Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
qgtfQPgL23.elf

Overview

General Information

Sample name:qgtfQPgL23.elf
renamed because original name is a hash value
Original sample name:2c91bc2af437c67e0c49cde710053a46.elf
Analysis ID:1471715
MD5:2c91bc2af437c67e0c49cde710053a46
SHA1:2a2228e3ade4b061bfee235b2a7ac811e1df940b
SHA256:9c0b94cb6c5fff8175d481b6ea0cb9269468c9c3684da38f2492bf590bee1391
Tags:32armelfmirai
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1471715
Start date and time:2024-07-11 20:50:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 36s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:qgtfQPgL23.elf
renamed because original name is a hash value
Original Sample Name:2c91bc2af437c67e0c49cde710053a46.elf
Detection:MAL
Classification:mal56.linELF@0/0@0/0
Cookbook Comments:
  • Analysis time extended to 480s due to sleep detection in submitted sample

Warnings

  • VT rate limit hit for: qgtfQPgL23.elf

Runtime Messages

Command:/tmp/qgtfQPgL23.elf
PID:6203
Exit Code:255
Exit Code Info:
Killed:False
Standard Output:

Standard Error:/lib/ld-uClibc.so.0: No such file or directory

Process Tree

  • system is lnxubuntu20
  • qgtfQPgL23.elf (PID: 6203, Parent: 6116, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/qgtfQPgL23.elf
  • cleanup

Yara Signatures

No yara matches

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: qgtfQPgL23.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: qgtfQPgL23.elfReversingLabs: Detection: 79%
Source: global trafficTCP traffic: 192.168.2.23:55552 -> 161.128.194.32:2323
Source: global trafficTCP traffic: 192.168.2.23:35336 -> 203.249.151.63:2323
Source: global trafficTCP traffic: 192.168.2.23:38640 -> 108.150.63.223:2323
Source: global trafficTCP traffic: 192.168.2.23:51340 -> 134.11.62.37:2323
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: unknownTCP traffic detected without corresponding DNS query: 158.126.192.131
Source: unknownTCP traffic detected without corresponding DNS query: 170.185.163.90
Source: unknownTCP traffic detected without corresponding DNS query: 221.112.41.141
Source: unknownTCP traffic detected without corresponding DNS query: 73.132.145.186
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.193.253
Source: unknownTCP traffic detected without corresponding DNS query: 125.1.229.42
Source: unknownTCP traffic detected without corresponding DNS query: 185.116.83.18
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 145.250.104.120
Source: unknownTCP traffic detected without corresponding DNS query: 91.76.115.62
Source: unknownTCP traffic detected without corresponding DNS query: 166.122.108.168
Source: unknownTCP traffic detected without corresponding DNS query: 52.229.140.43
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 63.161.217.46
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 181.181.75.210
Source: unknownTCP traffic detected without corresponding DNS query: 196.205.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 161.128.194.32
Source: unknownTCP traffic detected without corresponding DNS query: 205.163.205.165
Source: unknownTCP traffic detected without corresponding DNS query: 73.37.255.94
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 165.23.29.98
Source: unknownTCP traffic detected without corresponding DNS query: 65.65.96.73
Source: unknownTCP traffic detected without corresponding DNS query: 46.67.174.39
Source: unknownTCP traffic detected without corresponding DNS query: 183.181.127.103
Source: unknownTCP traffic detected without corresponding DNS query: 18.183.167.41
Source: unknownTCP traffic detected without corresponding DNS query: 162.200.164.237
Source: unknownTCP traffic detected without corresponding DNS query: 203.249.151.63
Source: unknownTCP traffic detected without corresponding DNS query: 38.135.156.119
Source: unknownTCP traffic detected without corresponding DNS query: 170.87.87.33
Source: unknownTCP traffic detected without corresponding DNS query: 176.111.86.20
Source: unknownTCP traffic detected without corresponding DNS query: 14.169.149.87
Source: unknownTCP traffic detected without corresponding DNS query: 213.43.217.71
Source: unknownTCP traffic detected without corresponding DNS query: 124.123.94.158
Source: unknownTCP traffic detected without corresponding DNS query: 98.16.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 108.150.63.223
Source: unknownTCP traffic detected without corresponding DNS query: 162.248.119.152
Source: unknownTCP traffic detected without corresponding DNS query: 93.219.175.76
Source: unknownTCP traffic detected without corresponding DNS query: 132.4.144.101
Source: unknownTCP traffic detected without corresponding DNS query: 134.11.62.37
Source: unknownTCP traffic detected without corresponding DNS query: 47.234.90.69
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.167.39
Source: unknownTCP traffic detected without corresponding DNS query: 160.45.224.77
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal56.linELF@0/0@0/0
Source: /tmp/qgtfQPgL23.elf (PID: 6203)Queries kernel information via 'uname': Jump to behavior
Source: qgtfQPgL23.elf, 6203.1.00007ffe03eec000.00007ffe03f0d000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/qgtfQPgL23.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/qgtfQPgL23.elf
Source: qgtfQPgL23.elf, 6203.1.00005597ca087000.00005597ca1b5000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: qgtfQPgL23.elf, 6203.1.00007ffe03eec000.00007ffe03f0d000.rw-.sdmpBinary or memory string: qemu: %s: %s
Source: qgtfQPgL23.elf, 6203.1.00007ffe03eec000.00007ffe03f0d000.rw-.sdmpBinary or memory string: leqemu: %s: %s
Source: qgtfQPgL23.elf, 6203.1.00005597ca087000.00005597ca1b5000.rw-.sdmpBinary or memory string: Urg.qemu.gdb.arm.sys.regs">
Source: qgtfQPgL23.elf, 6203.1.00005597ca087000.00005597ca1b5000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: qgtfQPgL23.elf, 6203.1.00007ffe03eec000.00007ffe03f0d000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: qgtfQPgL23.elf, 6203.1.00005597ca087000.00005597ca1b5000.rw-.sdmpBinary or memory string: rg.qemu.gdb.arm.sys.regs">

