40	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x4055a0	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x506000	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x506010	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x506020	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x506040	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x506280	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
Q	.symtab	0x506420	16384	OBJECT	<unknown>	DEFAULT	10
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__CTOR_END__	.symtab	0x506008	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x506000	0	OBJECT	<unknown>	DEFAULT	6
__C_ctype_b	.symtab	0x506270	8	OBJECT	<unknown>	DEFAULT	9
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x4052a0	768	OBJECT	<unknown>	DEFAULT	4
__DTOR_END__	.symtab	0x506018	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x506010	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x4055a0	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x4055a0	0	OBJECT	<unknown>	DEFAULT	5
__GI___C_ctype_b	.symtab	0x506270	8	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_b_data	.symtab	0x4052a0	768	OBJECT	<unknown>	HIDDEN	4
__GI___ctype_b	.symtab	0x506278	8	OBJECT	<unknown>	HIDDEN	9
__GI___errno_location	.symtab	0x4024f8	6	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x401ff4	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_lseek	.symtab	0x4047e0	45	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x402190	106	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x404124	70	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x4041a3	67	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x404500	42	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x403758	276	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x403c3c	18	FUNC	<unknown>	HIDDEN	2
__GI_bind	.symtab	0x40263c	43	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x404bb0	43	FUNC	<unknown>	HIDDEN	2
__GI_clock_getres	.symtab	0x40452c	41	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x402058	41	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x402300	116	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x402668	43	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x50a45c	4	OBJECT	<unknown>	HIDDEN	10
__GI_exit	.symtab	0x403dc8	92	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x401ff4	100	FUNC	<unknown>	HIDDEN	2
__GI_fcntl64	.symtab	0x401ff4	100	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x402084	38	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x404558	82	FUNC	<unknown>	HIDDEN	2
__GI_fstat64	.symtab	0x404558	82	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x4046d8	35	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x4046fc	38	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x404724	38	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x40474c	38	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x404774	19	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x4020ac	38	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x404788	40	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x402694	41	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x4047b0	38	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x50a460	4	OBJECT	<unknown>	HIDDEN	10
__GI_inet_addr	.symtab	0x402620	28	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x404af8	137	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x403b83	185	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x4020fc	104	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x402164	44	FUNC	<unknown>	HIDDEN	2
__GI_listen	.symtab	0x4026f4	44	FUNC	<unknown>	HIDDEN	2
__GI_lseek	.symtab	0x4047e0	45	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x4047d8	5	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x404a90	102	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x402530	210	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x4044d0	48	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x404810	38	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x404838	38	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x402190	106	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x402374	243	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x404b84	18	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x403878	72	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x403a80	90	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x402234	39	FUNC	<unknown>	HIDDEN	2
__GI_readdir	.symtab	0x402468	143	FUNC	<unknown>	HIDDEN	2
__GI_readlink	.symtab	0x40225c	39	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x402720	11	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0x40272c	45	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x404860	74	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x40275c	11	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x402768	48	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x402284	38	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x402798	53	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x4039d8	168	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x4043d9	247	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x402800	168	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x4048ac	85	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x403e24	415	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x4027d0	47	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x403ada	169	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x403c50	10	FUNC	<unknown>	HIDDEN	2
__GI_strtoll	.symtab	0x403c50	10	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x403fc4	351	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x4022ac	39	FUNC	<unknown>	HIDDEN	2
__GI_times	.symtab	0x404904	39	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x4022d4	42	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x506020	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x506020	0	OBJECT	<unknown>	DEFAULT	8
__app_fini	.symtab	0x50a448	8	OBJECT	<unknown>	HIDDEN	10
__atexit_lock	.symtab	0x506240	40	OBJECT	<unknown>	DEFAULT	9
__bsd_signal	.symtab	0x402800	168	FUNC	<unknown>	HIDDEN	2
__bss_start	.symtab	0x506280	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x40416e	53	FUNC	<unknown>	DEFAULT	2
__ctype_b	.symtab	0x506278	8	OBJECT	<unknown>	DEFAULT	9
__curbrk	.symtab	0x50a468	8	OBJECT	<unknown>	HIDDEN	10
__data_start	.symtab	0x506050	0	NOTYPE	<unknown>	DEFAULT	9
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__do_global_ctors_aux	.symtab	0x404be0	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x400100	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x506040	0	OBJECT	<unknown>	HIDDEN	9
