Edit tour
Linux
Analysis Report
PPyJlaRy0K
Overview
General Information
Sample Name: | PPyJlaRy0K |
Analysis ID: | 679491 |
MD5: | 6e38620768d8b3cd84319f2ee3d4235d |
SHA1: | 64a0eb90426549c47177b6d3f927a6fa7cd19cba |
SHA256: | 0d69d7b91837715976e968862b79a944fe3d074713ce2d80f678af5993df75ed |
Tags: | 32elfmiraimotorola |
Infos: |
Detection
Mirai
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample deletes itself
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 679491 |
Start date and time: 05/08/202221:53:08 | 2022-08-05 21:53:08 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | PPyJlaRy0K |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal68.troj.evad.lin@0/0@0/0 |
- Report size exceeded maximum capacity and may have missing network information.
- TCP Packets have been reduced to 100
Command: | /tmp/PPyJlaRy0K |
PID: | 6234 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | BEASTMODE-BITCHES@@"/proc |
Standard Error: |
- system is lnxubuntu20
- PPyJlaRy0K New Fork (PID: 6236, Parent: 6234)
- PPyJlaRy0K New Fork (PID: 6238, Parent: 6234)
- PPyJlaRy0K New Fork (PID: 6239, Parent: 6234)
- PPyJlaRy0K New Fork (PID: 6243, Parent: 6234)
- PPyJlaRy0K New Fork (PID: 6249, Parent: 6243)
- PPyJlaRy0K New Fork (PID: 6251, Parent: 6243)
- PPyJlaRy0K New Fork (PID: 6253, Parent: 6243)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | .symtab present: |
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: |
Source: | Classification label: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
60% | Virustotal | Browse | ||
100% | Avira | LINUX/Mirai.bonb |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
62.140.95.229 | unknown | Egypt | 36992 | ETISALAT-MISREG | false | |
144.44.131.254 | unknown | European Union | 21286 | KPN-CORPORATE-MARKETNL | false | |
48.239.135.196 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
63.140.123.191 | unknown | United States | 7782 | ALSK-7782US | false | |
206.50.86.49 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false | |
35.198.197.229 | unknown | United States | 15169 | GOOGLEUS | false | |
206.49.61.98 | unknown | United States | 5511 | OPENTRANSITFR | false | |
211.1.137.125 | unknown | Japan | 7670 | CTNETEnergiaCommunicationsIncJP | false | |
77.229.193.239 | unknown | Spain | 12430 | VODAFONE_ESES | false | |
110.167.255.14 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
85.36.243.95 | unknown | Italy | 3269 | ASN-IBSNAZIT | false | |
38.198.245.85 | unknown | United States | 174 | COGENT-174US | false | |
112.24.113.121 | unknown | China | 56046 | CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN | false | |
107.157.252.28 | unknown | United States | 7065 | SONOMAUS | false | |
20.41.197.186 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
115.27.36.214 | unknown | China | 24349 | CNGI-BJ-IX3-AS-APCERNET2IXatPekingUniversityCN | false | |
18.158.195.5 | unknown | United States | 16509 | AMAZON-02US | false | |
164.179.118.105 | unknown | United States | 37717 | EL-KhawarizmiTN | false | |
19.88.233.149 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
53.95.225.43 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
156.92.39.26 | unknown | United States | 10695 | WAL-MARTUS | false | |
108.69.103.251 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
48.188.11.242 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
