Edit tour
Linux
Analysis Report
35JTigDQD0.elf
Overview
General Information
Sample Name: | 35JTigDQD0.elf |
Analysis ID: | 755694 |
MD5: | 0fbe8cba363d1ca3de62343266244286 |
SHA1: | d2ce4c0b48b3075ad04370b9639a6f6ce2a1d20c |
SHA256: | 95374214630d9aa7c9d8dccb051df549cc1c7dbc21dda9285857344064012e4e |
Tags: | 32elfmipsmirai |
Infos: |
Detection
Mirai
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures. |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 755694 |
Start date and time: | 2022-11-29 02:20:00 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 35JTigDQD0.elf |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal80.troj.evad.linELF@0/0@0/0 |
- Report size exceeded maximum capacity and may have missing network information.
- TCP Packets have been reduced to 100
Command: | /tmp/35JTigDQD0.elf |
PID: | 6234 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Connected To CNC |
Standard Error: |
- system is lnxubuntu20
- 35JTigDQD0.elf New Fork (PID: 6236, Parent: 6234)
- 35JTigDQD0.elf New Fork (PID: 6237, Parent: 6234)
- 35JTigDQD0.elf New Fork (PID: 6239, Parent: 6234)
- 35JTigDQD0.elf New Fork (PID: 6242, Parent: 6239)
- 35JTigDQD0.elf New Fork (PID: 6243, Parent: 6239)
- 35JTigDQD0.elf New Fork (PID: 6246, Parent: 6239)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth |
| |
SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth |
| |
MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth |
| |
JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | ||
SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth |
| |
Click to see the 7 entries |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Program segment: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 Obfuscated Files or Information | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
56% | ReversingLabs | Linux.Trojan.Mirai | ||
40% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
170.174.163.163 | unknown | United States | 11685 | HNBCOL-ASUS | false | |
254.43.117.149 | unknown | Reserved | unknown | unknown | false | |
40.61.112.220 | unknown | United States | 4249 | LILLY-ASUS | false | |
136.62.37.196 | unknown | United States | 16591 | GOOGLE-FIBERUS | false | |
194.94.41.5 | unknown | Germany | 680 | DFNVereinzurFoerderungeinesDeutschenForschungsnetzese | false | |
141.100.144.49 | unknown | Germany | 8365 | MANDADE | false | |
167.198.101.64 | unknown | United States | 2897 | GEORGIA-1US | false | |
108.67.11.101 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
190.111.223.209 | unknown | Argentina | 11014 | CPSAR | false | |
143.255.60.209 | unknown | Brazil | 263037 | SULNETTELECOMBR | false | |
167.29.26.152 | unknown | United States | 14303 | MEMASN1US | false | |
94.45.41.9 | unknown | Ukraine | 15683 | DOMASHKA-ASUA | false | |
254.106.131.1 | unknown | Reserved | unknown | unknown | false | |
242.31.147.10 | unknown | Reserved | unknown | unknown | false | |
119.159.60.13 | unknown | Pakistan | 45595 | PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPK | false | |
248.146.211.203 | unknown | Reserved | unknown | unknown | false | |
113.131.9.39 | unknown | Korea Republic of | 9697 | CJHAEUNDAEGIJANG-AS-KRLGHelloVisionCorpKR | false | |
192.228.202.25 | unknown | Malaysia | 9930 | TTNET-MYTIMEdotComBerhadMY | false | |