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
qgtfQPgL23.elf79%ReversingLabsLinux.Trojan.Mirai
qgtfQPgL23.elf100%AviraEXP/ELF.Mirai.IpCam.IOT.b

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
38.135.156.119
unknownUnited States
174COGENT-174USfalse
165.23.29.98
unknownUnited States
14061DIGITALOCEAN-ASNUSfalse
183.181.127.103
unknownJapan10013FBDCFreeBitCoLtdJPfalse
170.185.163.90
unknownUnited States
8030WORLDNET5-10USfalse
185.116.83.18
unknownNetherlands
204030SERAC-NLfalse
14.169.149.87
unknownViet Nam
45899VNPT-AS-VNVNPTCorpVNfalse
160.45.224.77
unknownGermany
680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
73.37.255.94
unknownUnited States
7922COMCAST-7922USfalse
65.65.96.73
unknownUnited States
7018ATT-INTERNET4USfalse
124.123.94.158
unknownIndia
18209BEAMTELE-AS-APAtriaConvergenceTechnologiespvtltdINfalse
53.21.10.27
unknownGermany
31399DAIMLER-ASITIGNGlobalNetworkDEfalse
91.76.115.62
unknownRussian Federation
8359MTSRUfalse
161.128.194.32
unknownUnited States
263740CorporacionLaceibanetsocietyHNfalse
203.249.151.63
unknownKorea Republic of
4791JOONGANGLIBO-AS-KRfalse
92.246.167.39
unknownRussian Federation
35728MTS-PENZA-ASRUfalse
176.111.86.20
unknownUkraine
51725PLANETA-ASUAfalse
52.229.140.43
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
47.234.90.69
unknownUnited States
7843TWC-7843-BBUSfalse
46.67.174.39
unknownNorway
2119TELENOR-NEXTELTelenorNorgeASNOfalse
18.183.167.41
unknownUnited States
16509AMAZON-02USfalse
181.181.75.210
unknownVenezuela
262210VIETTELPERUSACPEfalse
5.181.193.253
unknownItaly
60989SINERGIAITfalse
91.189.91.43
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
93.219.175.76
unknownGermany
3320DTAGInternetserviceprovideroperationsDEfalse
91.189.91.42
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
63.161.217.46
unknownUnited States
6222CENTURYLINK-LEGACY-EMBARQ-CLTNUSfalse
196.205.131.245
unknownEgypt
24863LINKdotNET-ASEGfalse
134.11.62.37
unknownUnited States
6041DNIC-ASBLK-05800-06055USfalse
166.122.108.168
unknownUnited States
6360UNIVHAWAIIUSfalse
108.150.63.223
unknownUnited States
16509AMAZON-02USfalse
109.202.202.202
unknownSwitzerland
13030INIT7CHfalse
132.4.144.101
unknownUnited States
385AFCONC-BLOCK1-ASUSfalse
221.112.41.141
unknownJapan17506UCOMARTERIANetworksCorporationJPfalse
162.200.164.237
unknownUnited States
7018ATT-INTERNET4USfalse
158.126.192.131
unknownSweden
31756COLORADOSPRINGS-GOVUSfalse
73.132.145.186
unknownUnited States
7922COMCAST-7922USfalse
162.248.119.152
unknownUnited States
40511FIRELINEUSfalse
145.250.104.120
unknownSwitzerland
1101IP-EEND-ASIP-EENDBVNLfalse
98.16.28.253
unknownUnited States
7029WINDSTREAMUSfalse
125.1.229.42
unknownJapan2510INFOWEBFUJITSULIMITEDJPfalse
205.163.205.165
unknownUnited States
1239SPRINTLINKUSfalse
213.43.217.71
unknownTurkey
16135TURKCELL-ASTurkcellASTRfalse
170.87.87.33
unknownUnited States
7726FITC-ASUSfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
91.189.91.43wLw5YqEM5N.elfGet hashmaliciousMiraiBrowse
    gAMhJaF675.elfGet hashmaliciousMiraiBrowse
      94.156.66.188-sora.mips-2024-07-11T18_10_25.elfGet hashmaliciousMiraiBrowse
        185.208.158.252-arm-2024-07-11T17_25_09.elfGet hashmaliciousUnknownBrowse
          SecuriteInfo.com.ELF.Agent-BIQ.14770.5538.elfGet hashmaliciousUnknownBrowse
            condi.mpsl.elfGet hashmaliciousOkiruBrowse
              condi.mips.elfGet hashmaliciousOkiruBrowse
                idvzN3Tv6e.elfGet hashmaliciousUnknownBrowse
                  SecuriteInfo.com.Linux.Siggen.9999.7681.11744.elfGet hashmaliciousMiraiBrowse
                    SecuriteInfo.com.Linux.Siggen.9999.9090.458.elfGet hashmaliciousMiraiBrowse
                      91.189.91.42wLw5YqEM5N.elfGet hashmaliciousMiraiBrowse
                        gAMhJaF675.elfGet hashmaliciousMiraiBrowse
                          94.156.66.188-sora.mips-2024-07-11T18_10_25.elfGet hashmaliciousMiraiBrowse
                            185.208.158.252-arm-2024-07-11T17_25_09.elfGet hashmaliciousUnknownBrowse
                              SecuriteInfo.com.ELF.Agent-BIQ.14770.5538.elfGet hashmaliciousUnknownBrowse
                                condi.mpsl.elfGet hashmaliciousOkiruBrowse
                                  condi.mips.elfGet hashmaliciousOkiruBrowse
                                    idvzN3Tv6e.elfGet hashmaliciousUnknownBrowse
                                      SecuriteInfo.com.Linux.Siggen.9999.7681.11744.elfGet hashmaliciousMiraiBrowse
                                        SecuriteInfo.com.Linux.Siggen.9999.9090.458.elfGet hashmaliciousMiraiBrowse

                                          Domains

                                          No context

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          COGENT-174USy7cm9CKSN9.elfGet hashmaliciousMiraiBrowse
                                          • 149.40.99.42
                                          ahN4x3ahps.elfGet hashmaliciousMiraiBrowse
                                          • 149.44.241.90
                                          mDjOa15q8T.elfGet hashmaliciousMiraiBrowse
                                          • 204.6.34.242
                                          Jdxh215HCJ.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 143.241.191.23
                                          swift copy.exeGet hashmaliciousFormBookBrowse
                                          • 154.41.249.186
                                          2024-07-11-2.exeGet hashmaliciousBlackMoonBrowse
                                          • 206.238.198.23
                                          Tomcat.bin.exeGet hashmaliciousBlackMoonBrowse
                                          • 206.238.197.130
                                          SWCX2024.exeGet hashmaliciousBlackMoonBrowse
                                          • 206.238.197.130
                                          http://icloudtw.applelostsupporttw.com/Get hashmaliciousUnknownBrowse
                                          • 38.46.30.153
                                          http://icloudtw.applesupportlosttw.com/Get hashmaliciousUnknownBrowse
                                          • 38.46.30.153
                                          FBDCFreeBitCoLtdJP95.214.27.186-arm-2024-07-07T07_12_12.elfGet hashmaliciousMiraiBrowse
                                          • 110.2.1.21
                                          vCh0ttyibb.elfGet hashmaliciousUnknownBrowse
                                          • 59.157.18.42
                                          205.185.124.50-mips-2024-07-03T23_47_54.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 61.5.244.77
                                          DVh7O0cBNN.elfGet hashmaliciousUnknownBrowse
                                          • 175.105.252.141
                                          1QP92XNATU.elfGet hashmaliciousUnknownBrowse
                                          • 49.240.6.129
                                          sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                          • 59.157.233.226
                                          tdQ8dOfnDZ.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 111.234.42.141
                                          f6RyWmGZLw.elfGet hashmaliciousUnknownBrowse
                                          • 36.54.36.193
                                          qmWBrvJElh.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 203.192.112.249
                                          yq5xNPpWCT.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                          • 59.157.128.15
                                          DIGITALOCEAN-ASNUShttp://mcnn.amillagaplac.com/Get hashmaliciousUnknownBrowse
                                          • 188.166.166.93
                                          https://www.mediafire.com/file/25smb6ft3b8nwuu/instagram-crypto-ae.zip/fileGet hashmaliciousUnknownBrowse
                                          • 134.122.57.34
                                          https://www.mediafire.com/file/25smb6ft3b8nwuu/instagram-crypto-ae.zip/fileGet hashmaliciousUnknownBrowse
                                          • 178.128.135.204
                                          https://www.mediafire.com/file/25smb6ft3b8nwuu/instagram-crypto-ae.zip/fileGet hashmaliciousUnknownBrowse
                                          • 178.128.135.204
                                          http://tinyurl.com/37xr9ez4Get hashmaliciousUnknownBrowse
                                          • 165.227.251.217
                                          http://whale-verificaa.codeanyapp.com/des/infospage.phpGet hashmaliciousUnknownBrowse
                                          • 45.55.112.74
                                          https://www.enforcementtaskforce.com/?gad_source=1&gclid=CjwKCAjw4ri0BhAvEiwA8oo6F1zC9nO9dzvSCFtKVvkMfvF1n2xz0NOuJTYpUhw21F1pRVj1nOe7qxoC9cIQAvD_BwEGet hashmaliciousUnknownBrowse
                                          • 64.227.36.222
                                          https://www.enforcementtaskforce.com/?gad_source=1&gclid=CjwKCAjw4ri0BhAvEiwA8oo6F1zC9nO9dzvSCFtKVvkMfvF1n2xz0NOuJTYpUhw21F1pRVj1nOe7qxoC9cIQAvD_BwEGet hashmaliciousUnknownBrowse
                                          • 64.227.36.222
                                          https://za.zalo.me/v3/verifyv2/pv6qyc?token=OcNsmjfpL0XY2F3BtHzNRs4A-hhQ5q5sPXtbk3O&continue=ANToniopneus.com.br/dayo/epfsr/captcha/U2FyYWguU2VsYnlAdWtyaS5vcmc=$%E3%80%82Get hashmaliciousHTMLPhisherBrowse
                                          • 167.71.38.96
                                          https://xn--hhglbal-g5b.com/docusign/?rid=weil851Get hashmaliciousUnknownBrowse
                                          • 165.227.229.236
                                          WORLDNET5-10USztGOiA742S.elfGet hashmaliciousUnknownBrowse
                                          • 32.39.247.180
                                          g75NqH852l.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 12.253.108.98
                                          0L9pI8rqYk.elfGet hashmaliciousUnknownBrowse
                                          • 32.11.38.16
                                          oWWFhzvYZa.elfGet hashmaliciousMiraiBrowse
                                          • 12.194.73.39
                                          ZXZMRvEA9M.elfGet hashmaliciousMiraiBrowse
                                          • 32.11.14.66
                                          U2cdjU4Vkz.elfGet hashmaliciousUnknownBrowse
                                          • 12.253.204.248
                                          JdlqBuKl3n.elfGet hashmaliciousMiraiBrowse
                                          • 32.35.158.217
                                          bUuAPqXmkL.elfGet hashmaliciousMiraiBrowse
                                          • 12.194.48.61
                                          jdsfl.x86.elfGet hashmaliciousMiraiBrowse
                                          • 135.43.62.110
                                          b3astmode.arm7.elfGet hashmaliciousMiraiBrowse
                                          • 12.253.93.252
                                          VNPT-AS-VNVNPTCorpVNy7cm9CKSN9.elfGet hashmaliciousMiraiBrowse
                                          • 14.251.158.199
                                          b3lcTjArym.elfGet hashmaliciousMiraiBrowse
                                          • 14.232.223.69
                                          ysp6xCD6N0.elfGet hashmaliciousMiraiBrowse
                                          • 14.173.99.203
                                          ahN4x3ahps.elfGet hashmaliciousMiraiBrowse
                                          • 113.162.243.66
                                          DPMS_CON_11072024.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                          • 203.161.41.204
                                          Document.exeGet hashmaliciousFormBookBrowse
                                          • 203.161.50.128
                                          file.exeGet hashmaliciousFormBookBrowse
                                          • 203.161.43.228
                                          Arrival Notice_AWB 4560943391.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 203.161.41.254
                                          file.exeGet hashmaliciousFormBookBrowse
                                          • 203.161.43.228
                                          Sales Contract Document.bat.exeGet hashmaliciousFormBookBrowse
                                          • 203.161.60.191

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          No created / dropped files found

                                          Static File Info

                                          General

                                          File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
                                          Entropy (8bit):6.115741858282932
                                          TrID:
                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                          File name:qgtfQPgL23.elf
                                          File size:45'540 bytes
                                          MD5:2c91bc2af437c67e0c49cde710053a46
                                          SHA1:2a2228e3ade4b061bfee235b2a7ac811e1df940b
                                          SHA256:9c0b94cb6c5fff8175d481b6ea0cb9269468c9c3684da38f2492bf590bee1391
                                          SHA512:6814f954c13d5e656431d110be35007b85a101669e6d5b8b3b84a2eed38d4c1e2f34bdae402eb89ee77eb0793bd00280def12fc19929d70841e0578365975144
                                          SSDEEP:768:B4hirAl9OrinhdPqPJAj9YbOszTa3Lcpf+7ojxwu4Atztrflko+t0QoFfIzA55dj:Wh4+ceh9qaj9CTa0Au40ROhSr0Zt1S
                                          TLSH:FC13E786BC818E6AC5D06BBBFD7E018D731163ECC1DB7252C8184BE47A8A51F0E67B51
                                          File Content Preview:.ELF..............(.........4...........4. ...(.........4...4...4.......................................................................................................0...........................................Q.td............................/lib/ld-uCl

                                          Static ELF Info

                                          ELF header

                                          Class:ELF32
                                          Data:2's complement, little endian
                                          Version:1 (current)
                                          Machine:ARM
                                          Version Number:0x1
                                          Type:EXEC (Executable file)
                                          OS/ABI:UNIX - System V
                                          ABI Version:0
                                          Entry Point Address:0x8cf0
                                          Flags:0x4000002
                                          ELF Header Size:52
                                          Program Header Offset:52
                                          Program Header Size:32
                                          Number of Program Headers:6
                                          Section Header Offset:44780
                                          Section Header Size:40
                                          Number of Section Headers:19
                                          Header String Table Index:18

                                          Sections

                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                          NULL0x00x00x00x00x0000
                                          .interpPROGBITS0x80f40xf40x140x00x2A001
                                          .hashHASH0x81080x1080x1980x40x2A304
                                          .dynsymDYNSYM0x82a00x2a00x3f00x100x2A414
                                          .dynstrSTRTAB0x86900x6900x1e70x00x2A001
                                          .rel.pltREL0x88780x8780x1980x80x2A374
                                          .initPROGBITS0x8a100xa100x100x00x6AX004
                                          .pltPROGBITS0x8a200xa200x2780x40x6AX004
                                          .textPROGBITS0x8c980xc980x95980x00x6AX004
                                          .finiPROGBITS0x122300xa2300x100x00x6AX004
                                          .rodataPROGBITS0x122400xa2400xa540x00x2A004
                                          .init_arrayINIT_ARRAY0x1ac980xac980x40x00x3WA004
                                          .fini_arrayFINI_ARRAY0x1ac9c0xac9c0x40x00x3WA004
                                          .dynamicDYNAMIC0x1aca40xaca40xb80x80x3WA404
                                          .gotPROGBITS0x1ad5c0xad5c0xd80x40x3WA004
                                          .dataPROGBITS0x1ae340xae340x140x00x3WA004
                                          .bssNOBITS0x1ae480xae480x1800x00x3WA004
                                          .ARM.attributesARM_ATTRIBUTES0x00xae480x160x00x0001
                                          .shstrtabSTRTAB0x00xae5e0x8d0x00x0001

                                          Program Segments

                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                          PHDR0x340x80340x80340xc00xc02.06370x5R E0x4
                                          INTERP0xf40x80f40x80f40x140x143.68420x4R 0x1/lib/ld-uClibc.so.0.interp
                                          LOAD0x00x80000x80000xac940xac946.16250x5R E0x8000.interp .hash .dynsym .dynstr .rel.plt .init .plt .text .fini .rodata
                                          LOAD0xac980x1ac980x1ac980x1b00x3302.39770x6RW 0x8000.init_array .fini_array .dynamic .got .data .bss
                                          DYNAMIC0x00x00x1aca40x00x00.00000x6RW 0x4
                                          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                          Dynamic Tags

                                          TypeMetaValueTag
                                          DT_NEEDEDsharedliblibc.so.00x1
                                          DT_INITvalue0x8a100xc
                                          DT_FINIvalue0x122300xd
                                          DT_INIT_ARRAYvalue0x1ac980x19
                                          DT_INIT_ARRAYSZbytes40x1b
                                          DT_FINI_ARRAYvalue0x1ac9c0x1a
                                          DT_FINI_ARRAYSZbytes40x1c
                                          DT_HASHvalue0x81080x4
                                          DT_STRTABvalue0x86900x5
                                          DT_SYMTABvalue0x82a00x6
                                          DT_STRSZbytes4870xa
                                          DT_SYMENTbytes160xb
                                          DT_DEBUGvalue0x00x15
                                          DT_PLTGOTvalue0x1ad5c0x3
                                          DT_PLTRELSZbytes4080x2
                                          DT_PLTRELpltrelDT_REL0x14
                                          DT_JMPRELvalue0x88780x17
                                          DT_NULLvalue0x00x0

                                          Symbols

                                          NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                          .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          __bss_end__.dynsym0x1afc80NOTYPE<unknown>DEFAULTSHN_ABS
                                          __bss_start.dynsym0x1ae480NOTYPE<unknown>DEFAULTSHN_ABS
                                          __bss_start__.dynsym0x1ae480NOTYPE<unknown>DEFAULTSHN_ABS
                                          __data_start.dynsym0x1ae340NOTYPE<unknown>DEFAULT17
                                          __end__.dynsym0x1afc80NOTYPE<unknown>DEFAULTSHN_ABS
                                          __errno_location.dynsym0x8bfc32FUNC<unknown>DEFAULTSHN_UNDEF
                                          __exidx_end.dynsym0x12c940NOTYPE<unknown>DEFAULTSHN_ABS
                                          __exidx_start.dynsym0x12c940NOTYPE<unknown>DEFAULTSHN_ABS
                                          __uClibc_main.dynsym0x8bb4848FUNC<unknown>DEFAULTSHN_UNDEF
                                          _bss_end__.dynsym0x1afc80NOTYPE<unknown>DEFAULTSHN_ABS
                                          _edata.dynsym0x1ae480NOTYPE<unknown>DEFAULTSHN_ABS
                                          _end.dynsym0x1afc80NOTYPE<unknown>DEFAULTSHN_ABS
                                          _start.dynsym0x8cf080FUNC<unknown>DEFAULT8
                                          abort.dynsym0x8b0c296FUNC<unknown>DEFAULTSHN_UNDEF
                                          atoi.dynsym0x8c1432FUNC<unknown>DEFAULTSHN_UNDEF
                                          bind.dynsym0x8b3c68FUNC<unknown>DEFAULTSHN_UNDEF
                                          calloc.dynsym0x8b18320FUNC<unknown>DEFAULTSHN_UNDEF
                                          clock.dynsym0x8c2c52FUNC<unknown>DEFAULTSHN_UNDEF
                                          close.dynsym0x8c5c100FUNC<unknown>DEFAULTSHN_UNDEF
                                          closedir.dynsym0x8c44272FUNC<unknown>DEFAULTSHN_UNDEF
                                          connect.dynsym0x8a58116FUNC<unknown>DEFAULTSHN_UNDEF
                                          exit.dynsym0x8c08196FUNC<unknown>DEFAULTSHN_UNDEF
                                          fcntl.dynsym0x8c50244FUNC<unknown>DEFAULTSHN_UNDEF
                                          fork.dynsym0x8ba8972FUNC<unknown>DEFAULTSHN_UNDEF
                                          free.dynsym0x8c74572FUNC<unknown>DEFAULTSHN_UNDEF
                                          getpid.dynsym0x8a7c72FUNC<unknown>DEFAULTSHN_UNDEF
                                          getppid.dynsym0x8bcc20FUNC<unknown>DEFAULTSHN_UNDEF
                                          getsockname.dynsym0x8c8c68FUNC<unknown>DEFAULTSHN_UNDEF
                                          getsockopt.dynsym0x8bf072FUNC<unknown>DEFAULTSHN_UNDEF
                                          inet_addr.dynsym0x8b4840FUNC<unknown>DEFAULTSHN_UNDEF
                                          ioctl.dynsym0x8a40224FUNC<unknown>DEFAULTSHN_UNDEF
                                          kill.dynsym0x8b3056FUNC<unknown>DEFAULTSHN_UNDEF
                                          listen.dynsym0x8b9c64FUNC<unknown>DEFAULTSHN_UNDEF
                                          malloc.dynsym0x8aac2360FUNC<unknown>DEFAULTSHN_UNDEF
                                          memcpy.dynsym0x8a944FUNC<unknown>DEFAULTSHN_UNDEF
                                          memmove.dynsym0x8a704FUNC<unknown>DEFAULTSHN_UNDEF
                                          memset.dynsym0x8bc0156FUNC<unknown>DEFAULTSHN_UNDEF
                                          open.dynsym0x8c20100FUNC<unknown>DEFAULTSHN_UNDEF
                                          opendir.dynsym0x8be4196FUNC<unknown>DEFAULTSHN_UNDEF
                                          prctl.dynsym0x8a8868FUNC<unknown>DEFAULTSHN_UNDEF
                                          raise.dynsym0x8c68240FUNC<unknown>DEFAULTSHN_UNDEF
                                          read.dynsym0x8b6c100FUNC<unknown>DEFAULTSHN_UNDEF
                                          readdir.dynsym0x8ae8232FUNC<unknown>DEFAULTSHN_UNDEF
                                          readlink.dynsym0x8aa064FUNC<unknown>DEFAULTSHN_UNDEF
                                          realloc.dynsym0x8b90960FUNC<unknown>DEFAULTSHN_UNDEF
                                          recv.dynsym0x8a4c112FUNC<unknown>DEFAULTSHN_UNDEF
                                          recvfrom.dynsym0x8ac4136FUNC<unknown>DEFAULTSHN_UNDEF
                                          select.dynsym0x8adc132FUNC<unknown>DEFAULTSHN_UNDEF
                                          send.dynsym0x8b00112FUNC<unknown>DEFAULTSHN_UNDEF
                                          sendto.dynsym0x8b84136FUNC<unknown>DEFAULTSHN_UNDEF
                                          setsid.dynsym0x8c3864FUNC<unknown>DEFAULTSHN_UNDEF
                                          setsockopt.dynsym0x8b5472FUNC<unknown>DEFAULTSHN_UNDEF
                                          sigaddset.dynsym0x8af480FUNC<unknown>DEFAULTSHN_UNDEF
                                          sigemptyset.dynsym0x8a6420FUNC<unknown>DEFAULTSHN_UNDEF
                                          signal.dynsym0x8b60196FUNC<unknown>DEFAULTSHN_UNDEF
                                          sigprocmask.dynsym0x8c80140FUNC<unknown>DEFAULTSHN_UNDEF
                                          sleep.dynsym0x8ab8272FUNC<unknown>DEFAULTSHN_UNDEF
                                          socket.dynsym0x8ad068FUNC<unknown>DEFAULTSHN_UNDEF
                                          strcpy.dynsym0x8a3436FUNC<unknown>DEFAULTSHN_UNDEF
                                          time.dynsym0x8bd848FUNC<unknown>DEFAULTSHN_UNDEF
                                          unlink.dynsym0x8b7864FUNC<unknown>DEFAULTSHN_UNDEF
                                          write.dynsym0x8b24100FUNC<unknown>DEFAULTSHN_UNDEF

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Jul 11, 2024 20:50:49.117727041 CEST234769253.21.10.27192.168.2.23
                                          Jul 11, 2024 20:50:49.117739916 CEST2355806158.126.192.131192.168.2.23
                                          Jul 11, 2024 20:50:49.117867947 CEST5580623192.168.2.23158.126.192.131
                                          Jul 11, 2024 20:50:49.117954969 CEST4769223192.168.2.2353.21.10.27
                                          Jul 11, 2024 20:50:51.165132046 CEST2339980170.185.163.90192.168.2.23
                                          Jul 11, 2024 20:50:51.165143013 CEST2360524221.112.41.141192.168.2.23
                                          Jul 11, 2024 20:50:51.165251017 CEST3998023192.168.2.23170.185.163.90
                                          Jul 11, 2024 20:50:51.165251017 CEST6052423192.168.2.23221.112.41.141
                                          Jul 11, 2024 20:50:51.165354013 CEST236047673.132.145.186192.168.2.23
                                          Jul 11, 2024 20:50:51.165395021 CEST6047623192.168.2.2373.132.145.186
                                          Jul 11, 2024 20:50:53.215686083 CEST23430625.181.193.253192.168.2.23
                                          Jul 11, 2024 20:50:53.215693951 CEST2338064125.1.229.42192.168.2.23
                                          Jul 11, 2024 20:50:53.215763092 CEST4306223192.168.2.235.181.193.253
                                          Jul 11, 2024 20:50:53.215900898 CEST3806423192.168.2.23125.1.229.42
                                          Jul 11, 2024 20:50:53.216665983 CEST2349048185.116.83.18192.168.2.23
                                          Jul 11, 2024 20:50:53.216752052 CEST4904823192.168.2.23185.116.83.18
                                          Jul 11, 2024 20:50:54.428322077 CEST42836443192.168.2.2391.189.91.43
                                          Jul 11, 2024 20:50:55.963968992 CEST4251680192.168.2.23109.202.202.202
                                          Jul 11, 2024 20:50:57.324528933 CEST2333950145.250.104.120192.168.2.23
                                          Jul 11, 2024 20:50:57.324536085 CEST235873091.76.115.62192.168.2.23
                                          Jul 11, 2024 20:50:57.324672937 CEST2359668166.122.108.168192.168.2.23
                                          Jul 11, 2024 20:50:57.324681997 CEST3395023192.168.2.23145.250.104.120
                                          Jul 11, 2024 20:50:57.324693918 CEST5873023192.168.2.2391.76.115.62
                                          Jul 11, 2024 20:50:57.324945927 CEST5966823192.168.2.23166.122.108.168
                                          Jul 11, 2024 20:51:02.289541960 CEST234847452.229.140.43192.168.2.23
                                          Jul 11, 2024 20:51:02.289733887 CEST4847423192.168.2.2352.229.140.43
                                          Jul 11, 2024 20:51:09.274094105 CEST43928443192.168.2.2391.189.91.42
                                          Jul 11, 2024 20:51:15.853952885 CEST235950863.161.217.46192.168.2.23
                                          Jul 11, 2024 20:51:15.854084969 CEST5950823192.168.2.2363.161.217.46
                                          Jul 11, 2024 20:51:21.560350895 CEST42836443192.168.2.2391.189.91.43
                                          Jul 11, 2024 20:51:21.884717941 CEST2353002181.181.75.210192.168.2.23
                                          Jul 11, 2024 20:51:21.884840012 CEST5300223192.168.2.23181.181.75.210
                                          Jul 11, 2024 20:51:23.933864117 CEST2352600196.205.131.245192.168.2.23
                                          Jul 11, 2024 20:51:23.933871031 CEST236031873.37.255.94192.168.2.23
                                          Jul 11, 2024 20:51:23.933901072 CEST232355552161.128.194.32192.168.2.23
                                          Jul 11, 2024 20:51:23.933906078 CEST2360148205.163.205.165192.168.2.23
                                          Jul 11, 2024 20:51:23.934050083 CEST5260023192.168.2.23196.205.131.245
                                          Jul 11, 2024 20:51:23.934065104 CEST555522323192.168.2.23161.128.194.32
                                          Jul 11, 2024 20:51:23.934073925 CEST6014823192.168.2.23205.163.205.165
                                          Jul 11, 2024 20:51:23.934076071 CEST6031823192.168.2.2373.37.255.94
                                          Jul 11, 2024 20:51:25.655822039 CEST4251680192.168.2.23109.202.202.202
                                          Jul 11, 2024 20:51:25.980736017 CEST2336844165.23.29.98192.168.2.23
                                          Jul 11, 2024 20:51:25.980838060 CEST3684423192.168.2.23165.23.29.98
                                          Jul 11, 2024 20:51:28.027853012 CEST234480065.65.96.73192.168.2.23
                                          Jul 11, 2024 20:51:28.028032064 CEST4480023192.168.2.2365.65.96.73
                                          Jul 11, 2024 20:51:30.520312071 CEST234171446.67.174.39192.168.2.23
                                          Jul 11, 2024 20:51:30.520421028 CEST2334688183.181.127.103192.168.2.23
                                          Jul 11, 2024 20:51:30.520431042 CEST233361618.183.167.41192.168.2.23
                                          Jul 11, 2024 20:51:30.520456076 CEST2350570162.200.164.237192.168.2.23
                                          Jul 11, 2024 20:51:30.520469904 CEST232335336203.249.151.63192.168.2.23
                                          Jul 11, 2024 20:51:30.520469904 CEST4171423192.168.2.2346.67.174.39
                                          Jul 11, 2024 20:51:30.520487070 CEST2333610170.87.87.33192.168.2.23
                                          Jul 11, 2024 20:51:30.520498991 CEST233591638.135.156.119192.168.2.23
                                          Jul 11, 2024 20:51:30.520505905 CEST3468823192.168.2.23183.181.127.103
                                          Jul 11, 2024 20:51:30.520528078 CEST3361623192.168.2.2318.183.167.41
                                          Jul 11, 2024 20:51:30.520540953 CEST5057023192.168.2.23162.200.164.237
                                          Jul 11, 2024 20:51:30.520554066 CEST353362323192.168.2.23203.249.151.63
                                          Jul 11, 2024 20:51:30.520565987 CEST3591623192.168.2.2338.135.156.119
                                          Jul 11, 2024 20:51:30.520597935 CEST3361023192.168.2.23170.87.87.33
                                          Jul 11, 2024 20:51:34.171732903 CEST2346220176.111.86.20192.168.2.23
                                          Jul 11, 2024 20:51:34.171864033 CEST4622023192.168.2.23176.111.86.20
                                          Jul 11, 2024 20:51:34.176003933 CEST235943814.169.149.87192.168.2.23
                                          Jul 11, 2024 20:51:34.176074982 CEST2348736213.43.217.71192.168.2.23
                                          Jul 11, 2024 20:51:34.176095963 CEST2348258124.123.94.158192.168.2.23
                                          Jul 11, 2024 20:51:34.176186085 CEST5943823192.168.2.2314.169.149.87
                                          Jul 11, 2024 20:51:34.176194906 CEST4873623192.168.2.23213.43.217.71
                                          Jul 11, 2024 20:51:34.176208019 CEST4825823192.168.2.23124.123.94.158
                                          Jul 11, 2024 20:51:36.512865067 CEST235232898.16.28.253192.168.2.23
                                          Jul 11, 2024 20:51:36.512871981 CEST232338640108.150.63.223192.168.2.23
                                          Jul 11, 2024 20:51:36.513433933 CEST5232823192.168.2.2398.16.28.253
                                          Jul 11, 2024 20:51:36.513433933 CEST386402323192.168.2.23108.150.63.223
                                          Jul 11, 2024 20:51:38.272341013 CEST2358338162.248.119.152192.168.2.23
                                          Jul 11, 2024 20:51:38.272346973 CEST235115093.219.175.76192.168.2.23
                                          Jul 11, 2024 20:51:38.272521019 CEST5833823192.168.2.23162.248.119.152
                                          Jul 11, 2024 20:51:38.272561073 CEST5115023192.168.2.2393.219.175.76
                                          Jul 11, 2024 20:51:40.438390970 CEST232351340134.11.62.37192.168.2.23
                                          Jul 11, 2024 20:51:40.438523054 CEST2350836132.4.144.101192.168.2.23
                                          Jul 11, 2024 20:51:40.438760042 CEST5083623192.168.2.23132.4.144.101
                                          Jul 11, 2024 20:51:40.439101934 CEST513402323192.168.2.23134.11.62.37
                                          Jul 11, 2024 20:51:42.372226000 CEST235957047.234.90.69192.168.2.23
                                          Jul 11, 2024 20:51:42.372235060 CEST234304292.246.167.39192.168.2.23
                                          Jul 11, 2024 20:51:42.372241020 CEST2341786160.45.224.77192.168.2.23
                                          Jul 11, 2024 20:51:42.372414112 CEST5957023192.168.2.2347.234.90.69
                                          Jul 11, 2024 20:51:42.372416973 CEST4304223192.168.2.2392.246.167.39
                                          Jul 11, 2024 20:51:42.372426987 CEST4178623192.168.2.23160.45.224.77
                                          Jul 11, 2024 20:51:50.228503942 CEST43928443192.168.2.2391.189.91.42

                                          System Behavior

                                          General

                                          Start time (UTC):18:50:49
                                          Start date (UTC):11/07/2024
                                          Path:/tmp/qgtfQPgL23.elf
                                          Arguments:/tmp/qgtfQPgL23.elf
                                          File size:4956856 bytes
                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                          Chronological Activities