141.61.172.159 | unknown | Germany | 680 | DFNVereinzurFoerderungeinesDeutschenForschungsnetzese | false | |
249.224.32.81 | unknown | Reserved | unknown | unknown | false | |
89.191.53.233 | unknown | Ireland | 34912 | IFN-ASIE | false | |
203.175.15.185 | unknown | Hong Kong | 132422 | TELECOM-HKHongKongTelecomGlobalDataCentreHK | false | |
70.53.164.81 | unknown | Canada | 577 | BACOMCA | false | |
185.93.212.192 | unknown | Austria | 5405 | CSO_NETAT | false | |
80.129.10.249 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
48.188.58.235 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
101.128.154.220 | unknown | Japan | 2497 | IIJInternetInitiativeJapanIncJP | false | |
212.200.150.44 | unknown | Serbia | 8400 | TELEKOM-ASRS | false | |
101.25.171.135 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
252.233.82.244 | unknown | Reserved | unknown | unknown | false | |
195.240.221.173 | unknown | Netherlands | 1136 | KPNKPNNationalEU | false | |
90.229.219.156 | unknown | Sweden | 3301 | TELIANET-SWEDENTeliaCompanySE | false | |
217.204.215.106 | unknown | United Kingdom | 4589 | EASYNETEasynetGlobalServicesEU | false | |
53.175.161.109 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
109.145.152.50 | unknown | United Kingdom | 2856 | BT-UK-ASBTnetUKRegionalnetworkGB | false | |
192.197.244.49 | unknown | Canada | 40119 | NAITCA | false | |
187.245.174.172 | unknown | Mexico | 13999 | MegaCableSAdeCVMX | false | |
122.132.163.153 | unknown | Japan | 2518 | BIGLOBEBIGLOBEIncJP | false | |
140.251.58.29 | unknown | United States | 20252 | JSIWMCUS | false | |
93.2.49.28 | unknown | France | 15557 | LDCOMNETFR | false | |
123.26.120.242 | unknown | Viet Nam | 45899 | VNPT-AS-VNVNPTCorpVN | false | |
136.236.253.143 | unknown | United States | 55836 | RELIANCEJIO-INRelianceJioInfocommLimitedIN | false | |
105.34.73.29 | unknown | Egypt | 37069 | MOBINILEG | false | |
117.124.229.145 | unknown | China | 7641 | CHINABTNChinaBroadcastingTVNetCN | false | |
170.80.238.157 | unknown | Brazil | 264900 | RJNETTelecomunicacoesLtdaMEBR | false | |
79.206.197.157 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
83.216.89.97 | unknown | United Kingdom | 29009 | UKBROADBAND-ASGB | false | |
47.148.154.31 | unknown | United States | 5650 | FRONTIER-FRTRUS | false | |
145.184.172.234 | unknown | Netherlands | 59524 | KPN-IAASNL | false | |
202.39.18.22 | unknown | Taiwan; Republic of China (ROC) | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
9.58.225.2 | unknown | United States | 3356 | LEVEL3US | false | |
118.140.192.89 | unknown | Hong Kong | 9304 | HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHK | false | |
58.249.118.249 | unknown | China | 17622 | CNCGROUP-GZChinaUnicomGuangzhounetworkCN | false | |
80.157.211.142 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
157.176.156.215 | unknown | United States | 22192 | SSHENETUS | false | |
34.139.83.202 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
106.83.177.81 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
38.89.199.238 | unknown | United States | 174 | COGENT-174US | false | |
205.162.26.114 | unknown | United States | 1239 | SPRINTLINKUS | false | |
85.135.185.167 | unknown | Slovakia (SLOVAK Republic) | 8257 | SLOVANET-BROADBANDhttpwwwslovanetnetSK | false | |
5.195.158.253 | unknown | United Arab Emirates | 5384 | EMIRATES-INTERNETEmiratesInternetAE | false | |
