Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
zmap.x86.elf

Overview

General Information

Sample name:zmap.x86.elf
Analysis ID:1546736
MD5:f7505a8b058281835546dd4549fe7dbc
SHA1:5725793206d387662d9dbbc6649bd63dea8929bd
SHA256:324f57878b778a67a8a8fb8bbb651411b54042331bf9b22fb692252f1772ed8f
Tags:elfuser-abuse_ch
Infos:

Detection

Okiru
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Okiru
Machine Learning detection for sample
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1546736
Start date and time:2024-11-01 15:01:13 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 18s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zmap.x86.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/0@2/0

Warnings

  • VT rate limit hit for: zmap.x86.elf

Runtime Messages

Command:/tmp/zmap.x86.elf
PID:5531
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
VagneRHere
Standard Error:

Process Tree

  • system is lnxubuntu20
  • zmap.x86.elf (PID: 5531, Parent: 5458, MD5: f7505a8b058281835546dd4549fe7dbc) Arguments: /tmp/zmap.x86.elf
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
zmap.x86.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    zmap.x86.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
    • 0xb20:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
    zmap.x86.elfLinux_Trojan_Mirai_88de437funknownunknown
    • 0x84e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
    zmap.x86.elfLinux_Trojan_Mirai_389ee3e9unknownunknown
    • 0xb670:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
    zmap.x86.elfLinux_Trojan_Mirai_cc93863bunknownunknown
    • 0x9f91:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5531.1.0000000008048000.0000000008057000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
      5531.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0xb20:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      5531.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
      • 0x84e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
      5531.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
      • 0xb670:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
      5531.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
      • 0x9f91:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
      Click to see the 9 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: zmap.x86.elfReversingLabs: Detection: 60%
      Machine Learning detection for sample
      Source: zmap.x86.elfJoe Sandbox ML: detected
      Source: global trafficTCP traffic: 192.168.2.15:40140 -> 154.216.16.38:59962
      Source: global trafficDNS traffic detected: DNS query: server.dico-inside.com

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: zmap.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: classification engineClassification label: mal72.troj.evad.linELF@0/0@2/0

      Hooking and other Techniques for Hiding and Protection

      barindex
      Sample deletes itself
      Source: /tmp/zmap.x86.elf (PID: 5531)File: /tmp/zmap.x86.elfJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected Okiru
      Source: Yara matchFile source: zmap.x86.elf, type: SAMPLE
      Source: Yara matchFile source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: zmap.x86.elf PID: 5531, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: zmap.x86.elf PID: 5537, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Okiru
      Source: Yara matchFile source: zmap.x86.elf, type: SAMPLE
      Source: Yara matchFile source: 5531.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5537.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: zmap.x86.elf PID: 5531, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: zmap.x86.elf PID: 5537, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
      File Deletion      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Non-Standard Port      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      zmap.x86.elf61%ReversingLabsLinux.Trojan.LnxMirai
      zmap.x86.elf100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      server.dico-inside.com
      		154.216.16.38
      		truefalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        154.216.16.38
        		server.dico-inside.comSeychelles
        		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        SKHT-ASShenzhenKatherineHengTechnologyInformationCodlr.mpsl.elfGet hashmaliciousOkiruBrowse
        • 154.216.16.39
        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XWormBrowse
        • 154.216.17.34
        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
        • 154.216.17.34
        x86.elfGet hashmaliciousMiraiBrowse
        • 156.241.11.55
        arm7.elfGet hashmaliciousMiraiBrowse
        • 156.230.19.169
        zmap.arm.elfGet hashmaliciousMirai, OkiruBrowse
        • 154.216.20.164
        arm5.elfGet hashmaliciousUnknownBrowse
        • 154.216.20.58
        jew.spc.elfGet hashmaliciousMiraiBrowse
        • 156.254.70.156
        x86_64.elfGet hashmaliciousMiraiBrowse
        • 156.241.11.59
        mips.elfGet hashmaliciousUnknownBrowse
        • 154.216.20.58

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
        Entropy (8bit):6.52313599129516
        TrID:
        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
        File name:zmap.x86.elf
        File size:62'640 bytes
        MD5:f7505a8b058281835546dd4549fe7dbc
        SHA1:5725793206d387662d9dbbc6649bd63dea8929bd
        SHA256:324f57878b778a67a8a8fb8bbb651411b54042331bf9b22fb692252f1772ed8f
        SHA512:f07626f3aa0103d417bc3cb4ef60133066d463ade98ba486bd706c54df0a428f27023f5e737abc5214f79026ce39fd91966a65cafb604b0a342b379c2dc7f8db
        SSDEEP:1536:1BGfyT5OGMMt4cesUTeFIv5TzHhS3cgodIjOepn2C:1caT5OGMMtmaATzBS3Ro2Kanr
        TLSH:FB534BC4E583DCFAEC5605705133EB368B77F13B1268DA97C7A89923F852B02E54629C
        File Content Preview:.ELF....................d...4... .......4. ...(..............................................p...p.......*..........Q.td............................U..S.......w....h........[]...$.............U......=.r...t..5....$p.....$p......u........t....h.o..........

        Static ELF Info

        ELF header

        Class:ELF32
        Data:2's complement, little endian
        Version:1 (current)
        Machine:Intel 80386
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:UNIX - System V
        ABI Version:0
        Entry Point Address:0x8048164
        Flags:0x0
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:62240
        Section Header Size:40
        Number of Section Headers:10
        Header String Table Index:9

        Sections

        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
        NULL0x00x00x00x00x0000
        .initPROGBITS0x80480940x940x1c0x00x6AX001
        .textPROGBITS0x80480b00xb00xd1060x00x6AX0016
        .finiPROGBITS0x80551b60xd1b60x170x00x6AX001
        .rodataPROGBITS0x80551e00xd1e00x1e1c0x00x2A0032
        .ctorsPROGBITS0x80570000xf0000x80x00x3WA004
        .dtorsPROGBITS0x80570080xf0080x80x00x3WA004
        .dataPROGBITS0x80570200xf0200x2c00x00x3WA0032
        .bssNOBITS0x80572e00xf2e00x27c00x00x3WA0032
        .shstrtabSTRTAB0x00xf2e00x3e0x00x0001

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x80480000x80480000xeffc0xeffc6.55710x5R E0x1000.init .text .fini .rodata
        LOAD0xf0000x80570000x80570000x2e00x2aa03.73470x6RW 0x1000.ctors .dtors .data .bss
        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Nov 1, 2024 15:01:58.870675087 CET4014059962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:58.883102894 CET5996240140154.216.16.38192.168.2.15
        Nov 1, 2024 15:01:58.883158922 CET4014059962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:58.883194923 CET4014059962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:58.890078068 CET5996240140154.216.16.38192.168.2.15
        Nov 1, 2024 15:01:58.890125036 CET4014059962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:58.901575089 CET5996240140154.216.16.38192.168.2.15
        Nov 1, 2024 15:01:59.797136068 CET5996240140154.216.16.38192.168.2.15
        Nov 1, 2024 15:01:59.797405005 CET4014059962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:59.797446012 CET4014059962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:59.834582090 CET4014259962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:59.839590073 CET5996240142154.216.16.38192.168.2.15
        Nov 1, 2024 15:01:59.839644909 CET4014259962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:59.839678049 CET4014259962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:59.844511986 CET5996240142154.216.16.38192.168.2.15
        Nov 1, 2024 15:01:59.844568968 CET4014259962192.168.2.15154.216.16.38
        Nov 1, 2024 15:01:59.849389076 CET5996240142154.216.16.38192.168.2.15
        Nov 1, 2024 15:02:09.849546909 CET4014259962192.168.2.15154.216.16.38
        Nov 1, 2024 15:02:09.854659081 CET5996240142154.216.16.38192.168.2.15
        Nov 1, 2024 15:02:10.115206957 CET5996240142154.216.16.38192.168.2.15
        Nov 1, 2024 15:02:10.115459919 CET4014259962192.168.2.15154.216.16.38
        Nov 1, 2024 15:03:10.162909031 CET4014259962192.168.2.15154.216.16.38
        Nov 1, 2024 15:03:10.167977095 CET5996240142154.216.16.38192.168.2.15
        Nov 1, 2024 15:03:10.438525915 CET5996240142154.216.16.38192.168.2.15
        Nov 1, 2024 15:03:10.438673019 CET4014259962192.168.2.15154.216.16.38

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Nov 1, 2024 15:01:58.471930981 CET4090653192.168.2.158.8.8.8
        Nov 1, 2024 15:01:58.870490074 CET53409068.8.8.8192.168.2.15
        Nov 1, 2024 15:01:59.797560930 CET5451953192.168.2.158.8.8.8
        Nov 1, 2024 15:01:59.834409952 CET53545198.8.8.8192.168.2.15

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Nov 1, 2024 15:01:58.471930981 CET192.168.2.158.8.8.80x6391Standard query (0)server.dico-inside.comA (IP address)IN (0x0001)false
        Nov 1, 2024 15:01:59.797560930 CET192.168.2.158.8.8.80x530eStandard query (0)server.dico-inside.comA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Nov 1, 2024 15:01:58.870490074 CET8.8.8.8192.168.2.150x6391No error (0)server.dico-inside.com154.216.16.38A (IP address)IN (0x0001)false
        Nov 1, 2024 15:01:59.834409952 CET8.8.8.8192.168.2.150x530eNo error (0)server.dico-inside.com154.216.16.38A (IP address)IN (0x0001)false

        System Behavior

        General

        Start time (UTC):14:01:57
        Start date (UTC):01/11/2024
        Path:/tmp/zmap.x86.elf
        Arguments:/tmp/zmap.x86.elf
        File size:62640 bytes
        MD5 hash:f7505a8b058281835546dd4549fe7dbc

        Chronological Activities


        General

        Start time (UTC):14:01:57
        Start date (UTC):01/11/2024
        Path:/tmp/zmap.x86.elf
        Arguments:-
        File size:62640 bytes
        MD5 hash:f7505a8b058281835546dd4549fe7dbc

        Chronological Activities


        General

        Start time (UTC):14:01:57
        Start date (UTC):01/11/2024
        Path:/tmp/zmap.x86.elf
        Arguments:-
        File size:62640 bytes
        MD5 hash:f7505a8b058281835546dd4549fe7dbc

        Chronological Activities