Edit tour

Linux Analysis Report
a0dSUrhKjF.elf

Overview

General Information

Sample Name:	a0dSUrhKjF.elf
Analysis ID:	756329
MD5:	c4ca25d9fd71ba88047def343d3a2799
SHA1:	11fa564755da7c9b8127316d579b1dc890b22433
SHA256:	14fe02e2d1524fc31ed04bf9c4deb14432ad1adb9c934561f832618eec09aa04
Tags:	32elfgafgytmips
Infos:

Detection

Mirai

Score:	80
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Contains symbols with names commonly found in malware

Opens /proc/net/* files useful for finding connected devices and routers

Yara signature match

Sample contains strings that are user agent strings indicative of HTTP manipulation

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	756329
Start date and time:	2022-11-30 01:35:50 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	a0dSUrhKjF.elf
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal80.spre.troj.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/a0dSUrhKjF.elf
PID:	6228
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

system is lnxubuntu20

a0dSUrhKjF.elf (PID: 6228, Parent: 6124, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/a0dSUrhKjF.elf

a0dSUrhKjF.elf New Fork (PID: 6230, Parent: 6228)

a0dSUrhKjF.elf New Fork (PID: 6231, Parent: 6228)

a0dSUrhKjF.elf New Fork (PID: 6234, Parent: 6231)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
a0dSUrhKjF.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
a0dSUrhKjF.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x19bb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19ca0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
6228.1.00007fb298400000.00007fb29841e000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6228.1.00007fb298400000.00007fb29841e000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x19bb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19ca0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6230.1.00007fb298400000.00007fb29841e000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6230.1.00007fb298400000.00007fb29841e000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x19bb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19ca0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6231.1.00007fb298400000.00007fb29841e000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6231.1.00007fb298400000.00007fb29841e000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x19bb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19ca0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: a0dSUrhKjF.elf PID: 6228	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1c61:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c75:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c89:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cb1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cc5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cd9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ced:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d01:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d15:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d29:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d3d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d51:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d65:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d79:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d8d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1da1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1db5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1dc9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ddd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1df1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: a0dSUrhKjF.elf PID: 6230	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x209f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2103:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2117:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x212b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x213f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2153:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2167:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x217b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x218f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21a3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21b7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21cb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21df:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21f3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2207:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x221b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x222f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: a0dSUrhKjF.elf PID: 6231	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x5fbb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5fcf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5fe3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5ff7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x600b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x601f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6033:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6047:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x605b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x606f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6083:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6097:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x610f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6123:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6137:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x614b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 4 entries

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: a0dSUrhKjF.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: a0dSUrhKjF.elf	ReversingLabs: Detection: 69%
Source: a0dSUrhKjF.elf	Virustotal: Detection: 65%			Perma Link

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/a0dSUrhKjF.elf (PID: 6228)

Opens: /proc/net/route

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic

TCP traffic: 192.168.2.23:38500 -> 47.87.197.232:576

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232

System Summary

Malicious sample detected (through community Yara rule)

Source: a0dSUrhKjF.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6228.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6230.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6231.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: a0dSUrhKjF.elf PID: 6228, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: a0dSUrhKjF.elf PID: 6230, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: a0dSUrhKjF.elf PID: 6231, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample

Name: vseattack

Source: a0dSUrhKjF.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6228.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6230.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6231.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: a0dSUrhKjF.elf PID: 6228, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: a0dSUrhKjF.elf PID: 6230, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: a0dSUrhKjF.elf PID: 6231, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal80.spre.troj.linELF@0/0@0/0

Source: a0dSUrhKjF.elf	ELF static info symbol of initial sample: libc/string/mips/memcpy.S
Source: a0dSUrhKjF.elf	ELF static info symbol of initial sample: libc/string/mips/memset.S
Source: a0dSUrhKjF.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crt1.S
Source: a0dSUrhKjF.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crti.S
Source: a0dSUrhKjF.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crtn.S
Source: a0dSUrhKjF.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/pipe.S

Source: /tmp/a0dSUrhKjF.elf (PID: 6228)

Queries kernel information via 'uname':

Jump to behavior

Source: a0dSUrhKjF.elf, 6228.1.0000562fabd7f000.0000562fabe06000.rw-.sdmp, a0dSUrhKjF.elf, 6230.1.0000562fabd7f000.0000562fabe06000.rw-.sdmp, a0dSUrhKjF.elf, 6231.1.0000562fabd7f000.0000562fabe06000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: a0dSUrhKjF.elf, 6228.1.00007ffd122ff000.00007ffd12320000.rw-.sdmp, a0dSUrhKjF.elf, 6230.1.00007ffd122ff000.00007ffd12320000.rw-.sdmp, a0dSUrhKjF.elf, 6231.1.00007ffd122ff000.00007ffd12320000.rw-.sdmp	Binary or memory string: Lx86_64/usr/bin/qemu-mipsel/tmp/a0dSUrhKjF.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/a0dSUrhKjF.elf
Source: a0dSUrhKjF.elf, 6228.1.0000562fabd7f000.0000562fabe06000.rw-.sdmp, a0dSUrhKjF.elf, 6230.1.0000562fabd7f000.0000562fabe06000.rw-.sdmp, a0dSUrhKjF.elf, 6231.1.0000562fabd7f000.0000562fabe06000.rw-.sdmp	Binary or memory string: /V!/etc/qemu-binfmt/mipsel
Source: a0dSUrhKjF.elf, 6228.1.00007ffd122ff000.00007ffd12320000.rw-.sdmp, a0dSUrhKjF.elf, 6230.1.00007ffd122ff000.00007ffd12320000.rw-.sdmp, a0dSUrhKjF.elf, 6231.1.00007ffd122ff000.00007ffd12320000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: a0dSUrhKjF.elf, type: SAMPLE
Source: Yara match	File source: 6228.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6230.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6231.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY

Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Source: Initial sample	User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: a0dSUrhKjF.elf, type: SAMPLE
Source: Yara match	File source: 6228.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6230.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6231.1.00007fb298400000.00007fb29841e000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 Remote System Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
a0dSUrhKjF.elf	69%	ReversingLabs	Linux.Trojan.Gafgyt
a0dSUrhKjF.elf	65%	Virustotal		Browse
a0dSUrhKjF.elf	100%	Avira	LINUX/Mirai.Gafgyt.