202.77.6.210 | unknown | Hong Kong | 9269 | HKBN-AS-APHongKongBroadbandNetworkLtdHK | false | |
65.49.157.64 | unknown | Canada | 25914 | QCC-ASCA | false | |
161.2.87.169 | unknown | United Kingdom | 15914 | BritishAirwaysGB | false | |
169.113.31.171 | unknown | United States | 37611 | AfrihostZA | false | |
187.94.22.177 | unknown | Brazil | 53075 | HolisticaProvedorInternetLtdaBR | false | |
89.18.129.68 | unknown | Russian Federation | 15930 | WIPLINE-ASRU | false | |
125.138.193.77 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
151.226.23.42 | unknown | United Kingdom | 5607 | BSKYB-BROADBAND-ASGB | false | |
243.74.28.29 | unknown | Reserved | unknown | unknown | false | |
119.35.38.56 | unknown | China | 17622 | CNCGROUP-GZChinaUnicomGuangzhounetworkCN | false | |
86.116.2.210 | unknown | Switzerland | 9142 | CommercialISPGB | false | |
4.195.92.116 | unknown | United States | 3356 | LEVEL3US | false | |
146.85.165.64 | unknown | United States | 600 | OARNET-ASUS | false | |
221.4.223.179 | unknown | China | 17816 | CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi | false | |
178.97.170.185 | unknown | United Kingdom | 12576 | EELtdGB | false | |
170.112.93.142 | unknown | United States | 22347 | DORSEY-WHITNEYUS | false | |
222.248.17.233 | unknown | China | 17962 | TOPWAY-NETShenZhenTopwayVideoCommunicationCoLtdCN | false | |
48.110.84.154 | unknown | United States | 2686 | ATGS-MMD-ASUS | false | |
175.76.230.218 | unknown | China | 9394 | CTTNETChinaTieTongTelecommunicationsCorporationCN | false | |
84.121.185.116 | unknown | Spain | 12357 | COMUNITELSPAINES | false | |
133.187.177.84 | unknown | Japan | 2907 | SINET-ASResearchOrganizationofInformationandSystemsN | false | |
82.158.45.235 | unknown | Spain | 12357 | COMUNITELSPAINES | false | |
89.121.132.176 | unknown | Romania | 9050 | RTDBucharestRomaniaRO | false | |
135.173.127.135 | unknown | United States | 14962 | NCR-252US | false | |
141.61.212.240 | unknown | Germany | 680 | DFNVereinzurFoerderungeinesDeutschenForschungsnetzese | false | |
244.67.149.101 | unknown | Reserved | unknown | unknown | false | |
221.108.95.164 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
80.147.6.205 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
123.50.17.4 | unknown | Japan | 10013 | FBDCFreeBitCoLtdJP | false | |
102.6.205.106 | unknown | unknown | 36926 | CKL1-ASNKE | false | |
87.151.1.59 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
249.158.5.25 | unknown | Reserved | unknown | unknown | false | |
161.172.49.114 | unknown | United States | 10695 | WAL-MARTUS | false | |
153.49.4.172 | unknown | United States | 1226 | CTA-42-AS1226US | false | |
178.213.15.5 | unknown | Russian Federation | 51507 | ASINTELLEKTRU | false | |
78.128.33.110 | unknown | Bulgaria | 60656 | BOLBGIZTOKBG | false | |
99.23.87.116 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
149.235.72.192 | unknown | United Kingdom | 203160 | OPENTEXT-AS-EUFR | false | |
84.220.45.203 | unknown | Italy | 8612 | TISCALI-IT | false | |
163.54.154.32 | unknown | Japan | 2907 | SINET-ASResearchOrganizationofInformationandSystemsN | false | |
105.183.106.124 | unknown | Egypt | 37069 | MOBINILEG | false | |
219.49.231.14 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