__environ	.symtab	0x50a438	8	OBJECT	<unknown>	DEFAULT	10
__errno_location	.symtab	0x4024f8	6	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x50a428	8	OBJECT	<unknown>	HIDDEN	10
__fini_array_end	.symtab	0x506000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x506000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__getdents	.symtab	0x4045ac	300	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x4045ac	300	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x404774	19	FUNC	<unknown>	DEFAULT	2
__h_errno_location	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__init_array_end	.symtab	0x506000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x506000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__libc_close	.symtab	0x402058	41	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x402668	43	FUNC	<unknown>	DEFAULT	2
__libc_creat	.symtab	0x4021fa	14	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x401ff4	100	FUNC	<unknown>	DEFAULT	2
__libc_fcntl64	.symtab	0x401ff4	100	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x402084	38	FUNC	<unknown>	DEFAULT	2
__libc_getpid	.symtab	0x4020ac	38	FUNC	<unknown>	DEFAULT	2
__libc_lseek	.symtab	0x4047e0	45	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x4047d8	5	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x404838	38	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x402190	106	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x402234	39	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x402720	11	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0x40272c	45	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x40275c	11	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x402768	48	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x4043d9	247	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x50a430	8	OBJECT	<unknown>	DEFAULT	10
__libc_write	.symtab	0x4022d4	42	FUNC	<unknown>	DEFAULT	2
__malloc_consolidate	.symtab	0x4033dd	410	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x402984	96	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x5060c0	40	OBJECT	<unknown>	DEFAULT	9
__malloc_state	.symtab	0x50a520	1752	OBJECT	<unknown>	DEFAULT	10
__malloc_trim	.symtab	0x403344	153	FUNC	<unknown>	DEFAULT	2
__pagesize	.symtab	0x50a440	8	OBJECT	<unknown>	DEFAULT	10
__preinit_array_end	.symtab	0x506000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x506000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x40416a	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x40416a	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x40416a	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x40416a	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x40416a	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_void	.symtab	0x40416d	1	FUNC	<unknown>	DEFAULT	2
__raise	.symtab	0x404b84	18	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__restore_rt	.symtab	0x4043d0	0	NOTYPE	<unknown>	DEFAULT	2
__rtld_fini	.symtab	0x50a450	8	OBJECT	<unknown>	HIDDEN	10
__sigaddset	.symtab	0x4028c8	28	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x4028e4	30	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x4028a8	32	FUNC	<unknown>	DEFAULT	2
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__sysv_signal	.symtab	0x402904	128	FUNC	<unknown>	DEFAULT	2
__uClibc_fini	.symtab	0x404124	70	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x4041a3	67	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x4041e6	489	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x506268	8	OBJECT	<unknown>	HIDDEN	9
__xstat64_conv	.symtab	0x40492c	172	FUNC	<unknown>	HIDDEN	2
__xstat_conv	.symtab	0x4049d8	172	FUNC	<unknown>	HIDDEN	2
_atoi	.symtab	0x401f10	87	FUNC	<unknown>	DEFAULT	2
_dl_aux_init	.symtab	0x404b98	23	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x50abf8	8	OBJECT	<unknown>	DEFAULT	10
_dl_phnum	.symtab	0x50ac00	8	OBJECT	<unknown>	DEFAULT	10
_edata	.symtab	0x506280	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x50ac08	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x50a45c	4	OBJECT	<unknown>	DEFAULT	10
_exit	.symtab	0x404500	42	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x404c18	5	FUNC	<unknown>	DEFAULT	3
_h_errno	.symtab	0x50a460	4	OBJECT	<unknown>	DEFAULT	10
_init	.symtab	0x4000e8	5	FUNC	<unknown>	DEFAULT	1
_memcpy	.symtab	0x4015de	65	FUNC	<unknown>	DEFAULT	2
_memmove	.symtab	0x40161f	136	FUNC	<unknown>	DEFAULT	2
_memset	.symtab	0x4016a7	50	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x40416d	1	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x40416d	1	FUNC	<unknown>	DEFAULT	2
_read	.symtab	0x401e9e	103	FUNC	<unknown>	DEFAULT	2
_sigintr	.symtab	0x50a4a0	128	OBJECT	<unknown>	HIDDEN	10
_start	.symtab	0x400194	42	FUNC	<unknown>	DEFAULT	2
_startswith	.symtab	0x401826	77	FUNC	<unknown>	DEFAULT	2
_stdio_init	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_stdio_term	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_stdlib_strto_l	.symtab	0x403c5c	362	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_strcat	.symtab	0x40171c	76	FUNC	<unknown>	DEFAULT	2
_strcmp	.symtab	0x401568	118	FUNC	<unknown>	DEFAULT	2
_strcpy	.symtab	0x4016d9	67	FUNC	<unknown>	DEFAULT	2
_strdup	.symtab	0x401768	59	FUNC	<unknown>	DEFAULT	2
_strlen	.symtab	0x401541	39	FUNC	<unknown>	DEFAULT	2
_strstr	.symtab	0x4017a3	131	FUNC	<unknown>	DEFAULT	2