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
47.87.197.232	unknown	United States	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
47.87.197.232	POF7B6Kfw5.elf	Get hash	malicious	Browse
	6d0aJaGK7S.elf	Get hash	malicious	Browse
	Kxc3PFrEoj.elf	Get hash	malicious	Browse
	yB9hLLnhbx.elf	Get hash	malicious	Browse
	yS7c2Bzlu2.elf	Get hash	malicious	Browse
	p0hr6mFo4a.elf	Get hash	malicious	Browse
109.202.202.202	POF7B6Kfw5.elf	Get hash	malicious	Browse
	6d0aJaGK7S.elf	Get hash	malicious	Browse
	Kxc3PFrEoj.elf	Get hash	malicious	Browse
	yB9hLLnhbx.elf	Get hash	malicious	Browse
	yS7c2Bzlu2.elf	Get hash	malicious	Browse
	p0hr6mFo4a.elf	Get hash	malicious	Browse
	portainer	Get hash	malicious	Browse
	l.out.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse
	8LzAAQOA5F.elf	Get hash	malicious	Browse
	GzQ3LRVbSB.elf	Get hash	malicious	Browse
	QIsLuTv1ka.elf	Get hash	malicious	Browse
	FIieajcRYe.elf	Get hash	malicious	Browse
	o9epZmdr6x.elf	Get hash	malicious	Browse
	auD8Kknsmc.elf	Get hash	malicious	Browse
	7Cz3REBlrI.elf	Get hash	malicious	Browse
	R2YElGmM5e.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse
91.189.91.43	POF7B6Kfw5.elf	Get hash	malicious	Browse
	6d0aJaGK7S.elf	Get hash	malicious	Browse
	Kxc3PFrEoj.elf	Get hash	malicious	Browse
	yB9hLLnhbx.elf	Get hash	malicious	Browse
	yS7c2Bzlu2.elf	Get hash	malicious	Browse
	p0hr6mFo4a.elf	Get hash	malicious	Browse
	portainer	Get hash	malicious	Browse
	l.out.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse
	8LzAAQOA5F.elf	Get hash	malicious	Browse
	GzQ3LRVbSB.elf	Get hash	malicious	Browse
	QIsLuTv1ka.elf	Get hash	malicious	Browse
	FIieajcRYe.elf	Get hash	malicious	Browse
	o9epZmdr6x.elf	Get hash	malicious	Browse
	auD8Kknsmc.elf	Get hash	malicious	Browse
	7Cz3REBlrI.elf	Get hash	malicious	Browse
	R2YElGmM5e.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
INIT7CH	POF7B6Kfw5.elf	Get hash	malicious	Browse	109.202.202.202
	6d0aJaGK7S.elf	Get hash	malicious	Browse	109.202.202.202
	Kxc3PFrEoj.elf	Get hash	malicious	Browse	109.202.202.202
	yB9hLLnhbx.elf	Get hash	malicious	Browse	109.202.202.202
	yS7c2Bzlu2.elf	Get hash	malicious	Browse	109.202.202.202
	p0hr6mFo4a.elf	Get hash	malicious	Browse	109.202.202.202
	portainer	Get hash	malicious	Browse	109.202.202.202
	l.out.elf	Get hash	malicious	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse	109.202.202.202
	8LzAAQOA5F.elf	Get hash	malicious	Browse	109.202.202.202
	GzQ3LRVbSB.elf	Get hash	malicious	Browse	109.202.202.202
	QIsLuTv1ka.elf	Get hash	malicious	Browse	109.202.202.202
	FIieajcRYe.elf	Get hash	malicious	Browse	109.202.202.202
	o9epZmdr6x.elf	Get hash	malicious	Browse	109.202.202.202
	auD8Kknsmc.elf	Get hash	malicious	Browse	109.202.202.202
	7Cz3REBlrI.elf	Get hash	malicious	Browse	109.202.202.202
	R2YElGmM5e.elf	Get hash	malicious	Browse	109.202.202.202
	sora.arm7.elf	Get hash	malicious	Browse	109.202.202.202
	sora.x86.elf	Get hash	malicious	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse	109.202.202.202
VODANETInternationalIP-BackboneofVodafoneDE	POF7B6Kfw5.elf	Get hash	malicious	Browse	47.87.197.232
	6d0aJaGK7S.elf	Get hash	malicious	Browse	47.87.197.232
	Kxc3PFrEoj.elf	Get hash	malicious	Browse	47.87.197.232
	yB9hLLnhbx.elf	Get hash	malicious	Browse	47.87.197.232
	yS7c2Bzlu2.elf	Get hash	malicious	Browse	47.87.197.232
	p0hr6mFo4a.elf	Get hash	malicious	Browse	47.87.197.232
	7HuJu44thW.elf	Get hash	malicious	Browse	188.110.182.82
	Yw0HhtLWAz.elf	Get hash	malicious	Browse	188.109.141.7
	MZbxLJqYM3.elf	Get hash	malicious	Browse	2.203.197.21
	oAUrOBvfbV.elf	Get hash	malicious	Browse	2.205.253.113
	jew.x86.elf	Get hash	malicious	Browse	88.73.217.45
	3y849k7eIG.elf	Get hash	malicious	Browse	188.97.131.92
	ewfDbhCyw3.elf	Get hash	malicious	Browse	188.107.42.3
	wIUY7HguZD.elf	Get hash	malicious	Browse	88.68.114.1
	87uWrdTuhh.elf	Get hash	malicious	Browse	94.221.53.89
	tYV5avLJzh.elf	Get hash	malicious	Browse	188.107.45.128
	kQhLxBYJGw.elf	Get hash	malicious	Browse	109.41.117.192
	zg8P6HaVf2.elf	Get hash	malicious	Browse	213.23.15.180
	Mddos.arm.elf	Get hash	malicious	Browse	47.87.28.61
	SecuriteInfo.com.Linux.Siggen.9999.7635.14049.elf	Get hash	malicious	Browse	178.5.76.73

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.321844123186179
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	a0dSUrhKjF.elf
File size:	155476
MD5:	c4ca25d9fd71ba88047def343d3a2799
SHA1:	11fa564755da7c9b8127316d579b1dc890b22433
SHA256:	14fe02e2d1524fc31ed04bf9c4deb14432ad1adb9c934561f832618eec09aa04
SHA512:	7b5a9a65d8fb09b9583cf92bb1a4df49db2b868aad28cca05091bb83036b20ab7820486efaad8c72198e884e890fe08d72acf79a45b7108f218d764e9c178658
SSDEEP:	3072:dg1c9h1jlnLA2PiXYeyCV9VNMVGuo9mrThPaLEnvPrNb:dZ7lnLA2PiIeyU9VWDo9mrThPaLEnvP5
TLSH:	69E38536B7619E77D80ECE7305A985121C8CD98702D92B6BB2B4E51CEB6BC4F08D3D58
File Content Preview:	.ELF......................@.4...4.......4. ...(........p......@...@...........................@...@.D...D...............D...D.E.D.E.P....o..........Q.td.................................................UF....<.T.'!......'.......................<.T.'!... ..

Static ELF Info

ELF header
Class:
Data:
Version:
Machine:
Version Number:
Type:
OS/ABI:
ABI Version:
Entry Point Address:
Flags:
ELF Header Size:
Program Header Offset:
Program Header Size:
Number of Program Headers:
Section Header Offset:
Section Header Size:
Number of Section Headers:
Header String Table Index:

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.reginfo	MIPS_REGINFO	0x4000b4	0xb4	0x18	0x18	0x2	A	0	0	4
.init	PROGBITS	0x4000cc	0xcc	0x8c	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x400160	0x160	0x188e0	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x418a40	0x18a40	0x5c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x418aa0	0x18aa0	0x45a0	0x0	0x2	A	0	0	16
.eh_frame	PROGBITS	0x41d040	0x1d040	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x45d044	0x1d044	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x45d04c	0x1d04c	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x45d054	0x1d054	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x45d058	0x1d058	0x4c	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x45d0b0	0x1d0b0	0x4e0	0x0	0x3	WA	0	0	16
.got	PROGBITS	0x45d590	0x1d590	0x504	0x4	0x10000003	WAp	0	0	16
.sbss	NOBITS	0x45da94	0x1da94	0x24	0x0	0x10000003	WAp	0	0	4
.bss	NOBITS	0x45dac0	0x1da94	0x648c	0x0	0x3	WA	0	0	16
.comment	PROGBITS	0x0	0x1da94	0xbe2	0x0	0x0		0	0	1
.mdebug.abi32	PROGBITS	0xbe2	0x1e676	0x0	0x0	0x0		0	0	1
.pdr	PROGBITS	0x0	0x1e678	0x2120	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0x20798	0x9a	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x20b7c	0x3030	0x10	0x0		20	321	4
.strtab	STRTAB	0x0	0x23bac	0x23a8	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
<unknown>	0xb4	0x4000b4	0x4000b4	0x18	0x18	0.9834	0x4	R	0x4	.reginfo
LOAD	0x0	0x400000	0x400000	0x1d044	0x1d044	5.3117	0x5	R E	0x10000	.reginfo .init .text .fini .rodata .eh_frame
LOAD	0x1d044	0x45d044	0x45d044	0xa50	0x6f08	4.1543	0x6	RW	0x10000	.ctors .dtors .jcr .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000b4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x4000cc	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x400160	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x418a40	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x418aa0	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x41d040	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x45d044	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x45d04c	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x45d054	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x45d058	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x45d0b0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x45d590	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x45da94	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x45dac0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0xbe2	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
C.151.5648	.symtab	0x45d058	40	OBJECT	<unknown>	DEFAULT	10
C.182.5940	.symtab	0x45d094	16	OBJECT	<unknown>	DEFAULT	10
C.183.5941	.symtab	0x45d080	20	OBJECT	<unknown>	DEFAULT	10
KHcommSOCK	.symtab	0x45dae0	4	OBJECT	<unknown>	DEFAULT	14
KHserverHACKER	.symtab	0x45d0f4	4	OBJECT	<unknown>	DEFAULT	11
LOCAL_ADDR	.symtab	0x45da94	4	OBJECT	<unknown>	DEFAULT	13
Q	.symtab	0x45dafc	16384	OBJECT	<unknown>	DEFAULT	14
UserAgents	.symtab	0x45d110	144	OBJECT	<unknown>	DEFAULT	11
_GLOBAL_OFFSET_TABLE_	.symtab	0x45d590	0	OBJECT	<unknown>	DEFAULT	12
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x45d048	0	OBJECT	<unknown>	DEFAULT	7
__CTOR_LIST__	.symtab	0x45d044	0	OBJECT	<unknown>	DEFAULT	7
__C_ctype_b	.symtab	0x45d1b0	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x41b8a0	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_tolower	.symtab	0x45d580	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x41cd40	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_toupper	.symtab	0x45d1c0	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x41bba0	768	OBJECT	<unknown>	DEFAULT	5
__DTOR_END__	.symtab	0x45d050	0	OBJECT	<unknown>	DEFAULT	8
__DTOR_LIST__	.symtab	0x45d04c	0	OBJECT	<unknown>	DEFAULT	8
__EH_FRAME_BEGIN__	.symtab	0x41d040	0	OBJECT	<unknown>	DEFAULT	6
__FRAME_END__	.symtab	0x41d040	0	OBJECT	<unknown>	DEFAULT	6
__GI___C_ctype_b	.symtab	0x45d1b0	4	OBJECT	<unknown>	HIDDEN	11
__GI___C_ctype_b_data	.symtab	0x41b8a0	768	OBJECT	<unknown>	HIDDEN	5
__GI___C_ctype_tolower	.symtab	0x45d580	4	OBJECT	<unknown>	HIDDEN	11
__GI___C_ctype_tolower_data	.symtab	0x41cd40	768	OBJECT	<unknown>	HIDDEN	5
__GI___C_ctype_toupper	.symtab	0x45d1c0	4	OBJECT	<unknown>	HIDDEN	11
__GI___C_ctype_toupper_data	.symtab	0x41bba0	768	OBJECT	<unknown>	HIDDEN	5
__GI___ctype_b	.symtab	0x45d1b4	4	OBJECT	<unknown>	HIDDEN	11
__GI___ctype_tolower	.symtab	0x45d584	4	OBJECT	<unknown>	HIDDEN	11
__GI___ctype_toupper	.symtab	0x45d1c4	4	OBJECT	<unknown>	HIDDEN	11
__GI___errno_location	.symtab	0x40e410	24	FUNC	<unknown>	HIDDEN	3
__GI___fgetc_unlocked	.symtab	0x418320	388	FUNC	<unknown>	HIDDEN	3
__GI___glibc_strerror_r	.symtab	0x4103a0	68	FUNC	<unknown>	HIDDEN	3
__GI___h_errno_location	.symtab	0x4134e0	24	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl	.symtab	0x40dac0	136	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl64	.symtab	0x40db50	104	FUNC	<unknown>	HIDDEN	3
__GI___libc_open	.symtab	0x40e030	124	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_fini	.symtab	0x412ac0	196	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_init	.symtab	0x412c1c	140	FUNC	<unknown>	HIDDEN	3
__GI___xpg_strerror_r	.symtab	0x4103f0	392	FUNC	<unknown>	HIDDEN	3
__GI__exit	.symtab	0x40dbc0	80	FUNC	<unknown>	HIDDEN	3
__GI_abort	.symtab	0x415ba0	428	FUNC	<unknown>	HIDDEN	3
__GI_atoi	.symtab	0x4123a0	28	FUNC	<unknown>	HIDDEN	3
__GI_atol	.symtab	0x4123a0	28	FUNC	<unknown>	HIDDEN	3
__GI_brk	.symtab	0x415d80	112	FUNC	<unknown>	HIDDEN	3
__GI_close	.symtab	0x40dc70	84	FUNC	<unknown>	HIDDEN	3
__GI_connect	.symtab	0x410c80	84	FUNC	<unknown>	HIDDEN	3
__GI_dup2	.symtab	0x40dcd0	84	FUNC	<unknown>	HIDDEN	3
__GI_errno	.symtab	0x463d60	4	OBJECT	<unknown>	HIDDEN	14
__GI_execl	.symtab	0x412720	204	FUNC	<unknown>	HIDDEN	3
__GI_execve	.symtab	0x4131b0	84	FUNC	<unknown>	HIDDEN	3
__GI_exit	.symtab	0x412630	236	FUNC	<unknown>	HIDDEN	3
__GI_fclose	.symtab	0x415e50	512	FUNC	<unknown>	HIDDEN	3
__GI_fcntl	.symtab	0x40dac0	136	FUNC	<unknown>	HIDDEN	3
__GI_fcntl64	.symtab	0x40db50	104	FUNC	<unknown>	HIDDEN	3
__GI_fflush_unlocked	.symtab	0x4169e0	628	FUNC	<unknown>	HIDDEN	3
__GI_fgetc_unlocked	.symtab	0x418320	388	FUNC	<unknown>	HIDDEN	3
__GI_fgets	.symtab	0x416770	216	FUNC	<unknown>	HIDDEN	3
__GI_fgets_unlocked	.symtab	0x416c60	268	FUNC	<unknown>	HIDDEN	3
__GI_fopen	.symtab	0x416050	28	FUNC	<unknown>	HIDDEN	3
__GI_fork	.symtab	0x40dd30	84	FUNC	<unknown>	HIDDEN	3
__GI_fputs_unlocked	.symtab	0x40fb50	128	FUNC	<unknown>	HIDDEN	3
__GI_fseek	.symtab	0x416070	68	FUNC	<unknown>	HIDDEN	3
__GI_fseeko64	.symtab	0x4160c0	388	FUNC	<unknown>	HIDDEN	3
__GI_fwrite_unlocked	.symtab	0x40fbd0	280	FUNC	<unknown>	HIDDEN	3
__GI_getc_unlocked	.symtab	0x418320	388	FUNC	<unknown>	HIDDEN	3
__GI_getdtablesize	.symtab	0x40dd90	72	FUNC	<unknown>	HIDDEN	3
__GI_getegid	.symtab	0x413210	88	FUNC	<unknown>	HIDDEN	3
__GI_geteuid	.symtab	0x40dde0	88	FUNC	<unknown>	HIDDEN	3
__GI_getgid	.symtab	0x413270	84	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname	.symtab	0x4107a0	116	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname_r	.symtab	0x410820	1108	FUNC	<unknown>	HIDDEN	3
__GI_getpid	.symtab	0x40de40	84	FUNC	<unknown>	HIDDEN	3
__GI_getrlimit	.symtab	0x40df00	84	FUNC	<unknown>	HIDDEN	3
__GI_getsockname	.symtab	0x410ce0	84	FUNC	<unknown>	HIDDEN	3
__GI_getuid	.symtab	0x4132d0	84	FUNC	<unknown>	HIDDEN	3
__GI_h_errno	.symtab	0x463d64	4	OBJECT	<unknown>	HIDDEN	14
__GI_inet_addr	.symtab	0x410750	72	FUNC	<unknown>	HIDDEN	3
__GI_inet_aton	.symtab	0x414c20	280	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntop	.symtab	0x417580	852	FUNC	<unknown>	HIDDEN	3
__GI_inet_pton	.symtab	0x4170d0	700	FUNC	<unknown>	HIDDEN	3
__GI_initstate_r	.symtab	0x412250	328	FUNC	<unknown>	HIDDEN	3
__GI_ioctl	.symtab	0x40df60	104	FUNC	<unknown>	HIDDEN	3
__GI_isatty	.symtab	0x4105e0	60	FUNC	<unknown>	HIDDEN	3
__GI_kill	.symtab	0x40dfd0	88	FUNC	<unknown>	HIDDEN	3
__GI_lseek64	.symtab	0x418230	164	FUNC	<unknown>	HIDDEN	3
__GI_memchr	.symtab	0x414570	264	FUNC	<unknown>	HIDDEN	3
__GI_memcpy	.symtab	0x40fcf0	308	FUNC	<unknown>	HIDDEN	3
__GI_memmove	.symtab	0x414680	816	FUNC	<unknown>	HIDDEN	3
__GI_mempcpy	.symtab	0x4149b0	76	FUNC	<unknown>	HIDDEN	3
__GI_memrchr	.symtab	0x414a00	272	FUNC	<unknown>	HIDDEN	3
__GI_memset	.symtab	0x40fe30	144	FUNC	<unknown>	HIDDEN	3
__GI_nanosleep	.symtab	0x413330	84	FUNC	<unknown>	HIDDEN	3
__GI_open	.symtab	0x40e030	124	FUNC	<unknown>	HIDDEN	3
__GI_pipe	.symtab	0x40da80	64	FUNC	<unknown>	HIDDEN	3
__GI_poll	.symtab	0x415df0	84	FUNC	<unknown>	HIDDEN	3
__GI_raise	.symtab	0x4181e0	76	FUNC	<unknown>	HIDDEN	3
__GI_random	.symtab	0x411c20	164	FUNC	<unknown>	HIDDEN	3
__GI_random_r	.symtab	0x41202c	176	FUNC	<unknown>	HIDDEN	3
__GI_rawmemchr	.symtab	0x416d70	200	FUNC	<unknown>	HIDDEN	3
__GI_read	.symtab	0x40e150	84	FUNC	<unknown>	HIDDEN	3
__GI_recv	.symtab	0x410dc0	84	FUNC	<unknown>	HIDDEN	3
__GI_recvfrom	.symtab	0x410e20	128	FUNC	<unknown>	HIDDEN	3
__GI_sbrk	.symtab	0x413390	144	FUNC	<unknown>	HIDDEN	3
__GI_select	.symtab	0x40e1b0	120	FUNC	<unknown>	HIDDEN	3
__GI_send	.symtab	0x410ea0	84	FUNC	<unknown>	HIDDEN	3
__GI_sendto	.symtab	0x410f00	128	FUNC	<unknown>	HIDDEN	3
__GI_setsockopt	.symtab	0x410f80	120	FUNC	<unknown>	HIDDEN	3
__GI_setstate_r	.symtab	0x411ef0	316	FUNC	<unknown>	HIDDEN	3
__GI_sigaction	.symtab	0x413060	232	FUNC	<unknown>	HIDDEN	3
__GI_sigaddset	.symtab	0x411060	104	FUNC	<unknown>	HIDDEN	3
__GI_sigemptyset	.symtab	0x4110d0	60	FUNC	<unknown>	HIDDEN	3
__GI_signal	.symtab	0x411110	252	FUNC	<unknown>	HIDDEN	3
__GI_sigprocmask	.symtab	0x40e230	148	FUNC	<unknown>	HIDDEN	3
__GI_sleep	.symtab	0x4127f0	564	FUNC	<unknown>	HIDDEN	3
__GI_socket	.symtab	0x411000	84	FUNC	<unknown>	HIDDEN	3
__GI_sprintf	.symtab	0x40e4a0	80	FUNC	<unknown>	HIDDEN	3
__GI_srandom_r	.symtab	0x4120dc	372	FUNC	<unknown>	HIDDEN	3
__GI_strcasecmp	.symtab	0x4184b0	108	FUNC	<unknown>	HIDDEN	3
__GI_strchr	.symtab	0x40fec0	256	FUNC	<unknown>	HIDDEN	3
__GI_strcmp	.symtab	0x40ffc0	44	FUNC	<unknown>	HIDDEN	3
__GI_strcoll	.symtab	0x40ffc0	44	FUNC	<unknown>	HIDDEN	3
__GI_strcpy	.symtab	0x40fff0	36	FUNC	<unknown>	HIDDEN	3
__GI_strdup	.symtab	0x416f50	144	FUNC	<unknown>	HIDDEN	3
__GI_strlen	.symtab	0x410020	184	FUNC	<unknown>	HIDDEN	3
__GI_strncat	.symtab	0x416e40	180	FUNC	<unknown>	HIDDEN	3
__GI_strncpy	.symtab	0x4100e0	188	FUNC	<unknown>	HIDDEN	3
__GI_strnlen	.symtab	0x4101a0	256	FUNC	<unknown>	HIDDEN	3
__GI_strpbrk	.symtab	0x414be0	64	FUNC	<unknown>	HIDDEN	3
__GI_strspn	.symtab	0x416f00	76	FUNC	<unknown>	