Loading... Additional Content is being loaded
Linux
Analysis Report
PPyJlaRy0K
Overview
General Information
| Sample Name: | PPyJlaRy0K |
| Analysis ID: | 679491 |
| MD5: | 6e38620768d8b3cd84319f2ee3d4235d |
| SHA1: | 64a0eb90426549c47177b6d3f927a6fa7cd19cba |
| SHA256: | 0d69d7b91837715976e968862b79a944fe3d074713ce2d80f678af5993df75ed |
| Tags: | 32elfmiraimotorola |
| Infos: |  |
Detection
Mirai
| Score: | 68 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample deletes itself
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Classification
AV Detection |
  |
|---|
| Source: |
Avira: |
||
| Source: |
Virustotal: |
Perma Link | ||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
TCP traffic: |
||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Socket: |
Jump to behavior | ||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
TCP traffic detected without corresponding DNS query: |
||
| Source: |
.symtab present: |
||
| Source: |
SIGKILL sent: |
Jump to behavior | ||
| Source: |
SIGKILL sent: |
Jump to behavior | ||
| Source: |
SIGKILL sent: |
Jump to behavior | ||
| Source: |
SIGKILL sent: |
Jump to behavior | ||
| Source: |
SIGKILL sent: |
Jump to behavior | ||
| Source: |
SIGKILL sent: |
Jump to behavior | ||
| Source: |
Classification label: |
||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
File opened: |
Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection |
|
|---|
| Source: |
File: |
Jump to behavior | ||
| Source: |
Queries kernel information via 'uname': |
Jump to behavior | ||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
Stealing of Sensitive Information |
|
|---|
| Source: |
File source: |
||
Remote Access Functionality |
|
|---|
| Source: |
File source: |
||
No Screenshots
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Contacted Public IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 62.140.95.229 | unknown | Egypt | 36992 | ETISALAT-MISREG | false | |
| 144.44.131.254 | unknown | European Union | 21286 | KPN-CORPORATE-MARKETNL | false | |
| 48.239.135.196 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
| 63.140.123.191 | unknown | United States | 7782 | ALSK-7782US | false | |
| 206.50.86.49 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false | |
| 35.198.197.229 | unknown | United States | 15169 | GOOGLEUS | false | |
| 206.49.61.98 | unknown | United States | 5511 | OPENTRANSITFR | false | |
| 211.1.137.125 | unknown | Japan | 7670 | CTNETEnergiaCommunicationsIncJP | false | |
| 77.229.193.239 | unknown | Spain | 12430 | VODAFONE_ESES | false | |
| 110.167.255.14 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
| 85.36.243.95 | unknown | Italy | 3269 | ASN-IBSNAZIT | false | |
| 38.198.245.85 | unknown | United States | 174 | COGENT-174US | false | |
| 112.24.113.121 | unknown | China | 56046 | CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN | false | |
| 107.157.252.28 | unknown | United States | 7065 | SONOMAUS | false | |
| 20.41.197.186 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 115.27.36.214 | unknown | China | 24349 | CNGI-BJ-IX3-AS-APCERNET2IXatPekingUniversityCN | false | |
| 18.158.195.5 | unknown | United States | 16509 | AMAZON-02US | false | |
| 164.179.118.105 | unknown | United States | 37717 | EL-KhawarizmiTN | false | |
| 19.88.233.149 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
| 53.95.225.43 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
| 156.92.39.26 | unknown | United States | 10695 | WAL-MARTUS | false | |
| 108.69.103.251 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
| 48.188.11.242 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
| 141.61.172.159 | unknown | Germany | 680 | DFNVereinzurFoerderungeinesDeutschenForschungsnetzese | false | |
| 249.224.32.81 | unknown | Reserved | unknown | unknown | false | |
| 89.191.53.233 | unknown | Ireland | 34912 | IFN-ASIE | false | |
| 203.175.15.185 | unknown | Hong Kong | 132422 | TELECOM-HKHongKongTelecomGlobalDataCentreHK | false | |
| 70.53.164.81 | unknown | Canada | 577 | BACOMCA | false | |
| 185.93.212.192 | unknown | Austria | 5405 | CSO_NETAT | false | |
| 80.129.10.249 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
| 48.188.58.235 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
| 101.128.154.220 | unknown | Japan | 2497 | IIJInternetInitiativeJapanIncJP | false | |
| 212.200.150.44 | unknown | Serbia | 8400 | TELEKOM-ASRS | false | |
| 101.25.171.135 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
| 252.233.82.244 | unknown | Reserved | unknown | unknown | false | |
| 195.240.221.173 | unknown | Netherlands | 1136 | KPNKPNNationalEU | false | |
| 90.229.219.156 | unknown | Sweden | 3301 | TELIANET-SWEDENTeliaCompanySE | false | |
| 217.204.215.106 | unknown | United Kingdom | 4589 | EASYNETEasynetGlobalServicesEU | false | |
| 53.175.161.109 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