abort	.symtab	0x403758	276	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
add_to_kill	.symtab	0x400a13	183	FUNC	<unknown>	DEFAULT	2
add_to_list	.symtab	0x400c08	123	FUNC	<unknown>	DEFAULT	2
alphanum	.symtab	0x404d20	63	OBJECT	<unknown>	DEFAULT	4
atoi	.symtab	0x403c3c	18	FUNC	<unknown>	DEFAULT	2
atoi.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_checksum	.symtab	0x401ae5	128	FUNC	<unknown>	DEFAULT	2
been_there_done_that	.symtab	0x50a420	4	OBJECT	<unknown>	DEFAULT	10
been_there_done_that.3160	.symtab	0x50a458	4	OBJECT	<unknown>	DEFAULT	10
bind	.symtab	0x40263c	43	FUNC	<unknown>	DEFAULT	2
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk	.symtab	0x404bb0	43	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x402800	168	FUNC	<unknown>	DEFAULT	2
c	.symtab	0x5060b0	4	OBJECT	<unknown>	DEFAULT	9
calloc	.symtab	0x40324c	248	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
check_connection	.symtab	0x40192d	98	FUNC	<unknown>	DEFAULT	2
check_fds	.symtab	0x400721	269	FUNC	<unknown>	DEFAULT	2
check_for_contraband	.symtab	0x400685	156	FUNC	<unknown>	DEFAULT	2
check_pid	.symtab	0x400cfc	120	FUNC	<unknown>	DEFAULT	2
check_realpath	.symtab	0x4005c2	195	FUNC	<unknown>	DEFAULT	2
check_whitelisted	.symtab	0x400558	106	FUNC	<unknown>	DEFAULT	2
checksum_generic	.symtab	0x401c38	113	FUNC	<unknown>	DEFAULT	2
checksum_tcpudp	.symtab	0x401ca9	216	FUNC	<unknown>	DEFAULT	2
clear_and_set_fd	.symtab	0x40198f	104	FUNC	<unknown>	DEFAULT	2
clock	.symtab	0x402500	46	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_getres	.symtab	0x40452c	41	FUNC	<unknown>	DEFAULT	2
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x402058	41	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close_fds	.symtab	0x401909	36	FUNC	<unknown>	DEFAULT	2
closedir	.symtab	0x402300	116	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
compare_realpaths	.symtab	0x400886	248	FUNC	<unknown>	DEFAULT	2
completed.2761	.symtab	0x506280	1	OBJECT	<unknown>	DEFAULT	10
confails.2480	.symtab	0x5062d0	4	OBJECT	<unknown>	DEFAULT	10
connect	.symtab	0x402668	43	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connection	.symtab	0x400272	400	FUNC	<unknown>	DEFAULT	2
connection.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connection_failed	.symtab	0x4019f7	100	FUNC	<unknown>	DEFAULT	2
creat	.symtab	0x4021fa	14	FUNC	<unknown>	DEFAULT	2
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x401bd8	96	FUNC	<unknown>	DEFAULT	2
data_start	.symtab	0x506050	0	NOTYPE	<unknown>	DEFAULT	9
delete_list	.symtab	0x40082e	88	FUNC	<unknown>	DEFAULT	2
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ensure	.symtab	0x4001c0	178	FUNC	<unknown>	DEFAULT	2
environ	.symtab	0x50a438	8	OBJECT	<unknown>	DEFAULT	10
errno	.symtab	0x50a45c	4	OBJECT	<unknown>	DEFAULT	10
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x403dc8	92	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x401ff4	100	FUNC	<unknown>	DEFAULT	2
fcntl64	.symtab	0x401ff4	100	FUNC	<unknown>	DEFAULT	2
flood.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x402084	38	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x400150	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x403577	452	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x404558	82	FUNC	<unknown>	DEFAULT	2
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat64	.symtab	0x404558	82	FUNC	<unknown>	DEFAULT	2
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x4046d8	35	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x4046fc	38	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x404724	38	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x40474c	38	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x404774	19	FUNC	<unknown>	DEFAULT	2
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x4020ac	38	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x4020d4	38	FUNC	<unknown>	DEFAULT	2
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x404788	40	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit64	.symtab	0x404788	40	FUNC	<unknown>	DEFAULT	2
getsockname	.symtab	0x402694	41	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x4026c0	50	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x4047b0	38	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x50a460	4	OBJECT	<unknown>	DEFAULT	10
htonl	.symtab	0x40260c	5	FUNC	<unknown>	DEFAULT	2
htons	.symtab	0x402604	8	FUNC	<unknown>	DEFAULT	2
i.3412	.symtab	0x5060b4	4	OBJECT	<unknown>	DEFAULT	9
inet_addr	.symtab	0x402620	28	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x404af8	137	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x403922	110	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x403b83	185	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x4020fc	104	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
k_head	.symtab	0x5062e0	8	OBJECT	<unknown>	DEFAULT	10
kill	.symtab	0x402164	44	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill_list	.symtab	0x40097e	149	FUNC	<unknown>	DEFAULT	2
killer.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_init	.symtab	0x400b9d	106	FUNC	<unknown>	DEFAULT	2
killer_kill	.symtab	0x400542	22	FUNC	<unknown>	DEFAULT	2
killer_pid	.symtab	0x50a478	4	OBJECT	<unknown>	DEFAULT	10
killer_send_result	.symtab	0x400538	10	FUNC	<unknown>	DEFAULT	2
killer_that_kills	.symtab	0x400aca	211	FUNC	<unknown>	DEFAULT	2
l_head	.symtab	0x506400	8	OBJECT	<unknown>	DEFAULT	10
last.1619	.symtab	0x506408	8	OBJECT	<unknown>	DEFAULT	10
libc/string/x86_64/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listen	.symtab	0x4026f4	44	FUNC	<unknown>	DEFAULT	2
listen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
locker.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
locker_init	.symtab	0x400e02	19	FUNC	<unknown>	DEFAULT	2
locker_that_locks	.symtab	0x400d74	142	FUNC	<unknown>	DEFAULT	2
lseek	.symtab	0x4047e0	45	FUNC	<unknown>	DEFAULT	2
lseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x4047d8	5	FUNC	<unknown>	DEFAULT	2
main	.symtab	0x400e18	196	FUNC	<unknown>	DEFAULT	2