HIDDEN	3
__GI_strstr	.symtab	0x4102a0	256	FUNC	<unknown>	HIDDEN	3
__GI_strtok	.symtab	0x4105c0	32	FUNC	<unknown>	HIDDEN	3
__GI_strtok_r	.symtab	0x414b10	204	FUNC	<unknown>	HIDDEN	3
__GI_strtol	.symtab	0x4123c0	28	FUNC	<unknown>	HIDDEN	3
__GI_tcgetattr	.symtab	0x410620	176	FUNC	<unknown>	HIDDEN	3
__GI_time	.symtab	0x40e2d0	84	FUNC	<unknown>	HIDDEN	3
__GI_times	.symtab	0x413420	84	FUNC	<unknown>	HIDDEN	3
__GI_tolower	.symtab	0x4182e0	60	FUNC	<unknown>	HIDDEN	3
__GI_toupper	.symtab	0x40e3d0	60	FUNC	<unknown>	HIDDEN	3
__GI_vfork	.symtab	0x40e330	28	FUNC	<unknown>	HIDDEN	3
__GI_vsnprintf	.symtab	0x40e4f0	260	FUNC	<unknown>	HIDDEN	3
__GI_wait4	.symtab	0x413480	88	FUNC	<unknown>	HIDDEN	3
__GI_waitpid	.symtab	0x40e350	28	FUNC	<unknown>	HIDDEN	3
__GI_wcrtomb	.symtab	0x413500	112	FUNC	<unknown>	HIDDEN	3
__GI_wcsnrtombs	.symtab	0x4135b0	228	FUNC	<unknown>	HIDDEN	3
__GI_wcsrtombs	.symtab	0x413570	64	FUNC	<unknown>	HIDDEN	3
__GI_write	.symtab	0x40e370	84	FUNC	<unknown>	HIDDEN	3
__JCR_END__	.symtab	0x45d054	0	OBJECT	<unknown>	DEFAULT	9
__JCR_LIST__	.symtab	0x45d054	0	OBJECT	<unknown>	DEFAULT	9
__app_fini	.symtab	0x463d4c	4	OBJECT	<unknown>	HIDDEN	14
__atexit_lock	.symtab	0x45d500	24	OBJECT	<unknown>	DEFAULT	11
__bsd_signal	.symtab	0x411110	252	FUNC	<unknown>	HIDDEN	3
__bss_start	.symtab	0x45da94	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x412b94	136	FUNC	<unknown>	DEFAULT	3
__ctype_b	.symtab	0x45d1b4	4	OBJECT	<unknown>	DEFAULT	11
__ctype_tolower	.symtab	0x45d584	4	OBJECT	<unknown>	DEFAULT	11
__ctype_toupper	.symtab	0x45d1c4	4	OBJECT	<unknown>	DEFAULT	11
__curbrk	.symtab	0x463da0	4	OBJECT	<unknown>	HIDDEN	14
__data_start	.symtab	0x45d0d0	0	OBJECT	<unknown>	DEFAULT	11
__decode_answer	.symtab	0x417be0	340	FUNC	<unknown>	HIDDEN	3
__decode_dotted	.symtab	0x418640	340	FUNC	<unknown>	HIDDEN	3
__decode_header	.symtab	0x4179f0	228	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x414d40	2568	FUNC	<unknown>	HIDDEN	3
__do_global_ctors_aux	.symtab	0x4189d0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x400160	0	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x45d0b0	0	OBJECT	<unknown>	HIDDEN	11
__encode_dotted	.symtab	0x418520	280	FUNC	<unknown>	HIDDEN	3
__encode_header	.symtab	0x4178e0	272	FUNC	<unknown>	HIDDEN	3
__encode_question	.symtab	0x417ae0	172	FUNC	<unknown>	HIDDEN	3
__environ	.symtab	0x463d44	4	OBJECT	<unknown>	DEFAULT	14
__errno_location	.symtab	0x40e410	24	FUNC	<unknown>	DEFAULT	3
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x463d30	4	OBJECT	<unknown>	HIDDEN	14
__fgetc_unlocked	.symtab	0x418320	388	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x45d044	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x45d044	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__get_hosts_byname_r	.symtab	0x415b30	104	FUNC	<unknown>	HIDDEN	3
__glibc_strerror_r	.symtab	0x4103a0	68	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x4134e0	24	FUNC	<unknown>	DEFAULT	3
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__heap_alloc	.symtab	0x4118c0	188	FUNC	<unknown>	DEFAULT	3
__heap_alloc_at	.symtab	0x411980	184	FUNC	<unknown>	DEFAULT	3
__heap_free	.symtab	0x411a88	364	FUNC	<unknown>	DEFAULT	3
__heap_link_free_area	.symtab	0x411a40	44	FUNC	<unknown>	DEFAULT	3
__heap_link_free_area_after	.symtab	0x411a6c	28	FUNC	<unknown>	DEFAULT	3
__init_array_end	.symtab	0x45d044	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x45d044	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__length_dotted	.symtab	0x4187a0	72	FUNC	<unknown>	HIDDEN	3
__length_question	.symtab	0x417b90	72	FUNC	<unknown>	HIDDEN	3
__libc_close	.symtab	0x40dc70	84	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x410c80	84	FUNC	<unknown>	DEFAULT	3
__libc_creat	.symtab	0x40e0ac	28	FUNC	<unknown>	DEFAULT	3
__libc_fcntl	.symtab	0x40dac0	136	FUNC	<unknown>	DEFAULT	3
__libc_fcntl64	.symtab	0x40db50	104	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x40dd30	84	FUNC	<unknown>	DEFAULT	3
__libc_getpid	.symtab	0x40de40	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek64	.symtab	0x418230	164	FUNC	<unknown>	DEFAULT	3
__libc_nanosleep	.symtab	0x413330	84	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x40e030	124	FUNC	<unknown>	DEFAULT	3
__libc_poll	.symtab	0x415df0	84	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x40e150	84	FUNC	<unknown>	DEFAULT	3
__libc_recv	.symtab	0x410dc0	84	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom	.symtab	0x410e20	128	FUNC	<unknown>	DEFAULT	3
__libc_select	.symtab	0x40e1b0	120	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x410ea0	84	FUNC	<unknown>	DEFAULT	3
__libc_sendto	.symtab	0x410f00	128	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x413060	232	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x463d40	4	OBJECT	<unknown>	DEFAULT	14
__libc_waitpid	.symtab	0x40e350	28	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x40e370	84	FUNC	<unknown>	DEFAULT	3
__malloc_heap	.symtab	0x45d430	4	OBJECT	<unknown>	DEFAULT	11
__malloc_heap_lock	.symtab	0x463d10	24	OBJECT	<unknown>	DEFAULT	14
__malloc_sbrk_lock	.symtab	0x463f18	24	OBJECT	<unknown>	DEFAULT	14
__nameserver	.symtab	0x463f40	12	OBJECT	<unknown>	HIDDEN	14
__nameservers	.symtab	0x45daa8	4	OBJECT	<unknown>	HIDDEN	13
__open_etc_hosts	.symtab	0x417d40	108	FUNC	<unknown>	HIDDEN	3
__open_nameservers	.symtab	0x415750	984	FUNC	<unknown>	HIDDEN	3
__pagesize	.symtab	0x463d48	4	OBJECT	<unknown>	DEFAULT	14
__preinit_array_end	.symtab	0x45d044	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x45d044	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x412b84	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_lock	.symtab	0x412b84	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_trylock	.symtab	0x412b84	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_unlock	.symtab	0x412b84	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_0	.symtab	0x412b84	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_void	.symtab	0x412b8c	8	FUNC	<unknown>	DEFAULT	3
__raise	.symtab	0x4181e0	76	FUNC	<unknown>	HIDDEN	3
__read_etc_hosts_r	.symtab	0x417dac	1076	FUNC	<unknown>	HIDDEN	3
__register_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__resolv_lock	.symtab	0x45d540	24	OBJECT	<unknown>	DEFAULT	11
__rtld_fini	.symtab	0x463d50	4	OBJECT	<unknown>	HIDDEN	14
__searchdomain	.symtab	0x463f30	16	OBJECT	<unknown>	HIDDEN	14
__searchdomains	.symtab	0x45daac	4	OBJECT	<unknown>	HIDDEN	13
__sigaddset	.symtab	0x411238	44	FUNC	<unknown>	DEFAULT	3
__sigdelset	.symtab	0x411264	48	FUNC	<unknown>	DEFAULT	3
__sigismember	.symtab	0x411210	40	FUNC	<unknown>	DEFAULT	3
__start	.symtab	0x4002a0	100	FUNC	<unknown>	DEFAULT	3
__stdin	.symtab	0x45d21c	4	OBJECT	<unknown>	DEFAULT	11
__stdio_READ	.symtab	0x4187f0	140	FUNC	<unknown>	HIDDEN	3
__stdio_WRITE	.symtab	0x4136a0	280	FUNC	<unknown>	HIDDEN	3
__stdio_adjust_position	.symtab	0x416250	320	FUNC	<unknown>	HIDDEN	3
__stdio_fwrite	.symtab	0x4137c0	472	FUNC	<unknown>	HIDDEN	3
__stdio_init_mutex	.symtab	0x40e6b8	32	FUNC	<unknown>	HIDDEN	3
__stdio_mutex_initializer.3833	.symtab	0x41bea0	24	OBJECT	<unknown>	DEFAULT	5
__stdio_rfill	.symtab	0x418880	88	FUNC	<unknown>	HIDDEN	3
__stdio_seek	.symtab	0x416700	112	FUNC	<unknown>	HIDDEN	3
__stdio_trans2r_o	.symtab	0x4188e0	228	FUNC	<unknown>	HIDDEN	3
__stdio_trans2w_o	.symtab	0x4139a0	308	FUNC	<unknown>	HIDDEN	3
__stdio_wcommit	.symtab	0x40e800	100	FUNC	<unknown>	HIDDEN	3
__stdout	.symtab	0x45d220	4	OBJECT	<unknown>	DEFAULT	11
__syscall_error	.symtab	0x413010	72	FUNC	<unknown>	HIDDEN	3
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x413150	84	FUNC	<unknown>	HIDDEN	3
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x412ac0	196	FUNC	<unknown>	DEFAULT	3
__uClibc_init	.symtab	0x412c1c	140	FUNC	<unknown>	DEFAULT	3
__uClibc_main	.symtab	0x412ca8	864	FUNC	<unknown>	DEFAULT	3
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x45d520	4	OBJECT	<unknown>	HIDDEN	11
__vfork	.symtab	0x40e330	28	FUNC	<unknown>	HIDDEN	3
__xpg_strerror_r	.symtab	0x4103f0	392	FUNC	<unknown>	DEFAULT	3
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0x40e870	128	FUNC	<unknown>	DEFAULT	3
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x415d50	44	FUNC	<unknown>	DEFAULT	3
_dl_phdr	.symtab	0x45dab0	4	OBJECT	<unknown>	DEFAULT	13
_dl_phnum	.symtab	0x45dab4	4	OBJECT	<unknown>	DEFAULT	13
_edata	.symtab	0x45da94	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x463f4c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x463d60	4	OBJECT	<unknown>	DEFAULT	14
_exit	.symtab	0x40dbc0	80	FUNC	<unknown>	DEFAULT	3
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fbss	.symtab	0x45da94	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_fdata	.symtab	0x45d0b0	0	NOTYPE	<unknown>	DEFAULT	11
_fini	.symtab	0x418a40	28	FUNC	<unknown>	DEFAULT	4
_fixed_buffers	.symtab	0x461b18	8192	OBJECT	<unknown>	DEFAULT	14
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x40e8f0	228	FUNC	<unknown>	DEFAULT	3
_fpmaxtostr	.symtab	0x413d20	2120	FUNC	<unknown>	HIDDEN	3
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ftext	.symtab	0x400160	0	NOTYPE	<unknown>	DEFAULT	3
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_gp	.symtab	0x465580	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_gp_disp	.symtab	0x0	0	OBJECT	<unknown>	DEFAULT	SHN_UNDEF
_h_errno	.symtab	0x463d64	4	OBJECT	<unknown>	DEFAULT	14
_init	.symtab	0x4000cc	28	FUNC	<unknown>	DEFAULT	2
_load_inttype	.symtab	0x413ae0	136	FUNC	<unknown>	HIDDEN	3
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x40f180	220	FUNC	<unknown>	HIDDEN	3
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x40f55c	1512	FUNC	<unknown>	HIDDEN	3
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x40f260	100	FUNC	<unknown>	HIDDEN	3
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x40f2d0	544	FUNC	<unknown>	HIDDEN	3
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x40f4f0	108	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_pop_restore	.symtab	0x412b8c	8	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_push_defer	.symtab	0x412b8c	8	FUNC	<unknown>	DEFAULT	3
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x463e98	128	OBJECT	<unknown>	HIDDEN	14
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x416390	880	FUNC	<unknown>	HIDDEN	3
_stdio_init	.symtab	0x40e600	184	FUNC	<unknown>	HIDDEN	3
_stdio_openlist	.symtab	0x45d224	4	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_add_lock	.symtab	0x45d1d0	24	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_dec_use	.symtab	0x416850	400	FUNC	<unknown>	DEFAULT	3