171.198.43.91 | unknown | United States | 10794 | BANKAMERICAUS | false | |
96.168.64.208 | unknown | United States | 7922 | COMCAST-7922US | false | |
162.19.169.153 | unknown | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false | |
177.224.246.15 | unknown | Mexico | 13999 | MegaCableSAdeCVMX | false | |
120.168.146.169 | unknown | Indonesia | 4761 | INDOSAT-INP-APINDOSATInternetNetworkProviderID | false | |
242.72.150.182 | unknown | Reserved | unknown | unknown | false | |
149.56.12.10 | unknown | Canada | 16276 | OVHFR | false | |
79.247.204.124 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
176.68.36.207 | unknown | Sweden | 1257 | TELE2EU | false | |
59.235.240.237 | unknown | China | 2516 | KDDIKDDICORPORATIONJP | false | |
240.47.4.214 | unknown | Reserved | unknown | unknown | false | |
151.228.111.187 | unknown | United Kingdom | 5607 | BSKYB-BROADBAND-ASGB | false | |
93.29.76.255 | unknown | France | 15557 | LDCOMNETFR | false | |
249.133.49.164 | unknown | Reserved | unknown | unknown | false | |
250.149.150.17 | unknown | Reserved | unknown | unknown | false | |
201.78.56.2 | unknown | Brazil | 7738 | TelemarNorteLesteSABR | false | |
37.165.124.199 | unknown | France | 51207 | FREEMFR | false | |
66.18.178.165 | unknown | United States | 16564 | ADAMS-WELLS-INTERNETUS | false | |
251.71.27.209 | unknown | Reserved | unknown | unknown | false | |
179.30.41.192 | unknown | Uruguay | 6057 | AdministracionNacionaldeTelecomunicacionesUY | false | |
218.142.4.248 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
175.229.12.155 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
150.217.3.101 | unknown | Italy | 137 | ASGARRConsortiumGARREU | false | |
73.60.221.30 | unknown | United States | 7922 | COMCAST-7922US | false | |
72.215.249.211 | unknown | United States | 22773 | ASN-CXA-ALL-CCI-22773-RDCUS | false | |
95.241.184.169 | unknown | Italy | 3269 | ASN-IBSNAZIT | false | |
95.77.122.224 | unknown | Romania | 6830 | LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding | false | |
82.142.5.104 | unknown | France | 12322 | PROXADFR | false | |
120.140.169.0 | unknown | Malaysia | 45177 | DEVOLI-AS-APDevoliNZ | false | |
198.116.123.219 | unknown | United States | 297 | AS297US | false | |
41.206.119.139 | unknown | Mauritius | 37100 | SEACOM-ASMU | false | |
112.172.186.199 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
199.28.143.137 | unknown | United States | 3379 | KAISER-NCALUS | false | |
240.34.37.251 | unknown | Reserved | unknown | unknown | false | |
117.5.136.97 | unknown | Viet Nam | 7552 | VIETEL-AS-APViettelGroupVN | false | |
53.118.153.234 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
120.188.79.191 | unknown | Indonesia | 4761 | INDOSAT-INP-APINDOSATInternetNetworkProviderID | false | |
68.164.148.178 | unknown | United States | 18566 | MEGAPATH5-US | false | |
168.82.87.213 | unknown | United States | 8103 | STATE-OF-FLAUS | false | |
4.34.175.202 | unknown | United States | 3356 | LEVEL3US | false |
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.899963172523559 |
TrID: |
|
File name: | 35JTigDQD0.elf |
File size: | 30324 |
MD5: | 0fbe8cba363d1ca3de62343266244286 |
SHA1: | d2ce4c0b48b3075ad04370b9639a6f6ce2a1d20c |
SHA256: | 95374214630d9aa7c9d8dccb051df549cc1c7dbc21dda9285857344064012e4e |
SHA512: | 139a29ed8475f877de14014f1ff383903732933af51698b10c5ebc635b03fb73133ff1634cd371d461d0f3dc6bad2737e9f86862b0989eaa5ff9556ec291c00a |
SSDEEP: | 768:D1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KN0+YZ4JbKWUT:DbDs06t4BEub4sU/MbUHYZ4+T |
TLSH: | ADD2E01CD94C7905C7AD3EB950DE55F6398C70C0A35DEA8E17268448FA2BA8BBC0B0F4 |
File Content Preview: | .ELF.....................b..4...........4. ...(.....................Mu..Mu...............[...[E..[E.................u...UPX!d........Z...Z......S..........?.E.h;....#......b.L#8....&C........}+..ze.aw....2"ds...:.Z...;.g...l.D.....t6/..N.."^.............+ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x100000 | 0x100000 | 0x754d | 0x754d | 7.9036 | 0x5 | R E | 0x10000 | ||
LOAD | 0x5b00 | 0x455b00 | 0x455b00 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2022 02:20:45.945386887 CET | 51412 | 1312 | 192.168.2.23 | 84.21.172.198 |
Nov 29, 2022 02:20:45.957595110 CET | 51562 | 23 | 192.168.2.23 | 34.176.109.115 |
Nov 29, 2022 02:20:45.957839012 CET | 51562 | 23 | 192.168.2.23 | 47.95.37.115 |
Nov 29, 2022 02:20:45.957889080 CET | 51562 | 23 | 192.168.2.23 | 106.28.157.36 |
Nov 29, 2022 02:20:45.957982063 CET | 51562 | 23 | 192.168.2.23 | 193.128.69.135 |
Nov 29, 2022 02:20:45.958058119 CET | 51562 | 23 | 192.168.2.23 | 188.171.121.112 |
Nov 29, 2022 02:20:45.958061934 CET | 51562 | 23 | 192.168.2.23 | 47.197.229.93 |
Nov 29, 2022 02:20:45.958070040 CET | 51562 | 23 | 192.168.2.23 | 68.154.51.71 |
Nov 29, 2022 02:20:45.958177090 CET | 51562 | 23 | 192.168.2.23 | 139.27.37.191 |
Nov 29, 2022 02:20:45.958185911 CET | 51562 | 23 | 192.168.2.23 | 141.28.148.86 |
Nov 29, 2022 02:20:45.958211899 CET | 51562 | 23 | 192.168.2.23 | 8.110.185.28 |
Nov 29, 2022 02:20:45.958235979 CET | 51562 | 23 | 192.168.2.23 | 70.117.179.100 |
Nov 29, 2022 02:20:45.958235979 CET | 51562 | 23 | 192.168.2.23 | 174.183.250.153 |
Nov 29, 2022 02:20:45.958264112 CET | 51562 | 23 | 192.168.2.23 | 67.126.232.20 |
Nov 29, 2022 02:20:45.958303928 CET | 51562 | 23 | 192.168.2.23 | 254.93.135.244 |
Nov 29, 2022 02:20:45.958313942 CET | 51562 | 23 | 192.168.2.23 | 5.46.95.207 |
Nov 29, 2022 02:20:45.958333969 CET | 51562 | 23 | 192.168.2.23 | 35.195.47.216 |
Nov 29, 2022 02:20:45.958357096 CET | 51562 | 23 | 192.168.2.23 | 125.116.83.39 |
Nov 29, 2022 02:20:45.958357096 CET | 51562 | 23 | 192.168.2.23 | 246.50.49.223 |
Nov 29, 2022 02:20:45.958365917 CET | 51562 | 23 | 192.168.2.23 | 109.133.122.164 |
Nov 29, 2022 02:20:45.958389044 CET | 51562 | 23 | 192.168.2.23 | 201.143.221.133 |
Nov 29, 2022 02:20:45.958448887 CET | 51562 | 23 | 192.168.2.23 | 165.90.28.228 |
Nov 29, 2022 02:20:45.958448887 CET | 51562 | 23 | 192.168.2.23 | 128.254.49.90 |
Nov 29, 2022 02:20:45.958565950 CET | 51562 | 23 | 192.168.2.23 | 159.12.116.240 |
Nov 29, 2022 02:20:45.958574057 CET | 51562 | 23 | 192.168.2.23 | 216.142.186.206 |
Nov 29, 2022 02:20:45.958595037 CET | 51562 | 23 | 192.168.2.23 | 72.1.142.217 |
Nov 29, 2022 02:20:45.958606005 CET | 51562 | 23 | 192.168.2.23 | 57.76.71.8 |
Nov 29, 2022 02:20:45.958719015 CET | 51562 | 23 | 192.168.2.23 | 162.178.70.236 |
Nov 29, 2022 02:20:45.958731890 CET | 51562 | 23 | 192.168.2.23 | 75.209.56.66 |
Nov 29, 2022 02:20:45.958731890 CET | 51562 | 23 | 192.168.2.23 | 125.96.89.18 |
Nov 29, 2022 02:20:45.958734035 CET | 51562 | 23 | 192.168.2.23 | 211.127.191.133 |