70.177.73.27 | unknown | United States | 22773 | ASN-CXA-ALL-CCI-22773-RDCUS | false | |
183.9.56.234 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
245.20.165.139 | unknown | Reserved | unknown | unknown | false | |
2.135.247.76 | unknown | Kazakhstan | 9198 | KAZTELECOM-ASKZ | false | |
116.151.71.20 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
80.15.108.19 | unknown | France | 3215 | FranceTelecom-OrangeFR | false | |
175.201.107.84 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
146.24.16.91 | unknown | United States | 197938 | TRAVIANGAMESDE | false | |
16.229.63.233 | unknown | United States | unknown | unknown | false | |
242.240.230.159 | unknown | Reserved | unknown | unknown | false | |
141.1.99.63 | unknown | Germany | 1273 | CWVodafoneGroupPLCEU | false | |
212.189.34.190 | unknown | Netherlands | 286 | KPNNL | false | |
250.203.44.27 | unknown | Reserved | unknown | unknown | false | |
87.135.183.102 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
98.103.113.20 | unknown | United States | 10796 | TWC-10796-MIDWESTUS | false | |
135.1.189.43 | unknown | United States | 10455 | LUCENT-CIOUS | false | |
175.252.70.19 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
73.252.98.90 | unknown | United States | 7922 | COMCAST-7922US | false | |
12.155.145.176 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
151.193.122.24 | unknown | United States | 13945 | PRISMTECHNOLOGIESABQUS | false | |
145.235.141.99 | unknown | Sweden | 1257 | TELE2EU | false | |
250.6.231.16 | unknown | Reserved | unknown | unknown | false | |
46.191.173.29 | unknown | Russian Federation | 24955 | UBN-ASRU | false | |
197.251.50.171 | unknown | Sudan | 37197 | SUDRENSD | false | |
161.211.117.223 | unknown | United States | 14513 | DMACCUS | false | |
152.0.229.102 | unknown | Dominican Republic | 6400 | CompaniaDominicanadeTelefonosSADO | false | |
66.43.252.243 | unknown | United States | 5056 | AUREON-5056US | false | |
37.96.237.17 | unknown | Denmark | 9158 | TELENOR_DANMARK_ASDK | false | |
23.1.146.48 | unknown | United States | 6762 | SEABONE-NETTELECOMITALIASPARKLESpAIT | false | |
205.143.2.90 | unknown | United States | 30404 | BSCL-11US | false | |
169.11.240.130 | unknown | United States | 203 | CENTURYLINK-LEGACY-LVLT-203US | false | |
145.161.131.111 | unknown | Netherlands | 59524 | KPN-IAASNL | false | |
115.120.47.40 | unknown | China | 4847 | CNIX-APChinaNetworksInter-ExchangeCN | false | |
18.247.1.132 | unknown | United States | 16509 | AMAZON-02US | false |
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.3139750011225555 |
TrID: |
|
File name: | PPyJlaRy0K |
File size: | 61576 |
MD5: | 6e38620768d8b3cd84319f2ee3d4235d |
SHA1: | 64a0eb90426549c47177b6d3f927a6fa7cd19cba |
SHA256: | 0d69d7b91837715976e968862b79a944fe3d074713ce2d80f678af5993df75ed |
SHA512: | aed43619bb54c0c9a61f25166820e0ea99756fb427faa96958af0a4ae26e7ee4d8af86eadf87441cd2d9c3649707329873262307d171577197cb26093687d38e |
SSDEEP: | 1536:soBAmWmHv11dPBEMURJA87HONbg1pr8QOEawj0GKLUKQf8V:s0wMqeuprJFjsVQG |
TLSH: | DE535CD9B8019E7DF58BEABE40224E0BF532761154921B377733FD83BD32169A816D0A |