_stdio_openlist_del_count	.symtab	0x461b14	4	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_del_lock	.symtab	0x45d1e8	24	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_use_count	.symtab	0x461b10	4	OBJECT	<unknown>	DEFAULT	14
_stdio_streams	.symtab	0x45d228	240	OBJECT	<unknown>	DEFAULT	11
_stdio_term	.symtab	0x40e6d8	284	FUNC	<unknown>	HIDDEN	3
_stdio_user_locking	.symtab	0x45d200	4	OBJECT	<unknown>	DEFAULT	11
_stdlib_strto_l	.symtab	0x4123e0	592	FUNC	<unknown>	HIDDEN	3
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x413b70	68	FUNC	<unknown>	HIDDEN	3
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x41c010	2934	OBJECT	<unknown>	HIDDEN	5
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x413bc0	340	FUNC	<unknown>	HIDDEN	3
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x40e9d4	1960	FUNC	<unknown>	HIDDEN	3
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x415ba0	428	FUNC	<unknown>	DEFAULT	3
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x40dc10	84	FUNC	<unknown>	DEFAULT	3
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
acnc	.symtab	0x40620c	372	FUNC	<unknown>	DEFAULT	3
add_entry	.symtab	0x40c4b4	200	FUNC	<unknown>	DEFAULT	3
atoi	.symtab	0x4123a0	28	FUNC	<unknown>	DEFAULT	3
atol	.symtab	0x4123a0	28	FUNC	<unknown>	DEFAULT	3
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
axis_bp	.symtab	0x45d0f0	4	OBJECT	<unknown>	DEFAULT	11
bcopy	.symtab	0x410580	32	FUNC	<unknown>	DEFAULT	3
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x463d90	4	OBJECT	<unknown>	DEFAULT	14
been_there_done_that.2792	.symtab	0x463d54	4	OBJECT	<unknown>	DEFAULT	14
brk	.symtab	0x415d80	112	FUNC	<unknown>	DEFAULT	3
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x411110	252	FUNC	<unknown>	DEFAULT	3
buf.4833	.symtab	0x463b30	460	OBJECT	<unknown>	DEFAULT	14
bzero	.symtab	0x4105a0	28	FUNC	<unknown>	DEFAULT	3
bzero.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
c	.symtab	0x45d0fc	4	OBJECT	<unknown>	DEFAULT	11
calloc	.symtab	0x411490	180	FUNC	<unknown>	DEFAULT	3
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0x400310	268	FUNC	<unknown>	DEFAULT	3
checksum_tcp_udp	.symtab	0x40041c	572	FUNC	<unknown>	DEFAULT	3
checksum_tcpudp	.symtab	0x400658	572	FUNC	<unknown>	DEFAULT	3
clock	.symtab	0x40e430	108	FUNC	<unknown>	DEFAULT	3
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x40dc70	84	FUNC	<unknown>	DEFAULT	3
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.2296	.symtab	0x45dac0	1	OBJECT	<unknown>	DEFAULT	14
connect	.symtab	0x410c80	84	FUNC	<unknown>	DEFAULT	3
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x403028	828	FUNC	<unknown>	DEFAULT	3
creat	.symtab	0x40e0ac	28	FUNC	<unknown>	DEFAULT	3
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x403688	460	FUNC	<unknown>	DEFAULT	3
data_start	.symtab	0x45d0d0	0	OBJECT	<unknown>	DEFAULT	11
decodea.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x40dcd0	84	FUNC	<unknown>	DEFAULT	3
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x463d44	4	OBJECT	<unknown>	DEFAULT	14
errno	.symtab	0x463d60	4	OBJECT	<unknown>	DEFAULT	14
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
estridx	.symtab	0x41bf80	126	OBJECT	<unknown>	DEFAULT	5
execl	.symtab	0x412720	204	FUNC	<unknown>	DEFAULT	3
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x4131b0	84	FUNC	<unknown>	DEFAULT	3
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x412630	236	FUNC	<unknown>	DEFAULT	3
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x41cc28	72	OBJECT	<unknown>	DEFAULT	5
fclose	.symtab	0x415e50	512	FUNC	<unknown>	DEFAULT	3
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x40dac0	136	FUNC	<unknown>	DEFAULT	3
fcntl64	.symtab	0x40db50	104	FUNC	<unknown>	DEFAULT	3
fdgets	.symtab	0x402608	292	FUNC	<unknown>	DEFAULT	3
fdopen_pids	.symtab	0x461afc	4	OBJECT	<unknown>	DEFAULT	14
fdpclose	.symtab	0x40238c	636	FUNC	<unknown>	DEFAULT	3
fdpopen	.symtab	0x401f18	1140	FUNC	<unknown>	DEFAULT	3
fflush_unlocked	.symtab	0x4169e0	628	FUNC	<unknown>	DEFAULT	3
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x418320	388	FUNC	<unknown>	DEFAULT	3
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x416770	216	FUNC	<unknown>	DEFAULT	3
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x416c60	268	FUNC	<unknown>	DEFAULT	3
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
findRandIP	.symtab	0x4035dc	172	FUNC	<unknown>	DEFAULT	3
fmt	.symtab	0x41cc10	20	OBJECT	<unknown>	DEFAULT	5
fopen	.symtab	0x416050	28	FUNC	<unknown>	DEFAULT	3
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x40dd30	84	FUNC	<unknown>	DEFAULT	3
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x40fb50	128	FUNC	<unknown>	DEFAULT	3
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x40021c	0	FUNC	<unknown>	DEFAULT	3
free	.symtab	0x411550	396	FUNC	<unknown>	DEFAULT	3
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x416070	68	FUNC	<unknown>	DEFAULT	3
fseeko	.symtab	0x416070	68	FUNC	<unknown>	DEFAULT	3
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x4160c0	388	FUNC	<unknown>	DEFAULT	3
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x40fbd0	280	FUNC	<unknown>	DEFAULT	3
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getBuild	.symtab	0x409f54	32	FUNC	<unknown>	DEFAULT	3
getHost	.symtab	0x402a6c	160	FUNC	<unknown>	DEFAULT	3
getOurIP	.symtab	0x409bd4	896	FUNC	<unknown>	DEFAULT	3
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc_unlocked	.symtab	0x418320	388	FUNC	<unknown>	DEFAULT	3
getdtablesize	.symtab	0x40dd90	72	FUNC	<unknown>	DEFAULT	3
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x413210	88	FUNC	<unknown>	DEFAULT	3
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x40dde0	88	FUNC	<unknown>	DEFAULT	3
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x413270	84	FUNC	<unknown>	DEFAULT	3
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x4107a0	116	FUNC	<unknown>	DEFAULT	3
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x410820	1108	FUNC	<unknown>	DEFAULT	3
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x40de40	84	FUNC	<unknown>	DEFAULT	3
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x40dea0	84	FUNC	<unknown>	DEFAULT	3
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x40df00	84	FUNC	<unknown>	DEFAULT	3
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x410ce0	84	FUNC	<unknown>	DEFAULT	3
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x410d40	120	FUNC	<unknown>	DEFAULT	3
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x4132d0	84	FUNC	<unknown>	DEFAULT	3
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h.4832	.symtab	0x463cfc	20	OBJECT	<unknown>	DEFAULT	14
h_errno	.symtab	0x463d64	4	OBJECT	<unknown>	DEFAULT	14
hacks	.symtab	0x45d0e0	4	OBJECT	<unknown>	DEFAULT	11
hacks2	.symtab	0x45d0e4	4	OBJECT	<unknown>	DEFAULT	11
hacks3	.symtab	0x45d0e8	4	OBJECT	<unknown>	DEFAULT	11
hacks4	.symtab	0x45d0ec	4	OBJECT	<unknown>	DEFAULT	11
heap_alloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
heap_alloc_at.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
heap_free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
hextable	.symtab	0x419794	1024	OBJECT	<unknown>	DEFAULT	5
hlt	.symtab	0x4002fc	0	NOTYPE	<unknown>	DEFAULT	3
htonl	.symtab	0x410710	40	FUNC	<unknown>	DEFAULT	3
htons	.symtab	0x410738	24	FUNC	<unknown>	DEFAULT	3
httphex	.symtab	0x40653c	1672	FUNC	<unknown>	DEFAULT	3
i.4419	.symtab	0x45d100	4	OBJECT	<unknown>	DEFAULT	11
index	.symtab	0x40fec0	256	FUNC	<unknown>	DEFAULT	3
inet_addr	.symtab	0x410750	72	FUNC	<unknown>	DEFAULT	3
inet_aton	.symtab	0x414c20	280	FUNC	<unknown>	DEFAULT	3
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x417580	852	FUNC	<unknown>	DEFAULT	3
inet_ntop4	.symtab	0x41738c	500	FUNC	<unknown>	DEFAULT	3
inet_pton	.symtab	0x4170d0	700	FUNC	<unknown>	DEFAULT	3
inet_pton4	.symtab	0x416fe0	240	FUNC	<unknown>	DEFAULT	3
initConnection	.symtab	0x409910	708	FUNC	<unknown>	DEFAULT	3
init_rand	.symtab	0x400ad4	300	FUNC	<unknown>	DEFAULT	3
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initial_fa	.symtab	0x45d320	264	OBJECT	<unknown>	DEFAULT	11
initstate	.symtab	0x411d74	208	FUNC	<unknown>	DEFAULT	3
initstate_r	.symtab	0x412250	328	FUNC	<unknown>	DEFAULT	3
ioctl	.symtab	0x40df60	104	FUNC	<unknown>	DEFAULT	3
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x4105e0	60	FUNC	<unknown>	DEFAULT	3
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x40dfd0	88	FUNC	<unknown>	DEFAULT	3
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_status	.symtab	0x45daf0	4	OBJECT	<unknown>	DEFAULT	14
lengthd.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lengthq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/mips/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/mips/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/pipe.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x403364	632	FUNC	<unknown>	DEFAULT	3
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x418230	164	FUNC	<unknown>	DEFAULT	3
macAddress	.symtab	0x45daf4	6	OBJECT	<unknown>	DEFAULT	14
main	.symtab	0x409f74	3460	FUNC	<unknown>	DEFAULT	3
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
makeIPPacket	.symtab	0x4039b8	296	FUNC	<unknown>	DEFAULT	3
makeRandomStr	.symtab	0x402bb0	268	FUNC	<unknown>	DEFAULT	3
makevsepacket	.symtab	0x4056f4	332	FUNC	<unknown>	DEFAULT	3
malloc	.symtab	0x4112a0	492	FUNC	<unknown>	DEFAULT	3
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memchr	.symtab	0x414570	264	FUNC	<unknown>	DEFAULT	3
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x40fcf0	308	FUNC	<unknown>	DEFAULT	3
memmove	.symtab	0x414680	816	FUNC	<unknown>	DEFAULT	3
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x4149b0	76	FUNC	<unknown>	DEFAULT	3
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x414a00	272	FUNC	<unknown>	DEFAULT	3
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x40fe30	144	FUNC	<unknown>	DEFAULT	3
mylock	.symtab	0x45d440	24	OBJECT	<unknown>	DEFAULT	11
mylock	.symtab	0x463d70	24	OBJECT	<unknown>	DEFAULT	14
mylock	.symtab	0x45d560	24	OBJECT	<unknown>	DEFAULT	11
nanosleep	.symtab	0x413330	84	FUNC	<unknown>	DEFAULT	3
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1065	.symtab	0x463b20	4	OBJECT	<unknown>	DEFAULT	14
ngPid	.symtab	0x45da9c	4	OBJECT	<unknown>	DEFAULT	13
ntohl	.symtab	0x4106d0	40	FUNC	<unknown>	DEFAULT	3
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x4106f8	24	FUNC	<unknown>	DEFAULT	3
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x45dae8	8	OBJECT	<unknown>	DEFAULT	14
object.2349	.symtab	0x45dac4	24	OBJECT	<unknown>	DEFAULT	14
