Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

4ljhdTTyiA

Status: finished
Submission Time: 2021-07-20 00:23:08 +02:00
Malicious
Trojan
Evader
XorDDoS

Comments

Tags

  • elf
  • xorddos

Details

  • Analysis ID:
    450972
  • API (Web) ID:
    818561
  • Analysis Started:
    2021-07-20 00:23:09 +02:00
  • Analysis Finished:
    2021-07-20 00:31:16 +02:00
  • MD5:
    349456ecaa1380a142f15810a8260378
  • SHA1:
    02dd15ecdeedefd7a2f82ba0df38703a74489af3
  • SHA256:
    0f00c2e074c6284c556040012ef23357853ccac4ad1373d1dea683562dc24bca
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)

Third Party Analysis Engines

Open Full Report
malicious
Score: 41/62
Open Full Report
malicious
Score: 24/37
malicious
Score: 21/29
malicious

IPs

IP Country Detection
23.253.46.64
 United States

Domains

Name IP Detection
aaa.dsaj2a.org
 23.253.46.64
ww.dnstells.com
 204.11.56.48
ww.gzcfr5axf6.com
 104.161.25.33
Click to see the 1 hidden entries
ww.gzcfr5axf7.com
 0.0.0.0

URLs

Name Detection
http://aaa.dsaj2a.org/config.rar
http://www.gnu.org/software/libc/bugs.html
http://aaa.dsaj2a.org/config.rar7.com:53

Dropped files

Name File Type Hashes Detection
/usr/bin/ctrygxclrx
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/uoewtvxqdd
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/tjdqviitkh
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
Click to see the 18 hidden entries
/usr/bin/rlyjyybyum
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/ouhdchrbdz
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/nyavevzqtw
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/lgnmbyzzlq
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/jjltawydwf
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/gqczobuacc
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/fcxqfstrdm
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/usr/bin/dxeguomyxc
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/etc/cron.hourly/gcc.sh
 POSIX shell script, ASCII text executable
 #
/usr/bin/aspbnnkmso
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/lib/libudev.so
 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
 #
/etc/init.d/4ljhdTTyiA
 POSIX shell script, ASCII text executable
 #
/etc/init.d/.depend.stop
 ASCII text, with very long lines
 #
/etc/init.d/.depend.start
 ASCII text, with very long lines
 #
/etc/init.d/.depend.boot
 ASCII text, with very long lines
 #
/etc/crontab
 ASCII text
 #
/run/gcc.pid
 ASCII text, with no line terminators
 #
/etc/sed4RcMLw
 ASCII text
 #