Linux Analysis Report
dNLKZA6IVs

Overview

General Information

Sample Name:	dNLKZA6IVs
Analysis ID:	679625
MD5:	407a38109a75cc3a5845952e359e2255
SHA1:	d75de51babdf08188f91d4e854160349e5c0185e
SHA256:	6874279cf48edce8cef28cce5c397462f5eadad07887dfabfb8caccf5899c436
Tags:	32armelfmirai
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: dNLKZA6IVs

Avira: detected

Multi AV Scanner detection for submitted file

Source: dNLKZA6IVs	Virustotal: Detection: 43%	Perma Link
Source: dNLKZA6IVs	Metadefender: Detection: 34%	Perma Link
Source: dNLKZA6IVs	ReversingLabs: Detection: 73%

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43848
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43854
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43864
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43892
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43900

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:52808 -> 105.110.101.85:7547
Source: global traffic	TCP traffic: 192.168.2.23:53436 -> 46.23.109.40:1312
Source: global traffic	TCP traffic: 192.168.2.23:41062 -> 160.177.155.129:7547

Sample listens on a socket

Source: /tmp/dNLKZA6IVs (PID: 6231)	Socket: 127.0.0.1::1312	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	Socket: 0.0.0.0::37215	Jump to behavior

Source: unknown

DNS traffic detected: queries for: arcticboatz.cz

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33186
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 202.183.87.80
Source: unknown	TCP traffic detected without corresponding DNS query: 36.42.218.83
Source: unknown	TCP traffic detected without corresponding DNS query: 194.196.235.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.73.112.158
Source: unknown	TCP traffic detected without corresponding DNS query: 150.164.107.187
Source: unknown	TCP traffic detected without corresponding DNS query: 216.199.69.80
Source: unknown	TCP traffic detected without corresponding DNS query: 173.207.17.142
Source: unknown	TCP traffic detected without corresponding DNS query: 213.127.78.7
Source: unknown	TCP traffic detected without corresponding DNS query: 203.182.69.185
Source: unknown	TCP traffic detected without corresponding DNS query: 205.173.56.210
Source: unknown	TCP traffic detected without corresponding DNS query: 85.228.242.238
Source: unknown	TCP traffic detected without corresponding DNS query: 1.74.17.104
Source: unknown	TCP traffic detected without corresponding DNS query: 249.5.201.220
Source: unknown	TCP traffic detected without corresponding DNS query: 177.139.176.115
Source: unknown	TCP traffic detected without corresponding DNS query: 124.42.216.148
Source: unknown	TCP traffic detected without corresponding DNS query: 58.28.185.231
Source: unknown	TCP traffic detected without corresponding DNS query: 106.155.249.145
Source: unknown	TCP traffic detected without corresponding DNS query: 158.216.238.194
Source: unknown	TCP traffic detected without corresponding DNS query: 250.119.196.96
Source: unknown	TCP traffic detected without corresponding DNS query: 141.250.43.84
Source: unknown	TCP traffic detected without corresponding DNS query: 198.17.151.16
Source: unknown	TCP traffic detected without corresponding DNS query: 125.125.170.224
Source: unknown	TCP traffic detected without corresponding DNS query: 136.235.223.149
Source: unknown	TCP traffic detected without corresponding DNS query: 160.227.81.22
Source: unknown	TCP traffic detected without corresponding DNS query: 156.87.251.190
Source: unknown	TCP traffic detected without corresponding DNS query: 87.127.18.159
Source: unknown	TCP traffic detected without corresponding DNS query: 35.49.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 255.92.209.243
Source: unknown	TCP traffic detected without corresponding DNS query: 192.232.208.136
Source: unknown	TCP traffic detected without corresponding DNS query: 31.100.170.253
Source: unknown	TCP traffic detected without corresponding DNS query: 185.17.188.238
Source: unknown	TCP traffic detected without corresponding DNS query: 89.194.161.18
Source: unknown	TCP traffic detected without corresponding DNS query: 86.246.249.152
Source: unknown	TCP traffic detected without corresponding DNS query: 164.133.121.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.156.255.156
Source: unknown	TCP traffic detected without corresponding DNS query: 153.12.230.92
Source: unknown	TCP traffic detected without corresponding DNS query: 5.41.66.217
Source: unknown	TCP traffic detected without corresponding DNS query: 211.27.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 155.33.13.129
Source: unknown	TCP traffic detected without corresponding DNS query: 243.162.254.159
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.213.235
Source: unknown	TCP traffic detected without corresponding DNS query: 240.121.246.82
Source: unknown	TCP traffic detected without corresponding DNS query: 196.137.131.205
Source: unknown	TCP traffic detected without corresponding DNS query: 246.162.150.3
Source: unknown	TCP traffic detected without corresponding DNS query: 151.130.194.29
Source: unknown	TCP traffic detected without corresponding DNS query: 207.80.114.120
Source: unknown	TCP traffic detected without corresponding DNS query: 17.254.113.95
Source: unknown	TCP traffic detected without corresponding DNS query: 78.160.7.163
Source: unknown	TCP traffic detected without corresponding DNS query: 90.27.52.240
Source: unknown	TCP traffic detected without corresponding DNS query: 42.119.61.176

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/dNLKZA6IVs (PID: 6242)

SIGKILL sent: pid: 936, result: successful

Jump to behavior

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Source: Initial sample	String containing 'busybox' found: /bin/busybox AK1K2
Source: Initial sample	String containing 'busybox' found: /bin/busybox cp /bin/busybox retrieve && >retrieve && /bin/busybox chmod 777 retrieve && /bin/busybox cp /bin/busybox .t && >.t && /bin/busybox chmod 777 .t
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo -en '%s' %s %s && /bin/busybox echo -en '\x45\x43\x48\x4f\x44\x4f\x4e\x45'
Source: Initial sample	String containing 'busybox' found: >%st && cd %s && >retrieve; >.t/bin/busybox cp /bin/busybox retrieve && >retrieve && /bin/busybox chmod 777 retrieve && /bin/busybox cp /bin/busybox .t && >.t && /bin/busybox chmod 777 .t
Source: Initial sample	String containing 'busybox' found: >>>/bin/busybox echo -en '%s' %s %s && /bin/busybox echo -en '\x45\x43\x48\x4f\x44\x4f\x4e\x45'

Source: classification engine

Classification label: mal76.troj.lin@0/0@46/0

Enumerates processes within the "proc" file system

Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/dNLKZA6IVs (PID: 6242)	File opened: /proc/904/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43848
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43854
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43864
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43892
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43900

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/dNLKZA6IVs (PID: 6231)

Queries kernel information via 'uname':

Jump to behavior

Source: dNLKZA6IVs, 6231.1.000055d649b2a000.000055d649c58000.rw-.sdmp, dNLKZA6IVs, 6329.1.000055d649b2a000.000055d649c58000.rw-.sdmp, dNLKZA6IVs, 6243.1.000055d649b2a000.000055d649c58000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: dNLKZA6IVs, 6231.1.00007ffce2172000.00007ffce2193000.rw-.sdmp, dNLKZA6IVs, 6329.1.00007ffce2172000.00007ffce2193000.rw-.sdmp, dNLKZA6IVs, 6243.1.00007ffce2172000.00007ffce2193000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/dNLKZA6IVsSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/dNLKZA6IVs
Source: dNLKZA6IVs, 6231.1.000055d649b2a000.000055d649c58000.rw-.sdmp, dNLKZA6IVs, 6329.1.000055d649b2a000.000055d649c58000.rw-.sdmp, dNLKZA6IVs, 6243.1.000055d649b2a000.000055d649c58000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: dNLKZA6IVs, 6231.1.00007ffce2172000.00007ffce2193000.rw-.sdmp, dNLKZA6IVs, 6329.1.00007ffce2172000.00007ffce2193000.rw-.sdmp, dNLKZA6IVs, 6243.1.00007ffce2172000.00007ffce2193000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: dNLKZA6IVs, type: SAMPLE
Source: Yara match	File source: 6329.1.00007f5c4c017000.00007f5c4c02e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6231.1.00007f5c4c017000.00007f5c4c02e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.00007f5c4c017000.00007f5c4c02e000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: dNLKZA6IVs, type: SAMPLE
Source: Yara match	File source: 6329.1.00007f5c4c017000.00007f5c4c02e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6231.1.00007f5c4c017000.00007f5c4c02e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.00007f5c4c017000.00007f5c4c02e000.r-x.sdmp, type: MEMORY

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
140.245.130.189	unknown	United States	22488	CENGAGE-NYALBUS	false
179.99.190.111	unknown	Brazil	27699	TELEFONICABRASILSABR	false
160.177.155.129	unknown	Morocco	36903	MT-MPLSMA	false
163.39.57.194	unknown	United States	1659	ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationC	false
252.34.227.164	unknown	Reserved	unknown	unknown	false
116.100.223.37	unknown	Viet Nam	24086	VIETTEL-AS-VNViettelCorporationVN	false
157.117.193.135	unknown	Japan	9605	DOCOMONTTDOCOMOINCJP	false
147.196.107.48	unknown	France	2527	SO-NETSo-netEntertainmentCorporationJP	false
115.21.18.96	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
71.56.55.19	unknown	United States	7922	COMCAST-7922US	false
187.188.56.79	unknown	Mexico	22884	TOTALPLAYTELECOMUNICACIONESSADECVMX	false
42.25.215.245	unknown	Korea Republic of	9644	SKTELECOM-NET-ASSKTelecomKR	false
104.156.153.64	unknown	United States	32391	SRCACCESSUS	false
95.106.170.150	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
84.35.150.57	unknown	Netherlands	21221	INFOPACT-ASTheNetherlandsNL	false
40.220.55.208	unknown	United States	4249	LILLY-ASUS	false
124.207.149.250	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
125.193.114.56	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
253.132.90.144	unknown	Reserved	unknown	unknown	false
41.97.15.205	unknown	Algeria	36947	ALGTEL-ASDZ	false
47.101.21.217	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
200.164.68.140	unknown	Brazil	7738	TelemarNorteLesteSABR	false
216.107.146.42	unknown	United States	20278	NEXEONUS	false
106.10.231.220	unknown	Singapore	56173	YAHOO-SG3internetcontentproviderSG	false
248.239.3.124	unknown	Reserved	unknown	unknown	false
206.176.20.180	unknown	United States	22851	NSU-SDUS	false
178.178.13.56	unknown	Russian Federation	25159	SONICDUO-ASRU	false
221.4.223.185	unknown	China	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
149.109.163.226	unknown	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
54.44.2.152	unknown	United States	14618	AMAZON-AESUS	false
62.78.181.0	unknown	Finland	16086	DNAFI	false
154.91.52.21	unknown	Seychelles	62468	VPSQUANUS	false
163.151.39.94	unknown	United States	36161	WESTCHESTERCOUNTY-NYUS	false
181.152.32.197	unknown	Colombia	26611	COMCELSACO	false
108.28.236.149	unknown	United States	701	UUNETUS	false
111.6.69.172	unknown	China	24445	CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN	false
78.93.243.132	unknown	Saudi Arabia	25233	AWALNET-ASNSA	false
60.87.12.18	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
119.107.244.169	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
18.163.241.145	unknown	United States	16509	AMAZON-02US	false
126.58.95.160	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
72.23.5.57	unknown	United States	27364	ACS-INTERNETUS	false
44.97.4.214	unknown	United States	7377	UCSDUS	false
45.244.146.89	unknown	Egypt	24863	LINKdotNET-ASEG	false
251.106.255.31	unknown	Reserved	unknown	unknown	false
65.67.37.241	unknown	United States	7018	ATT-INTERNET4US	false
253.194.92.93	unknown	Reserved	unknown	unknown	false
146.122.131.195	unknown	United States	22216	SIEMENS-PLMUS	false
193.89.106.134	unknown	Denmark	3292	TDCTDCASDK	false
23.54.60.124	unknown	United States	16625	AKAMAI-ASUS	false
27.193.150.188	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
200.246.226.12	unknown	Brazil	4230	CLAROSABR	false
187.123.171.57	unknown	Brazil	28573	CLAROSABR	false
81.221.46.157	unknown	Switzerland	1836	GREENgreenchAGAutonomousSystemEU	false
189.6.24.53	unknown	Brazil	28573	CLAROSABR	false
65.71.94.243	unknown	United States	7018	ATT-INTERNET4US	false
117.241.122.77	unknown	India	9829	BSNL-NIBNationalInternetBackboneIN	false
95.25.159.118	unknown	Russian Federation	3216	SOVAM-ASRU	false
36.228.128.198	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
158.193.226.165	unknown	Slovakia (SLOVAK Republic)	2607	SANETSlovakAcademicNetworkSK	false
12.122.193.204	unknown	United States	7018	ATT-INTERNET4US	false
92.29.42.240	unknown	United Kingdom	13285	OPALTELECOM-ASTalkTalkCommunicationsLimitedGB	false
2.46.240.136	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
124.20.249.100	unknown	China	7497	CSTNET-AS-APComputerNetworkInformationCenterCN	false
103.117.108.117	unknown	Bangladesh	137935	ILIS-AS-APILinkInternetServiceBD	false
36.73.61.185	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	false
80.178.27.50	unknown	Israel	9116	GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSyste	false
163.52.238.118	unknown	unknown	2516	KDDIKDDICORPORATIONJP	false
203.198.234.145	unknown	Hong Kong	4760	HKTIMS-APHKTLimitedHK	false
201.103.48.20	unknown	Mexico	8151	UninetSAdeCVMX	false
57.46.12.214	unknown	Belgium	2686	ATGS-MMD-ASUS	false
36.70.155.73	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	false
78.200.186.78	unknown	France	12322	PROXADFR	false
162.5.107.138	unknown	United States	33348	PIERCE-COUNTYUS	false
20.35.186.177	unknown	United States	8070	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
178.122.24.177	unknown	Belarus	6697	BELPAK-ASBELPAKBY	false
162.97.87.246	unknown	United States	3356	LEVEL3US	false
41.145.10.73	unknown	South Africa	5713	SAIX-NETZA	false
155.244.147.141	unknown	United States	668	DNIC-AS-00668US	false
87.122.200.234	unknown	Germany	8881	VERSATELDE	false
121.17.44.98	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
136.104.45.67	unknown	United States	60311	ONEFMCH	false
242.147.54.104	unknown	Reserved	unknown	unknown	false
211.173.176.209	unknown	Korea Republic of	18313	PCN-AS-KRLGHelloVisionCorpKR	false
101.8.76.224	unknown	Taiwan; Republic of China (ROC)	701	UUNETUS	false
112.12.163.146	unknown	China	56041	CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationC	false
104.33.227.124	unknown	United States	20001	TWC-20001-PACWESTUS	false
17.205.243.220	unknown	United States	714	APPLE-ENGINEERINGUS	false
181.12.5.240	unknown	Argentina	7303	TelecomArgentinaSAAR	false
101.174.190.113	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
57.238.159.174	unknown	Belgium	2686	ATGS-MMD-ASUS	false
17.132.134.142	unknown	United States	714	APPLE-ENGINEERINGUS	false
120.171.58.235	unknown	Indonesia	4761	INDOSAT-INP-APINDOSATInternetNetworkProviderID	false
124.115.165.91	unknown	China	4835	CHINANET-IDC-SNChinaTelecomGroupCN	false
178.107.239.74	unknown	United Kingdom	12576	EELtdGB	false
37.182.243.58	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
209.79.27.199	unknown	United States	32492	DANAUS	false
74.11.108.131	unknown	United States	7029	WINDSTREAMUS	false
37.113.150.151	unknown	Russian Federation	41661	ERTH-CHEL-ASRU	false
90.152.66.151	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false

Contacted Domains

Name	IP	Active
arcticboatz.cz	46.23.109.40	true

ID:	679625
Product:	CloudBasic
Start time:	07:00:30
Start date:	06.08.2022
Sample:	dNLKZA6IVs
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	407a38109a75cc3a5845952e359e2255
SHA1:	d75de51babdf08188f91d4e854160349e5c0185e
SHA256:	6874279cf48edce8cef28cce5c397462f5eadad07887dfabfb8caccf5899c436
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
dNLKZA6IVs

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report dNLKZA6IVs

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
dNLKZA6IVs