Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
AV Detection |
---|
Source: |
Avira: |
Source: |
ReversingLabs: |
Source: |
String: |
||
Source: |
String: |
||
Source: |
String: |
||
Source: |
String: |
||
Source: |
String: |
Source: |
Reads hosts file: |
Jump to behavior |
Source: |
Socket: |
Jump to behavior |
Source: |
UDP traffic detected without corresponding DNS query: |
Source: |
DNS traffic detected: |
||
Source: |
DNS traffic detected: |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
String containing 'busybox' found: |
||
Source: |
String containing 'busybox' found: |
Source: |
.symtab present: |
Source: |
Classification label: |
Persistence and Installation Behavior |
---|
Source: |
Crontab executable: |
Jump to behavior | ||
Source: |
Crontab executable: |
Jump to behavior |
Source: |
File written: |
Jump to behavior |
Source: |
File: |
Jump to behavior | ||
Source: |
File: |
Jump to behavior |
Source: |
File: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior |
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior |
Source: |
Chmod executable: |
Jump to behavior | ||
Source: |
Chmod executable: |
Jump to behavior |
Source: |
Systemctl executable: |
Jump to behavior |
Source: |
Queries kernel information via 'uname': |
Jump to behavior | ||
Source: |
Queries kernel information via 'uname': |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.111.38.48 | host.zopz-api.com | Reserved | 54540 | INCERO-HVVCUS | false |
Name | IP | Active |
---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true |
host.zopz-api.com | 172.111.38.48 | true |