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc	.symtab	0x4029e4	2149	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x40373b	28	FUNC	<unknown>	DEFAULT	2
memcpy	.symtab	0x404a90	102	FUNC	<unknown>	DEFAULT	2
memset	.symtab	0x402530	210	FUNC	<unknown>	DEFAULT	2
mmap	.symtab	0x4044d0	48	FUNC	<unknown>	DEFAULT	2
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x404810	38	FUNC	<unknown>	DEFAULT	2
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x506100	40	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x506140	40	OBJECT	<unknown>	DEFAULT	9
nanosleep	.symtab	0x404838	38	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohl	.symtab	0x402619	5	FUNC	<unknown>	DEFAULT	2
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x402611	8	FUNC	<unknown>	DEFAULT	2
object.2814	.symtab	0x5062a0	48	OBJECT	<unknown>	DEFAULT	10
open	.symtab	0x402190	106	FUNC	<unknown>	DEFAULT	2
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opendir	.symtab	0x402374	243	FUNC	<unknown>	DEFAULT	2
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
p.2759	.symtab	0x506048	0	OBJECT	<unknown>	DEFAULT	9
parser	.symtab	0x400edc	339	FUNC	<unknown>	DEFAULT	2
parser.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ping_watchdog	.symtab	0x401f67	139	FUNC	<unknown>	DEFAULT	2
prctl	.symtab	0x402208	44	FUNC	<unknown>	DEFAULT	2
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
raise	.symtab	0x404b84	18	FUNC	<unknown>	DEFAULT	2
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x40386c	11	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_alphanum	.symtab	0x401030	171	FUNC	<unknown>	DEFAULT	2
rand_cmwc	.symtab	0x401deb	179	FUNC	<unknown>	DEFAULT	2
rand_init	.symtab	0x4014ee	83	FUNC	<unknown>	DEFAULT	2
rand_next	.symtab	0x401b65	115	FUNC	<unknown>	DEFAULT	2
random	.symtab	0x403878	72	FUNC	<unknown>	DEFAULT	2
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x404da0	40	OBJECT	<unknown>	DEFAULT	4
random_r	.symtab	0x403a80	90	FUNC	<unknown>	DEFAULT	2
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x5061c0	128	OBJECT	<unknown>	DEFAULT	9
read	.symtab	0x402234	39	FUNC	<unknown>	DEFAULT	2
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir	.symtab	0x402468	143	FUNC	<unknown>	DEFAULT	2
readdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readlink	.symtab	0x40225c	39	FUNC	<unknown>	DEFAULT	2
readlink.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x402720	11	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvfrom	.symtab	0x40272c	45	FUNC	<unknown>	DEFAULT	2
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
remove_newline	.symtab	0x401d81	106	FUNC	<unknown>	DEFAULT	2
return_arch	.symtab	0x401f05	11	FUNC	<unknown>	DEFAULT	2
sbrk	.symtab	0x404860	74	FUNC	<unknown>	DEFAULT	2
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
search_list	.symtab	0x400c83	121	FUNC	<unknown>	DEFAULT	2
self_name	.symtab	0x50a470	8	OBJECT	<unknown>	DEFAULT	10
self_realpath	.symtab	0x506300	256	OBJECT	<unknown>	DEFAULT	10
send	.symtab	0x40275c	11	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendto	.symtab	0x402768	48	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
set_signals	.symtab	0x4018d6	51	FUNC	<unknown>	DEFAULT	2
setsid	.symtab	0x402284	38	FUNC	<unknown>	DEFAULT	2
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x402798	53	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x4038c0	98	FUNC	<unknown>	DEFAULT	2
setstate_r	.symtab	0x4039d8	168	FUNC	<unknown>	DEFAULT	2
setup_connection	.symtab	0x401873	99	FUNC	<unknown>	DEFAULT	2
sigaction	.symtab	0x4043d9	247	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x402800	168	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x4048ac	85	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x403e24	415	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x4027d0	47	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x403990	72	FUNC	<unknown>	DEFAULT	2
srandom	.symtab	0x403990	72	FUNC	<unknown>	DEFAULT	2
srandom_r	.symtab	0x403ada	169	FUNC	<unknown>	DEFAULT	2
strtoimax	.symtab	0x403c50	10	FUNC	<unknown>	DEFAULT	2
strtol	.symtab	0x403c50	10	FUNC	<unknown>	DEFAULT	2
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoll	.symtab	0x403c50	10	FUNC	<unknown>	DEFAULT	2
sysconf	.symtab	0x403fc4	351	FUNC	<unknown>	DEFAULT	2
sysconf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sysv_signal	.symtab	0x402904	128	FUNC	<unknown>	DEFAULT	2
sysv_signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
time	.symtab	0x4022ac	39	FUNC	<unknown>	DEFAULT	2
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
times	.symtab	0x404904	39	FUNC	<unknown>	DEFAULT	2
times.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
udp	.symtab	0x40043d	249	FUNC	<unknown>	DEFAULT	2
unsafe_state	.symtab	0x506180	48	OBJECT	<unknown>	DEFAULT	9
util.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util_isalpha	.symtab	0x401490	53	FUNC	<unknown>	DEFAULT	2
util_isdigit	.symtab	0x4014c5	41	FUNC	<unknown>	DEFAULT	2
util_local_addr	.symtab	0x401a5b	138	FUNC	<unknown>	DEFAULT	2
util_memcpy	.symtab	0x401195	69	FUNC	<unknown>	DEFAULT	2
util_memset	.symtab	0x401232	54	FUNC	<unknown>	DEFAULT	2
util_strcat	.symtab	0x401205	45	FUNC	<unknown>	DEFAULT	2
util_strcmp	.symtab	0x40111f	118	FUNC	<unknown>	DEFAULT	2
util_strcpy	.symtab	0x4011da	43	FUNC	<unknown>	DEFAULT	2
util_strlen	.symtab	0x4010dc	67	FUNC	<unknown>	DEFAULT	2
util_strncmp	.symtab	0x40139b	107	FUNC	<unknown>	DEFAULT	2
util_strstr	.symtab	0x401406	137	FUNC	<unknown>	DEFAULT	2
util_strtok	.symtab	0x401377	36	FUNC	<unknown>	DEFAULT	2
util_strtok_r	.symtab	0x401268	271	FUNC	<unknown>	DEFAULT	2
utils.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
w	.symtab	0x50a480	4	OBJECT	<unknown>	DEFAULT	10
watch	.symtab	0x400404	57	FUNC	<unknown>	DEFAULT	2
whitlistpaths	.symtab	0x506060	80	OBJECT	<unknown>	DEFAULT	9
write	.symtab	0x4022d4	42	FUNC	<unknown>	DEFAULT	2
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
x	.symtab	0x50a47c	4	OBJECT	<unknown>	DEFAULT	10
xstatconv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
y	.symtab	0x50a488	4	OBJECT	<unknown>	DEFAULT	10
z	.symtab	0x50a484	4	OBJECT	<unknown>	DEFAULT	10