| 109.145.152.50 | unknown | United Kingdom | 2856 | BT-UK-ASBTnetUKRegionalnetworkGB | false | |
| 192.197.244.49 | unknown | Canada | 40119 | NAITCA | false | |
| 187.245.174.172 | unknown | Mexico | 13999 | MegaCableSAdeCVMX | false | |
| 122.132.163.153 | unknown | Japan | 2518 | BIGLOBEBIGLOBEIncJP | false | |
| 140.251.58.29 | unknown | United States | 20252 | JSIWMCUS | false | |
| 93.2.49.28 | unknown | France | 15557 | LDCOMNETFR | false | |
| 123.26.120.242 | unknown | Viet Nam | 45899 | VNPT-AS-VNVNPTCorpVN | false | |
| 136.236.253.143 | unknown | United States | 55836 | RELIANCEJIO-INRelianceJioInfocommLimitedIN | false | |
| 105.34.73.29 | unknown | Egypt | 37069 | MOBINILEG | false | |
| 117.124.229.145 | unknown | China | 7641 | CHINABTNChinaBroadcastingTVNetCN | false | |
| 170.80.238.157 | unknown | Brazil | 264900 | RJNETTelecomunicacoesLtdaMEBR | false | |
| 79.206.197.157 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
| 83.216.89.97 | unknown | United Kingdom | 29009 | UKBROADBAND-ASGB | false | |
| 47.148.154.31 | unknown | United States | 5650 | FRONTIER-FRTRUS | false | |
| 145.184.172.234 | unknown | Netherlands | 59524 | KPN-IAASNL | false | |
| 202.39.18.22 | unknown | Taiwan; Republic of China (ROC) | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
| 9.58.225.2 | unknown | United States | 3356 | LEVEL3US | false | |
| 118.140.192.89 | unknown | Hong Kong | 9304 | HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHK | false | |
| 58.249.118.249 | unknown | China | 17622 | CNCGROUP-GZChinaUnicomGuangzhounetworkCN | false | |
| 80.157.211.142 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
| 157.176.156.215 | unknown | United States | 22192 | SSHENETUS | false | |
| 34.139.83.202 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
| 106.83.177.81 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
| 38.89.199.238 | unknown | United States | 174 | COGENT-174US | false | |
| 205.162.26.114 | unknown | United States | 1239 | SPRINTLINKUS | false | |
| 85.135.185.167 | unknown | Slovakia (SLOVAK Republic) | 8257 | SLOVANET-BROADBANDhttpwwwslovanetnetSK | false | |
| 5.195.158.253 | unknown | United Arab Emirates | 5384 | EMIRATES-INTERNETEmiratesInternetAE | false | |
| 70.177.73.27 | unknown | United States | 22773 | ASN-CXA-ALL-CCI-22773-RDCUS | false | |
| 183.9.56.234 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
| 245.20.165.139 | unknown | Reserved | unknown | unknown | false | |
| 2.135.247.76 | unknown | Kazakhstan | 9198 | KAZTELECOM-ASKZ | false | |
| 116.151.71.20 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
| 80.15.108.19 | unknown | France | 3215 | FranceTelecom-OrangeFR | false | |
| 175.201.107.84 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
| 146.24.16.91 | unknown | United States | 197938 | TRAVIANGAMESDE | false | |
| 16.229.63.233 | unknown | United States | unknown | unknown | false | |
| 242.240.230.159 | unknown | Reserved | unknown | unknown | false | |
| 141.1.99.63 | unknown | Germany | 1273 | CWVodafoneGroupPLCEU | false | |
| 212.189.34.190 | unknown | Netherlands | 286 | KPNNL | false | |
| 250.203.44.27 | unknown | Reserved | unknown | unknown | false | |
| 87.135.183.102 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
| 98.103.113.20 | unknown | United States | 10796 | TWC-10796-MIDWESTUS | false | |
| 135.1.189.43 | unknown | United States | 10455 | LUCENT-CIOUS | false | |
| 175.252.70.19 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
| 73.252.98.90 | unknown | United States | 7922 | COMCAST-7922US | false | |
| 12.155.145.176 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
| 151.193.122.24 | unknown | United States | 13945 | PRISMTECHNOLOGIESABQUS | false | |
| 145.235.141.99 | unknown | Sweden | 1257 | TELE2EU | false | |
| 250.6.231.16 | unknown | Reserved | unknown | unknown | false | |
| 46.191.173.29 | unknown | Russian Federation | 24955 | UBN-ASRU | false | |
| 197.251.50.171 | unknown | Sudan | 37197 | SUDRENSD | false | |
| 161.211.117.223 | unknown | United States | 14513 | DMACCUS | false | |
| 152.0.229.102 | unknown | Dominican Republic | 6400 | CompaniaDominicanadeTelefonosSADO | false | |
| 66.43.252.243 | unknown | United States | 5056 | AUREON-5056US | false | |
| 37.96.237.17 | unknown | Denmark | 9158 | TELENOR_DANMARK_ASDK | false | |
| 23.1.146.48 | unknown | United States | 6762 | SEABONE-NETTELECOMITALIASPARKLESpAIT | false | |
| 205.143.2.90 | unknown | United States | 30404 | BSCL-11US | false | |
| 169.11.240.130 | unknown | United States | 203 | CENTURYLINK-LEGACY-LVLT-203US | false | |
| 145.161.131.111 | unknown | Netherlands | 59524 | KPN-IAASNL | false | |
| 115.120.47.40 | unknown | China | 4847 | CNIX-APChinaNetworksInter-ExchangeCN | false | |
| 18.247.1.132 | unknown | United States | 16509 | AMAZON-02US | false |