open	.symtab	0x40e030	124	FUNC	<unknown>	DEFAULT	3
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x45da98	4	OBJECT	<unknown>	DEFAULT	13
p.2294	.symtab	0x45d0c0	0	OBJECT	<unknown>	DEFAULT	11
parseHex	.symtab	0x40272c	176	FUNC	<unknown>	DEFAULT	3
pids	.symtab	0x45daa4	4	OBJECT	<unknown>	DEFAULT	13
pipe	.symtab	0x40da80	64	FUNC	<unknown>	DEFAULT	3
poll	.symtab	0x415df0	84	FUNC	<unknown>	DEFAULT	3
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0x40e0d0	120	FUNC	<unknown>	DEFAULT	3
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.4045	.symtab	0x41bed0	12	OBJECT	<unknown>	DEFAULT	5
print	.symtab	0x401720	1456	FUNC	<unknown>	DEFAULT	3
printchar	.symtab	0x401194	184	FUNC	<unknown>	DEFAULT	3
printi	.symtab	0x401488	664	FUNC	<unknown>	DEFAULT	3
prints	.symtab	0x40124c	572	FUNC	<unknown>	DEFAULT	3
processCmd	.symtab	0x406bc4	11596	FUNC	<unknown>	DEFAULT	3
qual_chars.4050	.symtab	0x41bef0	20	OBJECT	<unknown>	DEFAULT	5
raise	.symtab	0x4181e0	76	FUNC	<unknown>	DEFAULT	3
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x411c00	28	FUNC	<unknown>	DEFAULT	3
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand__str	.symtab	0x40af1c	372	FUNC	<unknown>	DEFAULT	3
rand_alpha_str	.symtab	0x40b090	300	FUNC	<unknown>	DEFAULT	3
rand_alphastr	.symtab	0x400fc4	464	FUNC	<unknown>	DEFAULT	3
rand_cmwc	.symtab	0x400dec	472	FUNC	<unknown>	DEFAULT	3
rand_init	.symtab	0x40ad00	248	FUNC	<unknown>	DEFAULT	3
rand_next	.symtab	0x40adf8	292	FUNC	<unknown>	DEFAULT	3
random	.symtab	0x411c20	164	FUNC	<unknown>	DEFAULT	3
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x41cb90	40	OBJECT	<unknown>	DEFAULT	5
random_r	.symtab	0x41202c	176	FUNC	<unknown>	DEFAULT	3
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x45d458	128	OBJECT	<unknown>	DEFAULT	11
rawmemchr	.symtab	0x416d70	200	FUNC	<unknown>	DEFAULT	3
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x40e150	84	FUNC	<unknown>	DEFAULT	3
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x4116e0	472	FUNC	<unknown>	DEFAULT	3
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x410dc0	84	FUNC	<unknown>	DEFAULT	3
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x402cbc	876	FUNC	<unknown>	DEFAULT	3
recvfrom	.symtab	0x410e20	128	FUNC	<unknown>	DEFAULT	3
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_domain_to_hostname	.symtab	0x40b1c0	360	FUNC	<unknown>	DEFAULT	3
resolv_entries_free	.symtab	0x40be44	164	FUNC	<unknown>	DEFAULT	3
resolv_lookup	.symtab	0x40b46c	2520	FUNC	<unknown>	DEFAULT	3
resolv_skip_name	.symtab	0x40b328	324	FUNC	<unknown>	DEFAULT	3
rtcp	.symtab	0x404d58	1740	FUNC	<unknown>	DEFAULT	3
sbrk	.symtab	0x413390	144	FUNC	<unknown>	DEFAULT	3
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanPid	.symtab	0x45daa0	4	OBJECT	<unknown>	DEFAULT	13
select	.symtab	0x40e1b0	120	FUNC	<unknown>	DEFAULT	3
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x410ea0	84	FUNC	<unknown>	DEFAULT	3
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendSTD	.symtab	0x405424	720	FUNC	<unknown>	DEFAULT	3
sendto	.symtab	0x410f00	128	FUNC	<unknown>	DEFAULT	3
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x410f80	120	FUNC	<unknown>	DEFAULT	3
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x411cc4	176	FUNC	<unknown>	DEFAULT	3
setstate_r	.symtab	0x411ef0	316	FUNC	<unknown>	DEFAULT	3
sigaction	.symtab	0x413060	232	FUNC	<unknown>	DEFAULT	3
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x411060	104	FUNC	<unknown>	DEFAULT	3
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x4110d0	60	FUNC	<unknown>	DEFAULT	3
signal	.symtab	0x411110	252	FUNC	<unknown>	DEFAULT	3
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x40e230	148	FUNC	<unknown>	DEFAULT	3
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x4127f0	564	FUNC	<unknown>	DEFAULT	3
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x411000	84	FUNC	<unknown>	DEFAULT	3
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0x406380	444	FUNC	<unknown>	DEFAULT	3
sockprintf	.symtab	0x401dc0	344	FUNC	<unknown>	DEFAULT	3
spec_and_mask.4049	.symtab	0x41bf04	16	OBJECT	<unknown>	DEFAULT	5
spec_base.4044	.symtab	0x41bedc	7	OBJECT	<unknown>	DEFAULT	5
spec_chars.4046	.symtab	0x41bf30	21	OBJECT	<unknown>	DEFAULT	5
spec_flags.4045	.symtab	0x41bf48	8	OBJECT	<unknown>	DEFAULT	5
spec_or_mask.4048	.symtab	0x41bf14	16	OBJECT	<unknown>	DEFAULT	5
spec_ranges.4047	.symtab	0x41bf24	9	OBJECT	<unknown>	DEFAULT	5
sprintf	.symtab	0x40e4a0	80	FUNC	<unknown>	DEFAULT	3
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x411e44	172	FUNC	<unknown>	DEFAULT	3
srandom	.symtab	0x411e44	172	FUNC	<unknown>	DEFAULT	3
srandom_r	.symtab	0x4120dc	372	FUNC	<unknown>	DEFAULT	3
static_id	.symtab	0x45d530	2	OBJECT	<unknown>	DEFAULT	11
static_ns	.symtab	0x463d88	4	OBJECT	<unknown>	DEFAULT	14
stderr	.symtab	0x45d218	4	OBJECT	<unknown>	DEFAULT	11
stdin	.symtab	0x45d210	4	OBJECT	<unknown>	DEFAULT	11
stdout	.symtab	0x45d214	4	OBJECT	<unknown>	DEFAULT	11
strcasecmp	.symtab	0x4184b0	108	FUNC	<unknown>	DEFAULT	3
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x40fec0	256	FUNC	<unknown>	DEFAULT	3
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x40ffc0	44	FUNC	<unknown>	DEFAULT	3
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcoll	.symtab	0x40ffc0	44	FUNC	<unknown>	DEFAULT	3
strcpy	.symtab	0x40fff0	36	FUNC	<unknown>	DEFAULT	3
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strdup	.symtab	0x416f50	144	FUNC	<unknown>	DEFAULT	3
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x4103f0	392	FUNC	<unknown>	DEFAULT	3
strlen	.symtab	0x410020	184	FUNC	<unknown>	DEFAULT	3
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncat	.symtab	0x416e40	180	FUNC	<unknown>	DEFAULT	3
strncat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x4100e0	188	FUNC	<unknown>	DEFAULT	3
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x4101a0	256	FUNC	<unknown>	DEFAULT	3
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x414be0	64	FUNC	<unknown>	DEFAULT	3
strpbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x416f00	76	FUNC	<unknown>	DEFAULT	3
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x4102a0	256	FUNC	<unknown>	DEFAULT	3
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok	.symtab	0x4105c0	32	FUNC	<unknown>	DEFAULT	3
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x414b10	204	FUNC	<unknown>	DEFAULT	3
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x4123c0	28	FUNC	<unknown>	DEFAULT	3
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
szprintf	.symtab	0x401d48	120	FUNC	<unknown>	DEFAULT	3
table	.symtab	0x463db0	232	OBJECT	<unknown>	DEFAULT	14
table.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table_init	.symtab	0x40bef0	1068	FUNC	<unknown>	DEFAULT	3
table_key	.symtab	0x45d1a0	4	OBJECT	<unknown>	DEFAULT	11
table_lock_val	.symtab	0x40c3a0	132	FUNC	<unknown>	DEFAULT	3
table_retrieve_val	.symtab	0x40c424	144	FUNC	<unknown>	DEFAULT	3
table_unlock_val	.symtab	0x40c31c	132	FUNC	<unknown>	DEFAULT	3
tcgetattr	.symtab	0x410620	176	FUNC	<unknown>	DEFAULT	3
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcpFl00d	.symtab	0x404444	2324	FUNC	<unknown>	DEFAULT	3
tcpcsum	.symtab	0x403854	356	FUNC	<unknown>	DEFAULT	3
time	.symtab	0x40e2d0	84	FUNC	<unknown>	DEFAULT	3
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
times	.symtab	0x413420	84	FUNC	<unknown>	DEFAULT	3
times.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toggle_obf	.symtab	0x40c57c	552	FUNC	<unknown>	DEFAULT	3
tolower	.symtab	0x4182e0	60	FUNC	<unknown>	DEFAULT	3
tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toupper	.symtab	0x40e3d0	60	FUNC	<unknown>	DEFAULT	3
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x400c00	492	FUNC	<unknown>	DEFAULT	3
type_codes	.symtab	0x41bf50	24	OBJECT	<unknown>	DEFAULT	5
type_sizes	.symtab	0x41bf68	12	OBJECT	<unknown>	DEFAULT	5
udpfl00d	.symtab	0x403ae0	2404	FUNC	<unknown>	DEFAULT	3
unknown.1088	.symtab	0x41c000	14	OBJECT	<unknown>	DEFAULT	5
unsafe_state	.symtab	0x45d4e0	28	OBJECT	<unknown>	DEFAULT	11
uppercase	.symtab	0x402b0c	164	FUNC	<unknown>	DEFAULT	3
userID	.symtab	0x45d0f8	4	OBJECT	<unknown>	DEFAULT	11
usleep	.symtab	0x412a30	144	FUNC	<unknown>	DEFAULT	3
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util_atoi	.symtab	0x40ccd4	968	FUNC	<unknown>	DEFAULT	3
util_fdgets	.symtab	0x40d75c	320	FUNC	<unknown>	DEFAULT	3
util_isalpha	.symtab	0x40d904	144	FUNC	<unknown>	DEFAULT	3
util_isdigit	.symtab	0x40da14	104	FUNC	<unknown>	DEFAULT	3
util_isspace	.symtab	0x40d994	128	FUNC	<unknown>	DEFAULT	3
util_isupper	.symtab	0x40d89c	104	FUNC	<unknown>	DEFAULT	3
util_itoa	.symtab	0x40d09c	572	FUNC	<unknown>	DEFAULT	3
util_local_addr	.symtab	0x40d608	340	FUNC	<unknown>	DEFAULT	3
util_memcpy	.symtab	0x40cbb8	164	FUNC	<unknown>	DEFAULT	3
util_memsearch	.symtab	0x40d2d8	292	FUNC	<unknown>	DEFAULT	3
util_strcat	.symtab	0x40cb10	168	FUNC	<unknown>	DEFAULT	3
util_strcmp	.symtab	0x40c964	288	FUNC	<unknown>	DEFAULT	3
util_strcpy	.symtab	0x40ca84	140	FUNC	<unknown>	DEFAULT	3
util_stristr	.symtab	0x40d3fc	524	FUNC	<unknown>	DEFAULT	3
util_strlen	.symtab	0x40c7b0	116	FUNC	<unknown>	DEFAULT	3
util_strncmp	.symtab	0x40c824	320	FUNC	<unknown>	DEFAULT	3
util_zero	.symtab	0x40cc5c	120	FUNC	<unknown>	DEFAULT	3
vfork	.symtab	0x40e330	28	FUNC	<unknown>	DEFAULT	3
vfork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vseattack	.symtab	0x405840	2508	FUNC	<unknown>	DEFAULT	3
vsnprintf	.symtab	0x40e4f0	260	FUNC	<unknown>	DEFAULT	3
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
w	.symtab	0x461b0c	4	OBJECT	<unknown>	DEFAULT	14
wait4	.symtab	0x413480	88	FUNC	<unknown>	DEFAULT	3
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x40e350	28	FUNC	<unknown>	DEFAULT	3
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
watchdog_maintain	.symtab	0x4008a0	564	FUNC	<unknown>	DEFAULT	3
watchdog_pid	.symtab	0x45dae4	4	OBJECT	<unknown>	DEFAULT	14
wcrtomb	.symtab	0x413500	112	FUNC	<unknown>	DEFAULT	3
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x4135b0	228	FUNC	<unknown>	DEFAULT	3
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x413570	64	FUNC	<unknown>	DEFAULT	3
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wildString	.symtab	0x4027dc	656	FUNC	<unknown>	DEFAULT	3
write	.symtab	0x40e370	84	FUNC	<unknown>	DEFAULT	3
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
x	.symtab	0x461b00	4	OBJECT	<unknown>	DEFAULT	14
xdigits.3043	.symtab	0x41ccf4	17	OBJECT	<unknown>	DEFAULT	5
y	.symtab	0x461b04	4	OBJECT	<unknown>	DEFAULT	14
z	.symtab	0x461b08	4	OBJECT	<unknown>	DEFAULT	14
zprintf	.symtab	0x401cd0	120	FUNC	<unknown>	DEFAULT	3