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 23, 2022 20:40:15.851458073 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:40:15.921745062 CEST	42836	443	192.168.2.23	91.189.91.43
May 23, 2022 20:40:15.988784075 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:40:15.988841057 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:40:15.988887072 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:40:16.126007080 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:40:16.689985037 CEST	42516	80	192.168.2.23	109.202.202.202
May 23, 2022 20:40:31.794260025 CEST	43928	443	192.168.2.23	91.189.91.42
May 23, 2022 20:40:32.539169073 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:40:32.539392948 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:40:32.539458036 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:40:32.676707029 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:40:42.034621000 CEST	42836	443	192.168.2.23	91.189.91.43
May 23, 2022 20:40:46.130522966 CEST	42516	80	192.168.2.23	109.202.202.202
May 23, 2022 20:41:12.755178928 CEST	43928	443	192.168.2.23	91.189.91.42
May 23, 2022 20:41:32.543700933 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:41:32.543864012 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:41:32.543924093 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:41:32.681008101 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:42:32.551197052 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:42:32.551462889 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:42:32.551522017 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:42:32.688775063 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:43:32.557734013 CEST	57468	36864	149.57.210.157	192.168.2.23
May 23, 2022 20:43:32.558017969 CEST	36864	57468	192.168.2.23	149.57.210.157
May 23, 2022 20:43:32.703691959 CEST	57468	36864	149.57.210.157	192.168.2.23