File Content Preview: | .ELF.......................D...4.........4. ...(.................................. ....................(.......... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80000094 | 0x94 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.text | PROGBITS | 0x800000a8 | 0xa8 | 0xe22a | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x8000e2d2 | 0xe2d2 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.rodata | PROGBITS | 0x8000e2e0 | 0xe2e0 | 0x9aa | 0x0 | 0x2 | A | 0 | 0 | 2 |
.ctors | PROGBITS | 0x80010c90 | 0xec90 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x80010c98 | 0xec98 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x80010ca4 | 0xeca4 | 0x214 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x80010eb8 | 0xeeb8 | 0x474 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xeeb8 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x80000000 | 0x80000000 | 0xec8a | 0xec8a | 6.3460 | 0x5 | R E | 0x2000 | .init .text .fini .rodata | |
LOAD | 0xec90 | 0x80010c90 | 0x80010c90 | 0x228 | 0x69c | 3.0061 | 0x6 | RW | 0x2000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 21:53:54.976671934 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Aug 5, 2022 21:53:55.744803905 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Aug 5, 2022 21:53:56.542227030 CEST | 22336 | 23 | 192.168.2.23 | 87.210.246.66 |
Aug 5, 2022 21:53:56.542334080 CEST | 22336 | 23 | 192.168.2.23 | 100.217.179.67 |
Aug 5, 2022 21:53:56.542356014 CEST | 22336 | 23 | 192.168.2.23 | 85.89.248.250 |
Aug 5, 2022 21:53:56.542360067 CEST | 22336 | 23 | 192.168.2.23 | 73.188.248.66 |
Aug 5, 2022 21:53:56.542397022 CEST | 22336 | 23 | 192.168.2.23 | 37.57.196.67 |
Aug 5, 2022 21:53:56.542418957 CEST | 22336 | 23 | 192.168.2.23 | 24.226.175.162 |
Aug 5, 2022 21:53:56.542423964 CEST | 22336 | 23 | 192.168.2.23 | 255.45.201.130 |
Aug 5, 2022 21:53:56.542480946 CEST | 22336 | 23 | 192.168.2.23 | 118.6.202.2 |
Aug 5, 2022 21:53:56.542495966 CEST | 22336 | 23 | 192.168.2.23 | 103.23.121.53 |
Aug 5, 2022 21:53:56.542499065 CEST | 22336 | 23 | 192.168.2.23 | 37.16.119.250 |
Aug 5, 2022 21:53:56.542509079 CEST | 22336 | 23 | 192.168.2.23 | 72.255.62.167 |
Aug 5, 2022 21:53:56.542521954 CEST | 22336 | 23 | 192.168.2.23 | 250.44.70.188 |
Aug 5, 2022 21:53:56.542536974 CEST | 22336 | 23 | 192.168.2.23 | 158.62.134.130 |
Aug 5, 2022 21:53:56.542555094 CEST | 22336 | 23 | 192.168.2.23 | 69.240.254.252 |
Aug 5, 2022 21:53:56.542558908 CEST | 22336 | 23 | 192.168.2.23 | 216.52.158.24 |
Aug 5, 2022 21:53:56.542565107 CEST | 22336 | 23 | 192.168.2.23 | 149.245.247.81 |
Aug 5, 2022 21:53:56.542568922 CEST | 22336 | 23 | 192.168.2.23 | 221.76.76.236 |
Aug 5, 2022 21:53:56.542577028 CEST | 22336 | 23 | 192.168.2.23 | 90.119.253.21 |
Aug 5, 2022 21:53:56.542578936 CEST | 22336 | 23 | 192.168.2.23 | 63.146.227.93 |
Aug 5, 2022 21:53:56.542613029 CEST | 22336 | 23 | 192.168.2.23 | 20.255.244.64 |
Aug 5, 2022 21:53:56.542624950 CEST | 22336 | 23 | 192.168.2.23 | 108.95.111.113 |
Aug 5, 2022 21:53:56.542644024 CEST | 22336 | 23 | 192.168.2.23 | 24.7.228.58 |
Aug 5, 2022 21:53:56.542659998 CEST | 22336 | 23 | 192.168.2.23 | 182.40.146.73 |
Aug 5, 2022 21:53:56.542670965 CEST | 22336 | 23 | 192.168.2.23 | 101.168.167.150 |
Aug 5, 2022 21:53:56.542727947 CEST | 22336 | 23 | 192.168.2.23 | 190.188.150.35 |
Aug 5, 2022 21:53:56.542731047 CEST | 22336 | 23 | 192.168.2.23 | 110.181.146.188 |
Aug 5, 2022 21:53:56.542742014 CEST | 22336 | 23 | 192.168.2.23 | 165.210.218.182 |
Aug 5, 2022 21:53:56.542768002 CEST | 22336 | 23 | 192.168.2.23 | 67.164.195.154 |
