Edit tour
Linux
Analysis Report
Z5VciPA3Nv.elf
Overview
General Information
| Sample name: | Z5VciPA3Nv.elfrenamed because original name is a hash value |
| Original sample name: | 34dcfdc7d4c450f98de26b0c48bc532a2eb42b058bd9244a7ee0059c3bd84873.elf |
| Analysis ID: | 1546916 |
| MD5: | 131a62d1b18a7ce543ccb47e46675c3a |
| SHA1: | 908db9882977879b4b731f6ecb0fb32c285f8c22 |
| SHA256: | 34dcfdc7d4c450f98de26b0c48bc532a2eb42b058bd9244a7ee0059c3bd84873 |
| Tags: | elfransomwareSLNYAuser-JAMESWT_MHT |
| Infos: | |
 | |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Found Tor onion address
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
ELF contains segments with high entropy indicating compressed/encrypted content
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1546916 |
| Start date and time: | 2024-11-01 17:42:07 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 10m 28s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | Z5VciPA3Nv.elfrenamed because original name is a hash value |
| Original Sample Name: | 34dcfdc7d4c450f98de26b0c48bc532a2eb42b058bd9244a7ee0059c3bd84873.elf |
| Detection: | MAL |
| Classification: | mal52.evad.linELF@0/0@0/0 |
| Cookbook Comments: |
|
- VT rate limit hit for: Z5VciPA3Nv.elf
| Command: | /tmp/Z5VciPA3Nv.elf |
| PID: | 6228 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | Usage: /tmp/Z5VciPA3Nv.elf /path/to/be/encrypted |
| Standard Error: |
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
Networking | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | .symtab present: | ||
| Source: | Classification label: | ||
| Source: | Rm executable: | Jump to behavior | ||
| Source: | Rm executable: | Jump to behavior | ||
| Source: | Submission file: | ||
| Source: | Symbol name: | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Proxy | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 45% | ReversingLabs | Linux.Ransomware.Babuk |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 54.171.230.55 | unknown | United States | 16509 | AMAZON-02US | false | |
| 109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
| 91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
| 91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54.171.230.55 | Get hash | malicious | Gafgyt, Mirai | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Chaos | Browse | |||
| Get hash | malicious | Xmrig | Browse | |||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| 109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
| 91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| 91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Gafgyt, Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Okiru | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CANONICAL-ASGB | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AMAZON-02US | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Neconyd | Browse |
| ||
| Get hash | malicious | Neconyd | Browse |
| ||
| INIT7CH | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 5.7441959730501235 |
| TrID: |
|
| File name: | Z5VciPA3Nv.elf |
| File size: | 98'600 bytes |
| MD5: | 131a62d1b18a7ce543ccb47e46675c3a |
| SHA1: | 908db9882977879b4b731f6ecb0fb32c285f8c22 |
| SHA256: | 34dcfdc7d4c450f98de26b0c48bc532a2eb42b058bd9244a7ee0059c3bd84873 |
| SHA512: | 949eebcdbbebf7ac155712ff652938855b76a9241ac1eb436f643f008292dbb7ba82c7a867dd253db813e66230774ad8c0a89b84ac94f07a65a3da99159d7b0e |
| SSDEEP: | 3072:azFUCo7tESuKtyo6+64pvG5/eNthr/XzuKHUE7L6eK32Z1mFl6Aw:a2C/DYzV7L6eKbFl6Aw |
| TLSH: | AFA3B63EA75241BBD0E3A632C50AF0BBD7027672919A565BB7085D2CD33E5C397A8307 |
| File Content Preview: | .ELF........................4...x|......4. ...(.........4...4...4.......................4...4...4....................................d...d...............p..........@...|...............4p..4...4.......................H...H...H...D...D...........P.td.L..... |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 52 |
| Program Header Offset: | 52 |
| Program Header Size: | 32 |
| Number of Program Headers: | 8 |
| Section Header Offset: | 97400 |
| Section Header Size: | 40 |
| Number of Section Headers: | 30 |
| Header String Table Index: | 29 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .interp | PROGBITS | 0x8048134 | 0x134 | 0x13 | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .note.ABI-tag | NOTE | 0x8048148 | 0x148 | 0x20 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .note.gnu.build-id | NOTE | 0x8048168 | 0x168 | 0x24 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .gnu.hash | GNU_HASH | 0x804818c | 0x18c | 0x30 | 0x4 | 0x2 | A | 5 | 0 | 4 |
