Source: ntpd |
Virustotal: Detection: 66% |
Perma Link |
Source: ntpd |
ReversingLabs: Detection: 73% |
Source: /tmp/ntpd (PID: 6226) |
Opens: /proc/net/route |
Jump to behavior |
Source: ntpd |
String found in binary or memory: http://45.95.55.12/bins.sh; |
Source: ELF static info symbol of initial sample |
Name: passwords |
Source: ELF static info symbol of initial sample |
Name: usernames |
Source: ELF static info symbol of initial sample |
FILE: libc/string/mips/memcpy.S |
Source: ELF static info symbol of initial sample |
FILE: libc/string/mips/memset.S |
Source: ELF static info symbol of initial sample |
FILE: libc/sysdeps/linux/mips/crt1.S |
Source: ELF static info symbol of initial sample |
FILE: libc/sysdeps/linux/mips/crti.S |
Source: ELF static info symbol of initial sample |
FILE: libc/sysdeps/linux/mips/crtn.S |
Source: ELF static info symbol of initial sample |
FILE: libc/sysdeps/linux/mips/pipe.S |
Source: classification engine |
Classification label: mal60.spre.lin@0/1@0/0 |
Source: /tmp/ntpd (PID: 6226) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: ntpd, 6226.1.00000000746dfa48.00000000f019ae95.rw-.sdmp, ntpd, 6228.1.00000000746dfa48.00000000f019ae95.rw-.sdmp, ntpd, 6256.1.00000000746dfa48.00000000f019ae95.rw-.sdmp, ntpd, 6291.1.00000000746dfa48.00000000f019ae95.rw-.sdmp |
Binary or memory string: V!/etc/qemu-binfmt/mips |
Source: ntpd, 6226.1.00000000746dfa48.00000000f019ae95.rw-.sdmp, ntpd, 6228.1.00000000746dfa48.00000000f019ae95.rw-.sdmp, ntpd, 6256.1.00000000746dfa48.00000000f019ae95.rw-.sdmp, ntpd, 6291.1.00000000746dfa48.00000000f019ae95.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/mips |
Source: ntpd, 6226.1.00000000b4f86922.00000000f8117199.rw-.sdmp |
Binary or memory string: /tmp/qemu-open.xqNPAW |
Source: ntpd, 6226.1.00000000b4f86922.00000000f8117199.rw-.sdmp, ntpd, 6228.1.00000000b4f86922.00000000f8117199.rw-.sdmp, ntpd, 6256.1.00000000b4f86922.00000000f8117199.rw-.sdmp, ntpd, 6291.1.00000000b4f86922.00000000f8117199.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-mips |
Source: ntpd, 6226.1.00000000b4f86922.00000000f8117199.rw-.sdmp, ntpd, 6228.1.00000000b4f86922.00000000f8117199.rw-.sdmp, ntpd, 6256.1.00000000b4f86922.00000000f8117199.rw-.sdmp, ntpd, 6291.1.00000000b4f86922.00000000f8117199.rw-.sdmp |
Binary or memory string: yx86_64/usr/bin/qemu-mips/tmp/ntpdSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ntpd |
Source: ntpd, 6226.1.00000000b4f86922.00000000f8117199.rw-.sdmp |
Binary or memory string: V/tmp/qemu-open.xqNPAW\d |