System Behavior

Analysis Process: VfI6kqTt8F PID: 6225, Parent PID: 6126

General

Start time:	20:40:14
Start date:	23/05/2022
Path:	/tmp/VfI6kqTt8F
Arguments:	/tmp/VfI6kqTt8F
File size:	44217 bytes
MD5 hash:	822f65d3280a617a10ace77b164fc87c

Analysis Process: VfI6kqTt8F PID: 6226, Parent PID: 6225

General

Start time:	20:40:14
Start date:	23/05/2022
Path:	/tmp/VfI6kqTt8F
Arguments:	n/a
File size:	44217 bytes
MD5 hash:	822f65d3280a617a10ace77b164fc87c

Analysis Process: VfI6kqTt8F PID: 6227, Parent PID: 6226

General

Start time:	20:40:14
Start date:	23/05/2022
Path:	/tmp/VfI6kqTt8F
Arguments:	n/a
File size:	44217 bytes
MD5 hash:	822f65d3280a617a10ace77b164fc87c

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report VfI6kqTt8F

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Runtime Messages

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: VfI6kqTt8F PID: 6225, Parent PID: 6126

General

Analysis Process: VfI6kqTt8F PID: 6226, Parent PID: 6225

General

Analysis Process: VfI6kqTt8F PID: 6227, Parent PID: 6226

General

Linux Analysis Report
VfI6kqTt8F