Aug 5, 2022 21:53:56.542787075 CEST | 22336 | 23 | 192.168.2.23 | 246.92.76.37 |
Aug 5, 2022 21:53:56.542800903 CEST | 22336 | 23 | 192.168.2.23 | 14.138.46.56 |
Aug 5, 2022 21:53:56.542809963 CEST | 22336 | 23 | 192.168.2.23 | 248.87.218.6 |
Aug 5, 2022 21:53:56.542810917 CEST | 22336 | 23 | 192.168.2.23 | 62.64.250.35 |
Aug 5, 2022 21:53:56.542839050 CEST | 22336 | 23 | 192.168.2.23 | 220.236.59.178 |
Aug 5, 2022 21:53:56.542862892 CEST | 22336 | 23 | 192.168.2.23 | 222.97.96.168 |
Aug 5, 2022 21:53:56.542890072 CEST | 22336 | 23 | 192.168.2.23 | 45.255.238.141 |
Aug 5, 2022 21:53:56.542903900 CEST | 22336 | 23 | 192.168.2.23 | 68.21.122.98 |
Aug 5, 2022 21:53:56.542951107 CEST | 22336 | 23 | 192.168.2.23 | 219.235.198.222 |
Aug 5, 2022 21:53:56.542958021 CEST | 22336 | 23 | 192.168.2.23 | 71.61.180.90 |
Aug 5, 2022 21:53:56.542984962 CEST | 22336 | 23 | 192.168.2.23 | 254.136.234.105 |
Aug 5, 2022 21:53:56.542985916 CEST | 22336 | 23 | 192.168.2.23 | 87.239.133.13 |
Aug 5, 2022 21:53:56.542998075 CEST | 22336 | 23 | 192.168.2.23 | 216.14.185.220 |
Aug 5, 2022 21:53:56.543014050 CEST | 22336 | 23 | 192.168.2.23 | 94.142.216.192 |
Aug 5, 2022 21:53:56.543025017 CEST | 22336 | 23 | 192.168.2.23 | 149.105.76.88 |
Aug 5, 2022 21:53:56.543087006 CEST | 22336 | 23 | 192.168.2.23 | 157.45.195.215 |
Aug 5, 2022 21:53:56.543097019 CEST | 22336 | 23 | 192.168.2.23 | 53.99.102.21 |
Aug 5, 2022 21:53:56.543113947 CEST | 22336 | 23 | 192.168.2.23 | 5.75.255.80 |
Aug 5, 2022 21:53:56.543145895 CEST | 22336 | 23 | 192.168.2.23 | 216.205.196.93 |
Aug 5, 2022 21:53:56.543154001 CEST | 22336 | 23 | 192.168.2.23 | 158.76.172.152 |
Aug 5, 2022 21:53:56.543198109 CEST | 22336 | 23 | 192.168.2.23 | 39.154.236.34 |
Aug 5, 2022 21:53:56.543207884 CEST | 22336 | 23 | 192.168.2.23 | 213.170.199.110 |
Aug 5, 2022 21:53:56.543210030 CEST | 22336 | 23 | 192.168.2.23 | 133.57.200.77 |
Aug 5, 2022 21:53:56.543302059 CEST | 22336 | 23 | 192.168.2.23 | 150.165.136.126 |
Aug 5, 2022 21:53:56.543319941 CEST | 22336 | 23 | 192.168.2.23 | 48.25.189.228 |
Aug 5, 2022 21:53:56.543324947 CEST | 22336 | 23 | 192.168.2.23 | 40.93.139.239 |
Aug 5, 2022 21:53:56.543330908 CEST | 22336 | 23 | 192.168.2.23 | 47.250.39.168 |
Aug 5, 2022 21:53:56.543338060 CEST | 22336 | 23 | 192.168.2.23 | 251.212.205.41 |
Aug 5, 2022 21:53:56.543354988 CEST | 22336 | 23 | 192.168.2.23 | 184.100.240.226 |
Aug 5, 2022 21:53:56.543411016 CEST | 22336 | 23 | 192.168.2.23 | 122.212.231.231 |
Aug 5, 2022 21:53:56.543416977 CEST | 22336 | 23 | 192.168.2.23 | 159.179.131.151 |
Aug 5, 2022 21:53:56.543422937 CEST | 22336 | 23 | 192.168.2.23 | 19.207.20.20 |
Aug 5, 2022 21:53:56.543447971 CEST | 22336 | 23 | 192.168.2.23 | 254.133.68.230 |
Aug 5, 2022 21:53:56.543452978 CEST | 22336 | 23 | 192.168.2.23 | 111.149.242.55 |
Aug 5, 2022 21:53:56.543473959 CEST | 22336 | 23 | 192.168.2.23 | 64.36.195.58 |
Aug 5, 2022 21:53:56.543488979 CEST | 22336 | 23 | 192.168.2.23 | 101.67.146.21 |
Aug 5, 2022 21:53:56.543519020 CEST | 22336 | 23 | 192.168.2.23 | 101.237.74.31 |
Aug 5, 2022 21:53:56.543536901 CEST | 22336 | 23 | 192.168.2.23 | 194.193.212.105 |
Aug 5, 2022 21:53:56.543570995 CEST | 22336 | 23 | 192.168.2.23 | 140.209.52.172 |
Aug 5, 2022 21:53:56.543586969 CEST | 22336 | 23 | 192.168.2.23 | 109.180.34.204 |
Aug 5, 2022 21:53:56.543592930 CEST | 22336 | 23 | 192.168.2.23 | 125.150.191.22 |
Aug 5, 2022 21:53:56.543606997 CEST | 22336 | 23 | 192.168.2.23 | 213.180.96.90 |
Aug 5, 2022 21:53:56.543617964 CEST | 22336 | 23 | 192.168.2.23 | 98.2.123.225 |
Aug 5, 2022 21:53:56.543648005 CEST | 22336 | 23 | 192.168.2.23 | 133.119.228.244 |
Aug 5, 2022 21:53:56.543663025 CEST | 22336 | 23 | 192.168.2.23 | 191.234.217.75 |
Aug 5, 2022 21:53:56.543665886 CEST | 22336 | 23 | 192.168.2.23 | 57.249.172.218 |
Aug 5, 2022 21:53:56.543670893 CEST | 22336 | 23 | 192.168.2.23 | 173.115.238.104 |
Aug 5, 2022 21:53:56.543690920 CEST | 22336 | 23 | 192.168.2.23 | 124.59.253.199 |
Aug 5, 2022 21:53:56.543699980 CEST | 22336 | 23 | 192.168.2.23 | 4.254.89.86 |
Aug 5, 2022 21:53:56.543708086 CEST | 22336 | 23 | 192.168.2.23 | 68.227.163.70 |
Aug 5, 2022 21:53:56.543730974 CEST | 22336 | 23 | 192.168.2.23 | 206.215.8.185 |
Aug 5, 2022 21:53:56.543735027 CEST | 22336 | 23 | 192.168.2.23 | 117.224.2.16 |
Aug 5, 2022 21:53:56.543740988 CEST | 22336 | 23 | 192.168.2.23 | 247.87.151.87 |
Aug 5, 2022 21:53:56.543755054 CEST | 22336 | 23 | 192.168.2.23 | 102.197.87.91 |
Aug 5, 2022 21:53:56.543770075 CEST | 22336 | 23 | 192.168.2.23 | 211.70.212.10 |
Aug 5, 2022 21:53:56.543776989 CEST | 22336 | 23 | 192.168.2.23 | 177.48.165.55 |
Aug 5, 2022 21:53:56.543803930 CEST | 22336 | 23 | 192.168.2.23 | 83.158.108.195 |
Aug 5, 2022 21:53:56.543812037 CEST | 22336 | 23 | 192.168.2.23 | 247.61.85.49 |
Aug 5, 2022 21:53:56.543824911 CEST | 22336 | 23 | 192.168.2.23 | 141.6.100.131 |
Aug 5, 2022 21:53:56.543829918 CEST | 22336 | 23 | 192.168.2.23 | 105.159.28.61 |
Aug 5, 2022 21:53:56.543833017 CEST | 22336 | 23 | 192.168.2.23 | 211.53.168.86 |
Aug 5, 2022 21:53:56.543843985 CEST | 22336 | 23 | 192.168.2.23 | 37.165.130.180 |
Aug 5, 2022 21:53:56.543855906 CEST | 22336 | 23 | 192.168.2.23 | 181.254.34.142 |
Aug 5, 2022 21:53:56.543858051 CEST | 22336 | 23 | 192.168.2.23 | 9.207.81.20 |
Aug 5, 2022 21:53:56.543859959 CEST | 22336 | 23 | 192.168.2.23 | 183.231.149.60 |
Aug 5, 2022 21:53:56.543878078 CEST | 22336 | 23 | 192.168.2.23 | 197.72.239.204 |
Aug 5, 2022 21:53:56.543899059 CEST | 22336 | 23 | 192.168.2.23 | 14.246.230.33 |
Aug 5, 2022 21:53:56.543935061 CEST | 22336 | 23 | 192.168.2.23 | 246.253.112.38 |
Aug 5, 2022 21:53:56.543947935 CEST | 22336 | 23 | 192.168.2.23 | 126.253.128.34 |
Aug 5, 2022 21:53:56.543961048 CEST | 22336 | 23 | 192.168.2.23 | 123.185.10.106 |
System Behavior
Start time: | 21:53:52 |
Start date: | 05/08/2022 |
Path: | /tmp/PPyJlaRy0K |
Arguments: | /tmp/PPyJlaRy0K |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 21:53:56 |
Start date: | 05/08/2022 |
Path: | /tmp/PPyJlaRy0K |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 21:53:56 |
Start date: | 05/08/2022 |
Path: | /tmp/PPyJlaRy0K |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 21:53:56 |
Start date: | 05/08/2022 |
Path: | /tmp/PPyJlaRy0K |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 21:53:56 |
Start date: | 05/08/2022 |
Path: | /tmp/PPyJlaRy0K |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 21:54:02 |
Start date: | 05/08/2022 |
Path: | /tmp/PPyJlaRy0K |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 21:54:02 |
Start date: | 05/08/2022 |
Path: | /tmp/PPyJlaRy0K |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time: | 21:54:02 |
Start date: | 05/08/2022 |
Path: | /tmp/PPyJlaRy0K |
Arguments: | n/a |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |