Edit tour

Linux Analysis Report
Josho.m68k.elf

Overview

General Information

Sample name:	Josho.m68k.elf
Analysis ID:	1546922
MD5:	20117afafac1e68f495e8b6dcaacfb95
SHA1:	c9c19587847e9b4d0a01329ba533a79ee4a6983d
SHA256:	1baef44daec75087044d249c16ff23396951e8655e7bf2d5eb2f8d0e74b99e39
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546922
Start date and time:	2024-11-01 17:47:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Josho.m68k.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@0/0

Warnings

VT rate limit hit for: Josho.m68k.elf

Runtime Messages

Command:	/tmp/Josho.m68k.elf
PID:	5506
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	DaddyL33T Infected Your Shit
Standard Error:

Process Tree

system is lnxubuntu20

Josho.m68k.elf (PID: 5506, Parent: 5431, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/Josho.m68k.elf

Josho.m68k.elf New Fork (PID: 5514, Parent: 5506)

Josho.m68k.elf New Fork (PID: 5516, Parent: 5506)

Josho.m68k.elf New Fork (PID: 5518, Parent: 5516)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Josho.m68k.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Josho.m68k.elf

ReversingLabs: Detection: 71%

Source: global traffic

TCP traffic: 192.168.2.14:47308 -> 95.164.4.65:666

Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.4.65

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Source: /tmp/Josho.m68k.elf (PID: 5506)

Queries kernel information via 'uname':

Jump to behavior

Source: Josho.m68k.elf, 5506.1.000055a22ed57000.000055a22eddc000.rw-.sdmp, Josho.m68k.elf, 5514.1.000055a22ed57000.000055a22eddc000.rw-.sdmp, Josho.m68k.elf, 5518.1.000055a22ed57000.000055a22eddc000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: Josho.m68k.elf, 5506.1.00007ffe56631000.00007ffe56652000.rw-.sdmp, Josho.m68k.elf, 5514.1.00007ffe56631000.00007ffe56652000.rw-.sdmp, Josho.m68k.elf, 5518.1.00007ffe56631000.00007ffe56652000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: Josho.m68k.elf, 5506.1.00007ffe56631000.00007ffe56652000.rw-.sdmp, Josho.m68k.elf, 5514.1.00007ffe56631000.00007ffe56652000.rw-.sdmp, Josho.m68k.elf, 5518.1.00007ffe56631000.00007ffe56652000.rw-.sdmp	Binary or memory string: 'B7x86_64/usr/bin/qemu-m68k/tmp/Josho.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Josho.m68k.elf
Source: Josho.m68k.elf, 5506.1.000055a22ed57000.000055a22eddc000.rw-.sdmp, Josho.m68k.elf, 5514.1.000055a22ed57000.000055a22eddc000.rw-.sdmp, Josho.m68k.elf, 5518.1.000055a22ed57000.000055a22eddc000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Josho.m68k.elf	71%	ReversingLabs	Linux.Trojan.Mirai
Josho.m68k.elf	100%	Avira	EXP/ELF.Mirai.T

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
95.164.4.65	unknown	Gibraltar		29632	NASSIST-ASGI	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
95.164.4.65	J5uGzpvcAa.elf	Get hash	malicious	Unknown	Browse
	nPRmTlXhOT.elf	Get hash	malicious	Unknown	Browse
	OwBugJ5CiC.elf	Get hash	malicious	Unknown	Browse
	H5LPetzgXV.elf	Get hash	malicious	Unknown	Browse
	4l9YKCc7qQ.elf	Get hash	malicious	Unknown	Browse
	mCR2IJsjgy.elf	Get hash	malicious	Unknown	Browse
	Josho.arm7.elf	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NASSIST-ASGI	J5uGzpvcAa.elf	Get hash	malicious	Unknown	Browse	95.164.4.65
	nPRmTlXhOT.elf	Get hash	malicious	Unknown	Browse	95.164.4.65
	OwBugJ5CiC.elf	Get hash	malicious	Unknown	Browse	95.164.4.65
	H5LPetzgXV.elf	Get hash	malicious	Unknown	Browse	95.164.4.65
	4l9YKCc7qQ.elf	Get hash	malicious	Unknown	Browse	95.164.4.65
	mCR2IJsjgy.elf	Get hash	malicious	Unknown	Browse	95.164.4.65
	Josho.arm7.elf	Get hash	malicious	Mirai	Browse	95.164.4.65
	J3m5xLlT8D.exe	Get hash	malicious	DCRat	Browse	95.164.6.175
	na.elf	Get hash	malicious	Unknown	Browse	94.131.118.154
	na.elf	Get hash	malicious	Unknown	Browse	94.131.118.154

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.193747692188615
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Josho.m68k.elf
File size:	52'104 bytes
MD5:	20117afafac1e68f495e8b6dcaacfb95
SHA1:	c9c19587847e9b4d0a01329ba533a79ee4a6983d
SHA256:	1baef44daec75087044d249c16ff23396951e8655e7bf2d5eb2f8d0e74b99e39
SHA512:	f5274b9590a735b8be7fb8e2c61e1c1f046820624597b1c1a9a77ccc0a8249573eaf4915a07428fc229cb6c4483e4f51d64ecc7bd9bfcc22181c03e2dc29b624
SSDEEP:	768:eXeSPIm8y065SZ5I/NtUk1bwnkJ0a5K8XATBvBRkgFWK0juSe:WX856525I/LUbk+GK8XOvBRBFWle
TLSH:	47333CA9F4121E2EF98FF5BF9C254E08EE61231161430F1A57ABFDD35C322685E42D62
File Content Preview:	.ELF.......................D...4.........4. ...(.................................. ....................$.......... .dt.Q............................NV..a....da....tN^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	51704
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0xb79e	0x0	0x6	AX	4
.fini	PROGBITS	0x8000b846	0xb846	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x8000b854	0xb854	0xf3a	0x0	0x2	A	2
.ctors	PROGBITS	0x8000e794	0xc794	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x8000e79c	0xc79c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x8000e7a8	0xc7a8	0x210	0x0	0x3	WA	4
.bss	NOBITS	0x8000e9b8	0xc9b8	0x1ec	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xc9b8	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0xc78e	0xc78e	6.2313	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0xc794	0x8000e794	0x8000e794	0x224	0x410	2.9467	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2024 17:47:57.113388062 CET	47308	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:57.118688107 CET	666	47308	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:57.118761063 CET	47308	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:57.169117928 CET	47308	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:57.175034046 CET	666	47308	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:57.175087929 CET	47308	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:57.180030107 CET	666	47308	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:57.998826981 CET	666	47308	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:57.998951912 CET	47308	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:57.999111891 CET	47308	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:57.999777079 CET	47310	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.004703999 CET	666	47310	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:58.004784107 CET	47310	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.005884886 CET	47310	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.010714054 CET	666	47310	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:58.010762930 CET	47310	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.015640974 CET	666	47310	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:58.873511076 CET	666	47310	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:58.873620033 CET	47310	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.873655081 CET	47310	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.874075890 CET	47312	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.879561901 CET	666	47312	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:58.879626036 CET	47312	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.880310059 CET	47312	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.885221958 CET	666	47312	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:58.885283947 CET	47312	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:58.890053988 CET	666	47312	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:59.763798952 CET	666	47312	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:59.764027119 CET	47312	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:59.764055967 CET	47312	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:59.764544010 CET	47314	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:59.770577908 CET	666	47314	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:59.770637989 CET	47314	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:59.771310091 CET	47314	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:59.776637077 CET	666	47314	95.164.4.65	192.168.2.14
Nov 1, 2024 17:47:59.776685953 CET	47314	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:47:59.781702995 CET	666	47314	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:00.652949095 CET	666	47314	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:00.653167963 CET	47314	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:00.653167963 CET	47314	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:00.653681993 CET	47316	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:00.658587933 CET	666	47316	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:00.658646107 CET	47316	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:00.659374952 CET	47316	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:00.664187908 CET	666	47316	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:00.664266109 CET	47316	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:00.669086933 CET	666	47316	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:01.565403938 CET	666	47316	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:01.565447092 CET	666	47316	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:01.565792084 CET	47316	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:01.565792084 CET	47316	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:01.565828085 CET	47316	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:01.566107988 CET	666	47316	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:01.566180944 CET	47316	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:01.566370964 CET	47318	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:01.571222067 CET	666	47318	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:01.571285963 CET	47318	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:01.572030067 CET	47318	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:01.576927900 CET	666	47318	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:01.577006102 CET	47318	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:01.581867933 CET	666	47318	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:02.445966005 CET	666	47318	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:02.446125031 CET	47318	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:02.446157932 CET	47318	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:02.446835041 CET	47320	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:02.451647997 CET	666	47320	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:02.451713085 CET	47320	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:02.452454090 CET	47320	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:02.457211018 CET	666	47320	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:02.457307100 CET	47320	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:02.462116957 CET	666	47320	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:03.352292061 CET	666	47320	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:03.352305889 CET	666	47320	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:03.352672100 CET	47320	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:03.352672100 CET	47320	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:03.352672100 CET	47320	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:03.353143930 CET	47322	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:03.358164072 CET	666	47322	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:03.358232975 CET	47322	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:03.358962059 CET	47322	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:03.363810062 CET	666	47322	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:03.363888979 CET	47322	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:03.368794918 CET	666	47322	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:04.263602972 CET	666	47322	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:04.263626099 CET	666	47322	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:04.263737917 CET	666	47322	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:04.263861895 CET	47322	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:04.263863087 CET	47322	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:04.263897896 CET	47322	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:04.263931990 CET	47322	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:04.264493942 CET	47324	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:04.269408941 CET	666	47324	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:04.269469976 CET	47324	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:04.270128012 CET	47324	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:04.275407076 CET	666	47324	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:04.275453091 CET	47324	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:04.280376911 CET	666	47324	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:05.509069920 CET	666	47324	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:05.509354115 CET	47324	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:05.509354115 CET	47324	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:05.509810925 CET	47326	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:05.514671087 CET	666	47326	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:05.514760971 CET	47326	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:05.515388966 CET	47326	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:05.520189047 CET	666	47326	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:05.520241976 CET	47326	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:05.525170088 CET	666	47326	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:06.395401001 CET	666	47326	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:06.395895004 CET	47326	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:06.395895004 CET	47326	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:06.396733999 CET	47328	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:06.401676893 CET	666	47328	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:06.401757956 CET	47328	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:06.402673006 CET	47328	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:06.407603025 CET	666	47328	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:06.407675982 CET	47328	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:06.412614107 CET	666	47328	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:07.298959017 CET	666	47328	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:07.298981905 CET	666	47328	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:07.299509048 CET	47328	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:07.299509048 CET	47328	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:07.299509048 CET	47328	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:07.300226927 CET	47330	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:07.306039095 CET	666	47330	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:07.306129932 CET	47330	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:07.306931973 CET	47330	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:07.311738014 CET	666	47330	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:07.311810017 CET	47330	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:07.317023039 CET	666	47330	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:08.193372965 CET	666	47330	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:08.193388939 CET	666	47330	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:08.193646908 CET	47330	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:08.193646908 CET	47330	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:08.193686008 CET	47330	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:08.194293022 CET	47332	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:08.199374914 CET	666	47332	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:08.199441910 CET	47332	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:08.200274944 CET	47332	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:08.205420971 CET	666	47332	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:08.205487967 CET	47332	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:08.210473061 CET	666	47332	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:09.090333939 CET	666	47332	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:09.090545893 CET	47332	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:09.090545893 CET	47332	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:09.091109037 CET	47334	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:09.096014977 CET	666	47334	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:09.096081018 CET	47334	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:09.096836090 CET	47334	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:09.102659941 CET	666	47334	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:09.102735043 CET	47334	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:09.107536077 CET	666	47334	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:19.106935024 CET	47334	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:48:19.111922979 CET	666	47334	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:19.373428106 CET	666	47334	95.164.4.65	192.168.2.14
Nov 1, 2024 17:48:19.373698950 CET	47334	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:49:19.426774979 CET	47334	666	192.168.2.14	95.164.4.65
Nov 1, 2024 17:49:19.433404922 CET	666	47334	95.164.4.65	192.168.2.14
Nov 1, 2024 17:49:19.694315910 CET	666	47334	95.164.4.65	192.168.2.14
Nov 1, 2024 17:49:19.694456100 CET	47334	666	192.168.2.14	95.164.4.65

System Behavior

Analysis Process: Josho.m68k.elf PID: 5506, Parent PID: 5431

General

Start time (UTC):	16:47:56
Start date (UTC):	01/11/2024
Path:	/tmp/Josho.m68k.elf
Arguments:	/tmp/Josho.m68k.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: Josho.m68k.elf PID: 5514, Parent PID: 5506

General

Start time (UTC):	16:47:56
Start date (UTC):	01/11/2024
Path:	/tmp/Josho.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: Josho.m68k.elf PID: 5516, Parent PID: 5506

General

Start time (UTC):	16:47:56
Start date (UTC):	01/11/2024
Path:	/tmp/Josho.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: Josho.m68k.elf PID: 5518, Parent PID: 5516

General

Start time (UTC):	16:47:56
Start date (UTC):	01/11/2024
Path:	/tmp/Josho.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Josho.m68k.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: Josho.m68k.elf PID: 5506, Parent PID: 5431

General

Chronological Activities

Analysis Process: Josho.m68k.elf PID: 5514, Parent PID: 5506

General

Chronological Activities

Analysis Process: Josho.m68k.elf PID: 5516, Parent PID: 5506

General

Chronological Activities

Analysis Process: Josho.m68k.elf PID: 5518, Parent PID: 5516

General

Chronological Activities

Linux Analysis Report
Josho.m68k.elf