| .dynsym | DYNSYM | 0x80481bc | 0x1bc | 0x6a0 | 0x10 | 0x2 | A | 6 | 1 | 4 |
| .dynstr | STRTAB | 0x804885c | 0x85c | 0x755 | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .gnu.version | VERSYM | 0x8048fb2 | 0xfb2 | 0xd4 | 0x2 | 0x2 | A | 5 | 0 | 2 |
| .gnu.version_r | VERNEED | 0x8049088 | 0x1088 | 0xe0 | 0x0 | 0x2 | A | 6 | 4 | 4 |
| .rel.dyn | REL | 0x8049168 | 0x1168 | 0x40 | 0x8 | 0x2 | A | 5 | 0 | 4 |
| .rel.plt | REL | 0x80491a8 | 0x11a8 | 0x2f8 | 0x8 | 0x2 | A | 5 | 12 | 4 |
| .init | PROGBITS | 0x80494a0 | 0x14a0 | 0x30 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .plt | PROGBITS | 0x80494d0 | 0x14d0 | 0x600 | 0x4 | 0x6 | AX | 0 | 0 | 4 |
| .text | PROGBITS | 0x8049ad0 | 0x1ad0 | 0x10c5c | 0x0 | 0x6 | AX | 0 | 0 | 16 |
| .fini | PROGBITS | 0x805a72c | 0x1272c | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .rodata | PROGBITS | 0x805a760 | 0x12760 | 0x2539 | 0x0 | 0x2 | A | 0 | 0 | 32 |
| .eh_frame_hdr | PROGBITS | 0x805cc9c | 0x14c9c | 0x3bc | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .eh_frame | PROGBITS | 0x805d058 | 0x15058 | 0x1210 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .gcc_except_table | PROGBITS | 0x805e268 | 0x16268 | 0x244 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .ctors | PROGBITS | 0x805f000 | 0x17000 | 0x18 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dtors | PROGBITS | 0x805f018 | 0x17018 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .jcr | PROGBITS | 0x805f020 | 0x17020 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .data.rel.ro | PROGBITS | 0x805f024 | 0x17024 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dynamic | DYNAMIC | 0x805f034 | 0x17034 | 0xe0 | 0x8 | 0x3 | WA | 6 | 0 | 4 |
| .got | PROGBITS | 0x805f114 | 0x17114 | 0x24 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
| .got.plt | PROGBITS | 0x805f138 | 0x17138 | 0x188 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
| .data | PROGBITS | 0x805f2c0 | 0x172c0 | 0x880 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
| .bss | NOBITS | 0x805fb40 | 0x17b40 | 0x3c | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .comment | PROGBITS | 0x0 | 0x17b40 | 0x2d | 0x1 | 0x30 | MS | 0 | 0 | 1 |
| .shstrtab | STRTAB | 0x0 | 0x17b6d | 0x10b | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| PHDR | 0x34 | 0x8048034 | 0x8048034 | 0x100 | 0x100 | 2.9838 | 0x5 | R E | 0x4 | ||
| INTERP | 0x134 | 0x8048134 | 0x8048134 | 0x13 | 0x13 | 3.6819 | 0x4 | R | 0x1 | /lib/ld-linux.so.2 | .interp |
| LOAD | 0x0 | 0x8048000 | 0x8048000 | 0x164ac | 0x164ac | 5.7604 | 0x5 | R E | 0x1000 | .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame .gcc_except_table | |
| LOAD | 0x17000 | 0x805f000 | 0x805f000 | 0xb40 | 0xb7c | 7.4528 | 0x6 | RW | 0x1000 | .ctors .dtors .jcr .data.rel.ro .dynamic .got .got.plt .data .bss | |
| DYNAMIC | 0x17034 | 0x805f034 | 0x805f034 | 0xe0 | 0xe0 | 2.9531 | 0x6 | RW | 0x4 | .dynamic | |
| NOTE | 0x148 | 0x8048148 | 0x8048148 | 0x44 | 0x44 | 3.4924 | 0x4 | R | 0x4 | .note.ABI-tag .note.gnu.build-id | |
| GNU_EH_FRAME | 0x14c9c | 0x805cc9c | 0x805cc9c | 0x3bc | 0x3bc | 5.0877 | 0x4 | R | 0x4 | .eh_frame_hdr | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
| Type | Meta | Value | Tag |
|---|---|---|---|
| DT_NEEDED | sharedlib | libstdc++.so.6 | 0x1 |
| DT_NEEDED | sharedlib | libgcc_s.so.1 | 0x1 |
| DT_NEEDED | sharedlib | libpthread.so.0 | 0x1 |
| DT_NEEDED | sharedlib | libc.so.6 | 0x1 |
| DT_INIT | value | 0x80494a0 | 0xc |
| DT_FINI | value | 0x805a72c | 0xd |
| DT_GNU_HASH | value | 0x804818c | 0x6ffffef5 |
| DT_STRTAB | value | 0x804885c | 0x5 |
| DT_SYMTAB | value | 0x80481bc | 0x6 |
| DT_STRSZ | bytes | 1877 | 0xa |
| DT_SYMENT | bytes | 16 | 0xb |
| DT_DEBUG | value | 0x0 | 0x15 |
| DT_PLTGOT | value | 0x805f138 | 0x3 |
| DT_PLTRELSZ | bytes | 760 | 0x2 |
| DT_PLTREL | pltrel | DT_REL | 0x14 |
| DT_JMPREL | value | 0x80491a8 | 0x17 |
| DT_REL | value | 0x8049168 | 0x11 |
| DT_RELSZ | bytes | 64 | 0x12 |
| DT_RELENT | bytes | 8 | 0x13 |
| DT_VERNEED | value | 0x8049088 | 0x6ffffffe |
| DT_VERNEEDNUM | value | 4 | 0x6fffffff |
| DT_VERSYM | value | 0x8048fb2 | 0x6ffffff0 |
| DT_NULL | value | 0x0 | 0x0 |
| Name | Version Info Name | Version Info File Name | Section Name | Value | Size | Symbol Type | Symbol Bind | Symbol Visibility | Ndx |
|---|---|---|---|---|---|---|---|---|---|
| .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
| _IO_stdin_used | .dynsym | 0x805a764 | 4 | OBJECT | <unknown> | DEFAULT | 15 | ||
| _Jv_RegisterClasses | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| _Unwind_Resume | GCC_3.0 | libgcc_s.so.1 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNKSs17find_first_not_ofEPKcj | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNKSs4findEPKcj | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNKSs4sizeEv | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNKSs5c_strEv | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNKSs6lengthEv | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNKSs6substrEjj | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNKSt9basic_iosIcSt11char_traitsIcEEcvPvEv | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSaIcEC1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSaIcED1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSolsEPFRSoS_E | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSolsEi | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSs6appendEPKc | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSs6appendEPKcj | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSs6appendERKSs | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSs7reserveEj | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSsC1EPKcRKSaIcE | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSsC1ERKSs | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSsC1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSsD1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSsaSERKSs | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSspLEPKc | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt13runtime_errorC1ERKSs | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt13runtime_errorD1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt18basic_stringstreamIcSt11char_traitsIcESaIcEEC1ERKSsSt13_Ios_Openmode | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt18basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt8ios_base4InitC1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt8ios_base4InitD1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZSt17__throw_bad_allocv | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZSt20__throw_length_errorPKc | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZSt4cerr | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | OBJECT | <unknown> | DEFAULT | SHN_UNDEF |
| _ZSt4cout | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | OBJECT | <unknown> | DEFAULT | SHN_UNDEF |
| _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_ | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RSbIS4_S5_T1_E | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZSt9terminatev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKSbIS4_S5_T1_E | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZStplIcSt11char_traitsIcESaIcEESbIT_T0_T1_EPKS3_RKS6_ | .dynsym | 0x804ac58 | 162 | FUNC | <unknown> | DEFAULT | 13 | ||
| _ZTISt13runtime_error | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | OBJECT | <unknown> | DEFAULT | SHN_UNDEF |
| _ZdlPv | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _Znwj | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_allocate_exception | CXXABI_1.3 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_atexit | GLIBC_2.1.3 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_begin_catch | CXXABI_1.3 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_end_catch | CXXABI_1.3 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_free_exception | CXXABI_1.3 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_rethrow | CXXABI_1.3 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_throw | CXXABI_1.3 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __gmon_start__ | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __gxx_personality_v0 | CXXABI_1.3 | libstdc++.so.6 | .dynsym | 0x8049a10 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __libc_start_main | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __lxstat | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __xstat64 | GLIBC_2.2 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| atoi | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| closedir | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| difftime | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| exit | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fclose | GLIBC_2.1 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fflush | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fgets | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fopen | GLIBC_2.1 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fprintf | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fread | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| free | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fseek | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fwrite | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| malloc | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memcpy | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memset | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| opendir | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pclose | GLIBC_2.1 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| popen | GLIBC_2.1 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| prctl | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| printf | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_cancel | GLIBC_2.0 | libpthread.so.0 | .dynsym | 0x8049aa0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_cond_broadcast | GLIBC_2.3.2 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_cond_init | GLIBC_2.3.2 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_cond_signal | GLIBC_2.3.2 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_cond_wait | GLIBC_2.3.2 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_create | GLIBC_2.1 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_detach | GLIBC_2.0 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_kill | GLIBC_2.0 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_mutex_init | GLIBC_2.0 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_mutex_lock | GLIBC_2.0 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pthread_mutex_unlock | GLIBC_2.0 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| putchar | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| puts | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| readdir | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| rename | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| sigaction | GLIBC_2.0 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| sigemptyset | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| sleep | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| snprintf | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| sprintf | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| stderr | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | OBJECT | <unknown> | DEFAULT | SHN_UNDEF |
| strcat | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strcmp | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strcpy | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strlen | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strstr | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| sysconf | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| system | GLIBC_2.0 | libpthread.so.0 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| time | GLIBC_2.0 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 1, 2024 17:42:55.397742033 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Nov 1, 2024 17:43:01.029082060 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Nov 1, 2024 17:43:02.052798986 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Nov 1, 2024 17:43:16.130795956 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Nov 1, 2024 17:43:25.190982103 CET | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Nov 1, 2024 17:43:25.196443081 CET | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
| Nov 1, 2024 17:43:25.196511030 CET | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
| Nov 1, 2024 17:43:28.417088985 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Nov 1, 2024 17:43:32.512665033 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Nov 1, 2024 17:43:57.085110903 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
System Behavior
| Start time (UTC): | 16:42:53 |
| Start date (UTC): | 01/11/2024 |
| Path: | /tmp/Z5VciPA3Nv.elf |
| Arguments: | /tmp/Z5VciPA3Nv.elf |
| File size: | 98600 bytes |
| MD5 hash: | 131a62d1b18a7ce543ccb47e46675c3a |
| Start time (UTC): | 16:43:24 |
| Start date (UTC): | 01/11/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 16:43:24 |
| Start date (UTC): | 01/11/2024 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.5LhOIaz2ga /tmp/tmp.ILUnjFCeZL /tmp/tmp.lV2Das7e7n |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
| Start time (UTC): | 16:43:24 |
| Start date (UTC): | 01/11/2024 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 16:43:24 |
| Start date (UTC): | 01/11/2024 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.5LhOIaz2ga /tmp/tmp.ILUnjFCeZL /tmp/tmp.lV2Das7e7n |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |