Linux Analysis Report
7TgP3VbC81

Overview

General Information

Sample Name:	7TgP3VbC81
Analysis ID:	679614
MD5:	6b953ba2d7e62577777ffa13fda7672a
SHA1:	8b40a086aab5a866c9f003c9700cd24adb19d1c1
SHA256:	f1385883753c291d880e82d3abb6e91beaf067bc554da378e67a812fcd568b9e
Tags:	32elfmipsmirai
Infos:

Detection

Mirai

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: 7TgP3VbC81	Virustotal: Detection: 43%			Perma Link
Source: 7TgP3VbC81	ReversingLabs: Detection: 42%

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52460
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52462
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52470
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52474
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52478
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52480
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52486
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52490

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:53436 -> 46.23.109.40:1312

Sample listens on a socket

Source: /tmp/7TgP3VbC81 (PID: 6227)	Socket: 127.0.0.1::1312	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	Socket: 0.0.0.0::23	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	Socket: 0.0.0.0::37215	Jump to behavior

Source: unknown

DNS traffic detected: queries for: arcticboatz.cz

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44774

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 84.221.69.244
Source: unknown	TCP traffic detected without corresponding DNS query: 84.105.87.244
Source: unknown	TCP traffic detected without corresponding DNS query: 100.214.218.245
Source: unknown	TCP traffic detected without corresponding DNS query: 211.236.205.88
Source: unknown	TCP traffic detected without corresponding DNS query: 97.70.203.200
Source: unknown	TCP traffic detected without corresponding DNS query: 222.141.120.232
Source: unknown	TCP traffic detected without corresponding DNS query: 184.200.194.159
Source: unknown	TCP traffic detected without corresponding DNS query: 31.105.92.140
Source: unknown	TCP traffic detected without corresponding DNS query: 242.212.51.93
Source: unknown	TCP traffic detected without corresponding DNS query: 196.228.6.113
Source: unknown	TCP traffic detected without corresponding DNS query: 100.54.62.142
Source: unknown	TCP traffic detected without corresponding DNS query: 209.119.35.243
Source: unknown	TCP traffic detected without corresponding DNS query: 112.90.209.217
Source: unknown	TCP traffic detected without corresponding DNS query: 53.50.134.169
Source: unknown	TCP traffic detected without corresponding DNS query: 248.164.36.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.214.62.130
Source: unknown	TCP traffic detected without corresponding DNS query: 213.57.8.137
Source: unknown	TCP traffic detected without corresponding DNS query: 145.141.187.220
Source: unknown	TCP traffic detected without corresponding DNS query: 74.35.100.10
Source: unknown	TCP traffic detected without corresponding DNS query: 89.113.27.180
Source: unknown	TCP traffic detected without corresponding DNS query: 96.116.212.82
Source: unknown	TCP traffic detected without corresponding DNS query: 248.230.197.154
Source: unknown	TCP traffic detected without corresponding DNS query: 68.131.232.57
Source: unknown	TCP traffic detected without corresponding DNS query: 102.161.192.90
Source: unknown	TCP traffic detected without corresponding DNS query: 200.25.236.36
Source: unknown	TCP traffic detected without corresponding DNS query: 135.186.179.99
Source: unknown	TCP traffic detected without corresponding DNS query: 107.72.120.192
Source: unknown	TCP traffic detected without corresponding DNS query: 123.197.32.86
Source: unknown	TCP traffic detected without corresponding DNS query: 183.46.18.91
Source: unknown	TCP traffic detected without corresponding DNS query: 176.175.245.201
Source: unknown	TCP traffic detected without corresponding DNS query: 251.223.235.211
Source: unknown	TCP traffic detected without corresponding DNS query: 122.244.221.239
Source: unknown	TCP traffic detected without corresponding DNS query: 212.167.131.232
Source: unknown	TCP traffic detected without corresponding DNS query: 187.121.26.209
Source: unknown	TCP traffic detected without corresponding DNS query: 41.199.184.103
Source: unknown	TCP traffic detected without corresponding DNS query: 203.125.101.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.26.239.230
Source: unknown	TCP traffic detected without corresponding DNS query: 103.151.33.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.221.208.252
Source: unknown	TCP traffic detected without corresponding DNS query: 74.221.53.179
Source: unknown	TCP traffic detected without corresponding DNS query: 126.108.229.114
Source: unknown	TCP traffic detected without corresponding DNS query: 206.7.225.130
Source: unknown	TCP traffic detected without corresponding DNS query: 27.194.213.84
Source: unknown	TCP traffic detected without corresponding DNS query: 221.152.212.135
Source: unknown	TCP traffic detected without corresponding DNS query: 42.184.100.43
Source: unknown	TCP traffic detected without corresponding DNS query: 180.224.9.213
Source: unknown	TCP traffic detected without corresponding DNS query: 71.154.97.121
Source: unknown	TCP traffic detected without corresponding DNS query: 92.98.27.209

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/7TgP3VbC81 (PID: 6238)

SIGKILL sent: pid: 936, result: successful

Jump to behavior

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Source: Initial sample	String containing 'busybox' found: /bin/busybox AK1K2
Source: Initial sample	String containing 'busybox' found: /bin/busybox cp /bin/busybox retrieve && >retrieve && /bin/busybox chmod 777 retrieve && /bin/busybox cp /bin/busybox .t && >.t && /bin/busybox chmod 777 .t
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo -en '%s' %s %s && /bin/busybox echo -en '\x45\x43\x48\x4f\x44\x4f\x4e\x45'
Source: Initial sample	String containing 'busybox' found: >%st && cd %s && >retrieve; >.t/bin/busybox cp /bin/busybox retrieve && >retrieve && /bin/busybox chmod 777 retrieve && /bin/busybox cp /bin/busybox .t && >.t && /bin/busybox chmod 777 .t
Source: Initial sample	String containing 'busybox' found: >>>/bin/busybox echo -en '%s' %s %s && /bin/busybox echo -en '\x45\x43\x48\x4f\x44\x4f\x4e\x45'

Source: classification engine

Classification label: mal68.troj.lin@0/0@47/0

Enumerates processes within the "proc" file system

Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/7TgP3VbC81 (PID: 6238)	File opened: /proc/904/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52460
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52462
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52470
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52474
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52478
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52480
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52486
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 52490

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/7TgP3VbC81 (PID: 6227)

Queries kernel information via 'uname':

Jump to behavior

Source: 7TgP3VbC81, 6227.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp, 7TgP3VbC81, 6326.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp, 7TgP3VbC81, 6239.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/7TgP3VbC81SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/7TgP3VbC81
Source: 7TgP3VbC81, 6227.1.000055c657728000.000055c6577af000.rw-.sdmp, 7TgP3VbC81, 6326.1.000055c657728000.000055c6577af000.rw-.sdmp, 7TgP3VbC81, 6239.1.000055c657728000.000055c6577af000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: 7TgP3VbC81, 6227.1.000055c657728000.000055c6577af000.rw-.sdmp, 7TgP3VbC81, 6326.1.000055c657728000.000055c6577af000.rw-.sdmp, 7TgP3VbC81, 6239.1.000055c657728000.000055c6577af000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: 7TgP3VbC81, 6227.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp, 7TgP3VbC81, 6326.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp, 7TgP3VbC81, 6239.1.00007fff75ec6000.00007fff75ee7000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7TgP3VbC81, type: SAMPLE
Source: Yara match	File source: 6227.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6326.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6239.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7TgP3VbC81, type: SAMPLE
Source: Yara match	File source: 6227.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6326.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6239.1.00007f191c400000.00007f191c41c000.r-x.sdmp, type: MEMORY

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
17.159.246.11	unknown	United States	714	APPLE-ENGINEERINGUS	false
62.150.37.215	unknown	Kuwait	9155	QNETKuwaitKW	false
78.168.208.227	unknown	Turkey	9121	TTNETTR	false
77.204.100.77	unknown	France	15557	LDCOMNETFR	false
212.23.3.92	unknown	United Kingdom	13037	ZEN-ASZenInternet-UKGB	false
201.141.217.207	unknown	Mexico	28548	CablevisionSAdeCVMX	false
244.19.18.128	unknown	Reserved	unknown	unknown	false
223.162.231.54	unknown	China	7641	CHINABTNChinaBroadcastingTVNetCN	false
117.82.145.160	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
165.166.17.220	unknown	United States	2711	SPIRITTEL-ASUS	false
106.189.251.218	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
223.124.111.175	unknown	China	58453	CMI-INT-HKLevel30Tower1HK	false
86.75.116.7	unknown	France	15557	LDCOMNETFR	false
124.177.22.131	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
182.176.253.238	unknown	Pakistan	45595	PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPK	false
217.204.250.90	unknown	United Kingdom	4589	EASYNETEasynetGlobalServicesEU	false
169.115.139.77	unknown	United States	37611	AfrihostZA	false
13.241.78.232	unknown	United States	16509	AMAZON-02US	false
154.159.56.192	unknown	Kenya	36926	CKL1-ASNKE	false
57.72.103.249	unknown	Belgium	4862	EQUANT-ASIAOrangeBusinessASforAsiaHK	false
62.63.234.103	unknown	Sweden	8473	BAHNHOFhttpwwwbahnhofnetSE	false
94.82.90.48	unknown	Italy	3269	ASN-IBSNAZIT	false
212.246.13.206	unknown	Finland	719	ELISA-ASHelsinkiFinlandEU	false
48.205.4.172	unknown	United States	2686	ATGS-MMD-ASUS	false
67.36.232.196	unknown	United States	7018	ATT-INTERNET4US	false
152.78.134.107	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
60.14.98.46	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
59.33.173.191	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
175.233.21.253	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
107.239.190.125	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
206.33.161.60	unknown	United States	3356	LEVEL3US	false
45.133.252.66	unknown	Netherlands	39855	MOD-EUNL	false
201.233.213.59	unknown	Colombia	13489	EPMTelecomunicacionesSAESPCO	false
66.199.253.54	unknown	United States	15149	EZZI-101-BGPUS	false
69.48.43.242	unknown	United States	7029	WINDSTREAMUS	false
196.19.248.151	unknown	Seychelles	134451	NME-INDONESIA-AS-APNewMediaExpressPteLtdID	false
205.126.90.244	unknown	United States	210	WEST-NET-WESTUS	false
167.247.32.221	unknown	United States	22808	RESOURCES-22808US	false
213.214.202.178	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
172.130.165.136	unknown	United States	7018	ATT-INTERNET4US	false
156.50.126.194	unknown	Australia	7474	OPTUSCOM-AS01-AUSingTelOptusPtyLtdAU	false
70.19.140.120	unknown	United States	701	UUNETUS	false
222.77.88.125	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
70.9.41.41	unknown	United States	10507	SPCSUS	false
40.47.32.119	unknown	United States	4249	LILLY-ASUS	false
44.75.155.206	unknown	United States	7377	UCSDUS	false
84.14.172.232	unknown	France	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
173.206.218.17	unknown	Canada	6407	PRIMUS-AS6407CA	false
98.169.64.222	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
120.37.237.252	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
46.214.56.192	unknown	Romania	48161	NG-ASSosBucuresti-Ploiestinr42-44RO	false
202.218.0.138	unknown	Japan	4694	IDCFIDCFrontierIncJP	false
166.78.21.96	unknown	United States	33070	RMH-14US	false
149.182.164.178	unknown	United Kingdom	87	INDIANA-ASUS	false