Nov 29, 2022 02:20:45.958781004 CET | 51562 | 23 | 192.168.2.23 | 172.106.13.152 |
Nov 29, 2022 02:20:45.958856106 CET | 51562 | 23 | 192.168.2.23 | 107.88.70.173 |
Nov 29, 2022 02:20:45.958862066 CET | 51562 | 23 | 192.168.2.23 | 101.75.138.233 |
Nov 29, 2022 02:20:45.958865881 CET | 51562 | 23 | 192.168.2.23 | 171.148.45.46 |
Nov 29, 2022 02:20:45.958880901 CET | 51562 | 23 | 192.168.2.23 | 250.76.192.64 |
Nov 29, 2022 02:20:45.958893061 CET | 51562 | 23 | 192.168.2.23 | 12.86.204.11 |
Nov 29, 2022 02:20:45.958945990 CET | 51562 | 23 | 192.168.2.23 | 103.244.134.156 |
Nov 29, 2022 02:20:45.958945990 CET | 51562 | 23 | 192.168.2.23 | 197.0.21.59 |
Nov 29, 2022 02:20:45.958950996 CET | 51562 | 23 | 192.168.2.23 | 125.72.101.39 |
Nov 29, 2022 02:20:45.958966017 CET | 51562 | 23 | 192.168.2.23 | 196.230.225.168 |
Nov 29, 2022 02:20:45.958966017 CET | 51562 | 23 | 192.168.2.23 | 76.255.64.105 |
Nov 29, 2022 02:20:45.958966017 CET | 51562 | 23 | 192.168.2.23 | 121.151.238.119 |
Nov 29, 2022 02:20:45.959009886 CET | 51562 | 23 | 192.168.2.23 | 116.142.203.156 |
Nov 29, 2022 02:20:45.959058046 CET | 51562 | 23 | 192.168.2.23 | 198.138.187.17 |
Nov 29, 2022 02:20:45.959110022 CET | 51562 | 23 | 192.168.2.23 | 5.1.132.176 |
Nov 29, 2022 02:20:45.959115982 CET | 51562 | 23 | 192.168.2.23 | 23.180.244.14 |
Nov 29, 2022 02:20:45.959129095 CET | 51562 | 23 | 192.168.2.23 | 166.199.132.180 |
Nov 29, 2022 02:20:45.959180117 CET | 51562 | 23 | 192.168.2.23 | 144.50.173.123 |
Nov 29, 2022 02:20:45.959187031 CET | 51562 | 23 | 192.168.2.23 | 19.130.192.90 |
Nov 29, 2022 02:20:45.959213972 CET | 51562 | 23 | 192.168.2.23 | 244.241.220.42 |
Nov 29, 2022 02:20:45.959214926 CET | 51562 | 23 | 192.168.2.23 | 246.186.161.135 |
Nov 29, 2022 02:20:45.959213972 CET | 51562 | 23 | 192.168.2.23 | 139.185.228.60 |
Nov 29, 2022 02:20:45.959233046 CET | 51562 | 23 | 192.168.2.23 | 34.39.221.213 |
Nov 29, 2022 02:20:45.959259987 CET | 51562 | 23 | 192.168.2.23 | 66.227.212.66 |
Nov 29, 2022 02:20:45.959266901 CET | 51562 | 23 | 192.168.2.23 | 83.26.249.43 |
Nov 29, 2022 02:20:45.959280014 CET | 51562 | 23 | 192.168.2.23 | 221.87.46.225 |
Nov 29, 2022 02:20:45.959290981 CET | 51562 | 23 | 192.168.2.23 | 89.90.131.27 |
Nov 29, 2022 02:20:45.959333897 CET | 51562 | 23 | 192.168.2.23 | 168.247.117.0 |
Nov 29, 2022 02:20:45.959342003 CET | 51562 | 23 | 192.168.2.23 | 255.189.17.197 |
Nov 29, 2022 02:20:45.959348917 CET | 51562 | 23 | 192.168.2.23 | 42.171.156.68 |
Nov 29, 2022 02:20:45.959397078 CET | 51562 | 23 | 192.168.2.23 | 240.219.28.208 |
Nov 29, 2022 02:20:45.959397078 CET | 51562 | 23 | 192.168.2.23 | 18.245.134.45 |
Nov 29, 2022 02:20:45.959419012 CET | 51562 | 23 | 192.168.2.23 | 180.207.132.36 |
Nov 29, 2022 02:20:45.959462881 CET | 51562 | 23 | 192.168.2.23 | 104.137.89.115 |
Nov 29, 2022 02:20:45.959497929 CET | 51562 | 23 | 192.168.2.23 | 98.158.54.233 |
Nov 29, 2022 02:20:45.959506035 CET | 51562 | 23 | 192.168.2.23 | 76.14.136.81 |
Nov 29, 2022 02:20:45.959506035 CET | 51562 | 23 | 192.168.2.23 | 223.243.197.1 |
Nov 29, 2022 02:20:45.959547043 CET | 51562 | 23 | 192.168.2.23 | 154.50.251.97 |
Nov 29, 2022 02:20:45.959582090 CET | 51562 | 23 | 192.168.2.23 | 84.129.94.134 |
Nov 29, 2022 02:20:45.959582090 CET | 51562 | 23 | 192.168.2.23 | 195.26.112.164 |