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 30, 2022 01:36:33.893610954 CET	38500	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:36:35.874886990 CET	42836	443	192.168.2.23	91.189.91.43
Nov 30, 2022 01:36:36.898874044 CET	42516	80	192.168.2.23	109.202.202.202
Nov 30, 2022 01:36:51.490211964 CET	43928	443	192.168.2.23	91.189.91.42
Nov 30, 2022 01:36:54.034190893 CET	38502	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:37:01.729671955 CET	42836	443	192.168.2.23	91.189.91.43
Nov 30, 2022 01:37:07.873277903 CET	42516	80	192.168.2.23	109.202.202.202
Nov 30, 2022 01:37:14.173835039 CET	38504	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:37:32.448045969 CET	43928	443	192.168.2.23	91.189.91.42
Nov 30, 2022 01:37:34.313020945 CET	38506	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:37:52.926985979 CET	42836	443	192.168.2.23	91.189.91.43
Nov 30, 2022 01:37:54.452229977 CET	38508	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:38:14.591661930 CET	38510	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:38:34.731383085 CET	38512	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:38:54.870570898 CET	38514	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:39:15.010183096 CET	38516	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:39:35.149593115 CET	38518	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:39:55.288667917 CET	38520	576	192.168.2.23	47.87.197.232

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 30, 2022 01:36:34.032613993 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:36:54.173072100 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:37:14.312266111 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:37:34.451812983 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:37:54.591058016 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:38:14.730751991 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:38:34.869925976 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:38:55.009288073 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:39:15.148986101 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:39:35.288166046 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:39:55.427762032 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable

System Behavior

Analysis Process: a0dSUrhKjF.elf PID: 6228, Parent PID: 6124

General

Start time:	01:36:33
Start date:	30/11/2022
Path:	/tmp/a0dSUrhKjF.elf
Arguments:	/tmp/a0dSUrhKjF.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: a0dSUrhKjF.elf PID: 6230, Parent PID: 6228

General

Start time:	01:36:33
Start date:	30/11/2022
Path:	/tmp/a0dSUrhKjF.elf
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: a0dSUrhKjF.elf PID: 6231, Parent PID: 6228

General

Start time:	01:36:33
Start date:	30/11/2022
Path:	/tmp/a0dSUrhKjF.elf
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: a0dSUrhKjF.elf PID: 6234, Parent PID: 6231

General

Start time:	01:36:33
Start date:	30/11/2022
Path:	/tmp/a0dSUrhKjF.elf
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net . Adversaries may also use local host files (ex: `C:\Windows\System32\Drivers\etc\hosts` or `/etc/hosts` ) in order to discover the hostname to IP address mappings of remote systems.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report a0dSUrhKjF.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

ICMP Packets

System Behavior

Analysis Process: a0dSUrhKjF.elf PID: 6228, Parent PID: 6124

General

Chronological Activities

Analysis Process: a0dSUrhKjF.elf PID: 6230, Parent PID: 6228

General

Chronological Activities

Analysis Process: a0dSUrhKjF.elf PID: 6231, Parent PID: 6228

General

Chronological Activities

Analysis Process: a0dSUrhKjF.elf PID: 6234, Parent PID: 6231

General

Linux Analysis Report
a0dSUrhKjF.elf