172.199.5.143	unknown	Australia	18747	IFX18747US	false
71.170.191.70	unknown	United States	5650	FRONTIER-FRTRUS	false
152.10.107.193	unknown	United States	81	NCRENUS	false
160.218.217.91	unknown	Czech Republic	5610	O2-CZECH-REPUBLICCZ	false
138.196.204.99	unknown	United States	21727	HAMLINE-EDUUS	false
148.185.181.95	unknown	European Union	3423	ATTIS-ASN3423US	false
198.202.36.252	unknown	United States	19631	TRAVELPORTUS	false
121.213.76.151	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
120.49.195.34	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
159.140.225.110	unknown	United States	17264	CERNER-COMUS	false
19.30.101.119	unknown	United States	3	MIT-GATEWAYSUS	false
62.187.201.147	unknown	European Union	34456	RIALCOM-ASRU	false
146.175.71.245	unknown	Belgium	2611	BELNETBE	false
253.187.143.75	unknown	Reserved	unknown	unknown	false
99.190.37.164	unknown	United States	7018	ATT-INTERNET4US	false
107.38.10.186	unknown	United States	16567	NETRIX-16567US	false
95.225.107.143	unknown	Italy	3269	ASN-IBSNAZIT	false
82.139.56.71	unknown	Poland	29314	VECTRANET-ASAlZwyciestwa25381-525GdyniaPolandPL	false
80.146.251.45	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
119.93.5.1	unknown	Philippines	9299	IPG-AS-APPhilippineLongDistanceTelephoneCompanyPH	false
148.251.220.122	unknown	Germany	24940	HETZNER-ASDE	false
59.170.157.125	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
18.73.47.59	unknown	United States	3	MIT-GATEWAYSUS	false
83.174.246.4	unknown	Russian Federation	28812	JSCBIS-ASRU	false
80.88.60.229	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
179.32.239.37	unknown	Colombia	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
45.39.118.65	unknown	United States	18779	EGIHOSTINGUS	false
184.2.144.241	unknown	United States	14905	CENTURYLINK-LEGACY-EMBARQ-VACHVLUS	false
242.158.175.117	unknown	Reserved	unknown	unknown	false
62.40.163.77	unknown	Austria	8339	KABSI-ASAT	false
67.136.85.220	unknown	United States	7385	ALLSTREAMUS	false
66.96.2.234	unknown	United States	13337	EVWI-NET-01US	false
163.156.1.252	unknown	United Kingdom	9452	KUNET-ASKoreaUniversityKR	false
70.181.229.167	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
145.243.97.219	unknown	Germany	8792	ASVNETDE	false
142.151.26.153	unknown	Canada	239	UTORONTO-ASCA	false
196.161.183.190	unknown	South Africa	328065	Vast-Networks-ASZA	false
175.137.214.129	unknown	Malaysia	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
40.55.196.195	unknown	United States	4249	LILLY-ASUS	false
117.238.129.132	unknown	India	9829	BSNL-NIBNationalInternetBackboneIN	false
146.137.69.139	unknown	United States	683	ARGONNE-ASUS	false
94.142.228.118	unknown	Sweden	48994	GLOBALWIRESE	false
58.84.60.174	unknown	India	134343	OMSAI-ASOmSaiEntertainmentIN	false
208.3.184.76	unknown	United States	1239	SPRINTLINKUS	false
255.113.239.159	unknown	Reserved	unknown	unknown	false
246.241.203.232	unknown	Reserved	unknown	unknown	false

Contacted Domains

Name	IP	Active
arcticboatz.cz	46.23.109.40	true

ID:	679614
Product:	CloudBasic
Start time:	06:20:08
Start date:	06.08.2022
Sample:	7TgP3VbC81
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	6b953ba2d7e62577777ffa13fda7672a
SHA1:	8b40a086aab5a866c9f003c9700cd24adb19d1c1
SHA256:	f1385883753c291d880e82d3abb6e91beaf067bc554da378e67a812fcd568b9e
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
7TgP3VbC81

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report 7TgP3VbC81

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
7TgP3VbC81