Nov 29, 2022 02:20:45.959584951 CET | 51562 | 23 | 192.168.2.23 | 169.219.156.134 |
Nov 29, 2022 02:20:45.959604025 CET | 51562 | 23 | 192.168.2.23 | 253.153.227.144 |
Nov 29, 2022 02:20:45.959707022 CET | 51562 | 23 | 192.168.2.23 | 125.55.31.168 |
Nov 29, 2022 02:20:45.963628054 CET | 51562 | 23 | 192.168.2.23 | 19.43.221.137 |
Nov 29, 2022 02:20:45.963686943 CET | 51562 | 23 | 192.168.2.23 | 176.164.218.53 |
Nov 29, 2022 02:20:45.963686943 CET | 51562 | 23 | 192.168.2.23 | 218.232.106.54 |
Nov 29, 2022 02:20:45.963726044 CET | 51562 | 23 | 192.168.2.23 | 130.21.203.76 |
Nov 29, 2022 02:20:45.963735104 CET | 51562 | 23 | 192.168.2.23 | 71.162.132.5 |
Nov 29, 2022 02:20:45.964310884 CET | 51562 | 23 | 192.168.2.23 | 183.114.245.27 |
Nov 29, 2022 02:20:45.964330912 CET | 51562 | 23 | 192.168.2.23 | 174.79.231.13 |
Nov 29, 2022 02:20:45.964376926 CET | 51562 | 23 | 192.168.2.23 | 246.230.124.56 |
Nov 29, 2022 02:20:45.964430094 CET | 51562 | 23 | 192.168.2.23 | 97.147.78.84 |
Nov 29, 2022 02:20:45.964437962 CET | 51562 | 23 | 192.168.2.23 | 42.57.114.18 |
Nov 29, 2022 02:20:45.964437962 CET | 51562 | 23 | 192.168.2.23 | 96.141.149.157 |
Nov 29, 2022 02:20:45.964452982 CET | 51562 | 23 | 192.168.2.23 | 212.207.252.25 |
Nov 29, 2022 02:20:45.964457035 CET | 51562 | 23 | 192.168.2.23 | 70.46.154.232 |
Nov 29, 2022 02:20:45.964457035 CET | 51562 | 23 | 192.168.2.23 | 85.112.68.175 |
Nov 29, 2022 02:20:45.964463949 CET | 51562 | 23 | 192.168.2.23 | 71.57.106.12 |
Nov 29, 2022 02:20:45.964498997 CET | 51562 | 23 | 192.168.2.23 | 164.29.91.134 |
Nov 29, 2022 02:20:45.964510918 CET | 51562 | 23 | 192.168.2.23 | 72.117.185.90 |
Nov 29, 2022 02:20:45.964627028 CET | 51562 | 23 | 192.168.2.23 | 31.15.192.74 |
Nov 29, 2022 02:20:45.964678049 CET | 51562 | 23 | 192.168.2.23 | 88.42.128.250 |
Nov 29, 2022 02:20:45.964695930 CET | 51562 | 23 | 192.168.2.23 | 36.233.58.224 |
Nov 29, 2022 02:20:45.964840889 CET | 51562 | 23 | 192.168.2.23 | 219.48.105.230 |
Nov 29, 2022 02:20:45.964843988 CET | 51562 | 23 | 192.168.2.23 | 242.222.173.127 |
Nov 29, 2022 02:20:45.964844942 CET | 51562 | 23 | 192.168.2.23 | 210.45.232.201 |
Nov 29, 2022 02:20:45.964843988 CET | 51562 | 23 | 192.168.2.23 | 213.182.180.17 |
Nov 29, 2022 02:20:45.964844942 CET | 51562 | 23 | 192.168.2.23 | 211.158.171.1 |
Nov 29, 2022 02:20:45.964869976 CET | 51562 | 23 | 192.168.2.23 | 148.255.96.96 |
System Behavior
Start time: | 02:20:44 |
Start date: | 29/11/2022 |
Path: | /tmp/35JTigDQD0.elf |
Arguments: | /tmp/35JTigDQD0.elf |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 02:20:44 |
Start date: | 29/11/2022 |
Path: | /tmp/35JTigDQD0.elf |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 02:20:44 |
Start date: | 29/11/2022 |
Path: | /tmp/35JTigDQD0.elf |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 02:20:44 |
Start date: | 29/11/2022 |
Path: | /tmp/35JTigDQD0.elf |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 02:20:44 |
Start date: | 29/11/2022 |
Path: | /tmp/35JTigDQD0.elf |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 02:20:44 |
Start date: | 29/11/2022 |
Path: | /tmp/35JTigDQD0.elf |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 02:20:44 |
Start date: | 29/11/2022 |
Path: | /tmp/35JTigDQD0.elf |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |