Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
udp.elf

Overview

General Information

Sample name:udp.elf
Analysis ID:1565964
MD5:e69f86da2c209c5030a442a3f06036e2
SHA1:649d16913f7ac128641b9a3846ab19ef5475be36
SHA256:98ac80d42e3cc5c0f16e86c284cbb05f80337fbfad6e0ffb7004dc29fffc3648
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Executes the "rm" command used to delete files or directories
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1565964
Start date and time:2024-12-01 03:18:41 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 49s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:udp.elf
Detection:MAL
Classification:mal60.linELF@0/0@0/0

Runtime Messages

Command:/tmp/udp.elf
PID:6262
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:

Standard Error:/tmp/udp.elf: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/udp.elf)

Process Tree

  • system is lnxubuntu20
  • udp.elf (PID: 6262, Parent: 6183, MD5: e69f86da2c209c5030a442a3f06036e2) Arguments: /tmp/udp.elf
  • dash New Fork (PID: 6270, Parent: 4331)
  • rm (PID: 6270, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.He5K7IV2y1 /tmp/tmp.URZoQsaV7E /tmp/tmp.A8VPLso2Bh
  • dash New Fork (PID: 6271, Parent: 4331)
  • rm (PID: 6271, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.He5K7IV2y1 /tmp/tmp.URZoQsaV7E /tmp/tmp.A8VPLso2Bh
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
udp.elfLinux_Hacktool_Flooder_e63396f4unknownunknown
  • 0x147c:$a: 02 83 45 FC 01 81 7D FC FF 0F 00 00 7E 98 90

Memory Dumps

SourceRuleDescriptionAuthorStrings
6262.1.00005649ccaea000.00005649ccaec000.r-x.sdmpLinux_Hacktool_Flooder_e63396f4unknownunknown
  • 0x47c:$a: 02 83 45 FC 01 81 7D FC FF 0F 00 00 7E 98 90

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: udp.elfVirustotal: Detection: 26%Perma Link
Machine Learning detection for sample
Source: udp.elfJoe Sandbox ML: detected
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39256
Source: unknownNetwork traffic detected: HTTP traffic on port 39256 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: udp.elf, type: SAMPLEMatched rule: Linux_Hacktool_Flooder_e63396f4 Author: unknown
Source: 6262.1.00005649ccaea000.00005649ccaec000.r-x.sdmp, type: MEMORYMatched rule: Linux_Hacktool_Flooder_e63396f4 Author: unknown
Source: udp.elf, type: SAMPLEMatched rule: Linux_Hacktool_Flooder_e63396f4 reference_sample = 913e6d2538bd7eed3a8f3d958cf445fe11c5c299a70e5385e0df6a9b2f638323, os = linux, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = 269285d03ea1a3b41ff134ab2cf5e22502626c72401b83add6c1e165f4dd83f8, id = e63396f4-a297-4d99-b341-34cb22498078, last_modified = 2021-09-16
Source: 6262.1.00005649ccaea000.00005649ccaec000.r-x.sdmp, type: MEMORYMatched rule: Linux_Hacktool_Flooder_e63396f4 reference_sample = 913e6d2538bd7eed3a8f3d958cf445fe11c5c299a70e5385e0df6a9b2f638323, os = linux, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = 269285d03ea1a3b41ff134ab2cf5e22502626c72401b83add6c1e165f4dd83f8, id = e63396f4-a297-4d99-b341-34cb22498078, last_modified = 2021-09-16
Source: classification engineClassification label: mal60.linELF@0/0@0/0
Source: /usr/bin/dash (PID: 6270)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.He5K7IV2y1 /tmp/tmp.URZoQsaV7E /tmp/tmp.A8VPLso2BhJump to behavior
Source: /usr/bin/dash (PID: 6271)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.He5K7IV2y1 /tmp/tmp.URZoQsaV7E /tmp/tmp.A8VPLso2BhJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
File Deletion		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
udp.elf27%VirustotalBrowse
udp.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
34.249.145.219
unknownUnited States
16509AMAZON-02USfalse
109.202.202.202
unknownSwitzerland
13030INIT7CHfalse
91.189.91.42
unknownUnited Kingdom
41231CANONICAL-ASGBfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
34.249.145.219boatnet.arm.elfGet hashmaliciousMiraiBrowse
    dlr.spc.elfGet hashmaliciousUnknownBrowse
      x86.elfGet hashmaliciousUnknownBrowse
        arm6.elfGet hashmaliciousMiraiBrowse
          vqsjh4.elfGet hashmaliciousMiraiBrowse
            bot.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
              armv7l.elfGet hashmaliciousGafgyt, MiraiBrowse
                armv5l.elfGet hashmaliciousGafgyt, MiraiBrowse
                  bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                    bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                      109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                      • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                      91.189.91.42boatnet.mips.elfGet hashmaliciousMiraiBrowse
                        boatnet.arm.elfGet hashmaliciousMiraiBrowse
                          boatnet.arc.elfGet hashmaliciousMiraiBrowse
                            arm6-20241201-0124.elfGet hashmaliciousMiraiBrowse
                              arm5.elfGet hashmaliciousUnknownBrowse
                                spc.elfGet hashmaliciousUnknownBrowse
                                  mpsl.elfGet hashmaliciousUnknownBrowse
                                    arm.elfGet hashmaliciousUnknownBrowse
                                      ppc.elfGet hashmaliciousUnknownBrowse
                                        x86.elfGet hashmaliciousUnknownBrowse

                                          Domains

                                          No context

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CANONICAL-ASGBboatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                          • 185.125.190.26
                                          boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                          • 185.125.190.26
                                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                          • 185.125.190.26
                                          boatnet.arc.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          arm6-20241201-0124.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          arm5.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          spc.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          mpsl.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          INIT7CHboatnet.mips.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          boatnet.arc.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          arm6-20241201-0124.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          arm5.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          spc.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          mpsl.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          arm.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          ppc.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          x86.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          AMAZON-02USbotnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 18.187.24.16
                                          botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 65.10.154.105
                                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                          • 34.249.145.219
                                          la.bot.arm6.elfGet hashmaliciousUnknownBrowse
                                          • 130.178.129.246
                                          spc.elfGet hashmaliciousUnknownBrowse
                                          • 54.171.230.55
                                          la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                          • 18.254.52.104
                                          la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                          • 54.249.219.25
                                          la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                          • 13.50.10.235
                                          la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                          • 13.35.121.16
                                          la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                          • 63.32.36.156

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          No created / dropped files found

                                          Static File Info

                                          General

                                          File type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=4240bc42d04e5c04fe9a080f3dc3f2134e1db303, for GNU/Linux 3.2.0, not stripped
                                          Entropy (8bit):3.162673715496483
                                          TrID:
                                          • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
                                          • ELF Executable and Linkable format (generic) (4004/1) 49.46%
                                          • Lumena CEL bitmap (63/63) 0.78%
                                          File name:udp.elf
                                          File size:21'576 bytes
                                          MD5:e69f86da2c209c5030a442a3f06036e2
                                          SHA1:649d16913f7ac128641b9a3846ab19ef5475be36
                                          SHA256:98ac80d42e3cc5c0f16e86c284cbb05f80337fbfad6e0ffb7004dc29fffc3648
                                          SHA512:5f782ad975691bd6144f496d89a1899e2b56d764b46f66d349b448b537efe5900092f374b943d33d582359e1b730d797c6b597b25138f6d242303913ae101bfa
                                          SSDEEP:384:40kg+oEnfXPH/3vnfXPH/3vqiaSKG2f0CzVP9j+8EG2R:40soEnfXPH/3vnfXPH/3vqiaSKG2f0kI
                                          TLSH:E0A2AA1FE261CD3DC8C4B27946CB993492B5F4B0AF72632B2A4072FA2D53E448F78655
                                          File Content Preview:.ELF..............>.............@........L..........@.8...@.............@.......@.......@.......................................................................................................................x.......x......................................

                                          Static ELF Info

                                          ELF header

                                          Class:ELF64
                                          Data:2's complement, little endian
                                          Version:1 (current)
                                          Machine:Advanced Micro Devices X86-64
                                          Version Number:0x1
                                          Type:DYN (Shared object file)
                                          OS/ABI:UNIX - System V
                                          ABI Version:0
                                          Entry Point Address:0x1300
                                          Flags:0x0
                                          ELF Header Size:64
                                          Program Header Offset:64
                                          Program Header Size:56
                                          Number of Program Headers:13
                                          Section Header Offset:19592
                                          Section Header Size:64
                                          Number of Section Headers:31
                                          Header String Table Index:30

                                          Sections

                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                          NULL0x00x00x00x00x0000
                                          .interpPROGBITS0x3180x3180x1c0x00x2A001
                                          .note.gnu.propertyNOTE0x3380x3380x300x00x2A008
                                          .note.gnu.build-idNOTE0x3680x3680x240x00x2A004
                                          .note.ABI-tagNOTE0x38c0x38c0x200x00x2A004
                                          .gnu.hashGNU_HASH0x3b00x3b00x300x00x2A608
                                          .dynsymDYNSYM0x3e00x3e00x2d00x180x2A718
                                          .dynstrSTRTAB0x6b00x6b00x14b0x00x2A001
                                          .gnu.versionVERSYM0x7fc0x7fc0x3c0x20x2A602
                                          .gnu.version_rVERNEED0x8380x8380x400x00x2A718
                                          .rela.dynRELA0x8780x8780xf00x180x2A608
                                          .rela.pltRELA0x9680x9680x2100x180x42AI6248
                                          .initPROGBITS0x10000x10000x1b0x00x6AX004
                                          .pltPROGBITS0x10200x10200x1700x100x6AX0016
                                          .plt.gotPROGBITS0x11900x11900x100x100x6AX0016
                                          .plt.secPROGBITS0x11a00x11a00x1600x100x6AX0016
                                          .textPROGBITS0x13000x13000xd8b0x00x6AX0016
                                          .finiPROGBITS0x208c0x208c0xd0x00x6AX004
                                          .rodataPROGBITS0x30000x30000x1440x00x2A008
                                          .eh_frame_hdrPROGBITS0x31440x31440x740x00x2A004
                                          .eh_framePROGBITS0x31b80x31b80x1b80x00x2A008
                                          .init_arrayINIT_ARRAY0x4d100x3d100x80x80x3WA008
                                          .fini_arrayFINI_ARRAY0x4d180x3d180x80x80x3WA008
                                          .dynamicDYNAMIC0x4d200x3d200x1f00x100x3WA708
                                          .gotPROGBITS0x4f100x3f100xf00x80x3WA008
                                          .dataPROGBITS0x50000x40000x380x00x3WA0016
                                          .bssNOBITS0x50400x40380x178e80x00x3WA0032
                                          .commentPROGBITS0x00x40380x2b0x10x30MS001
                                          .symtabSYMTAB0x00x40680x6f00x180x029228
                                          .strtabSTRTAB0x00x47580x4110x00x0001
                                          .shstrtabSTRTAB0x00x4b690x11a0x00x0001

                                          Program Segments

                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                          PHDR0x400x400x400x2d80x2d81.66060x4R 0x8
                                          INTERP0x3180x3180x3180x1c0x1c3.94080x4R 0x1/lib64/ld-linux-x86-64.so.2.interp
                                          LOAD0x00x00x00xb780xb782.58930x4R 0x1000.interp .note.gnu.property .note.gnu.build-id .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt
                                          LOAD0x10000x10000x10000x10990x10995.72410x5R E0x1000.init .plt .plt.got .plt.sec .text .fini
                                          LOAD0x30000x30000x30000x3700x3705.26710x4R 0x1000.rodata .eh_frame_hdr .eh_frame
                                          LOAD0x3d100x4d100x4d100x3280x17c181.80040x6RW 0x1000.init_array .fini_array .dynamic .got .data .bss
                                          DYNAMIC0x3d200x4d200x4d200x1f00x1f01.46500x6RW 0x8.dynamic
                                          NOTE0x3380x3380x3380x300x301.93450x4R 0x8.note.gnu.property
                                          NOTE0x3680x3680x3680x440x443.19800x4R 0x4.note.gnu.build-id .note.ABI-tag
                                          GNU_PROPERTY0x3380x3380x3380x300x301.93450x4R 0x8.note.gnu.property
                                          GNU_EH_FRAME0x31440x31440x31440x740x743.74170x4R 0x4.eh_frame_hdr
                                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x10
                                          GNU_RELRO0x3d100x4d100x4d100x2f00x2f01.56760x4R 0x1.init_array .fini_array .dynamic .got

                                          Dynamic Tags

                                          TypeMetaValueTag
                                          DT_NEEDEDsharedliblibc.so.60x1
                                          DT_INITvalue0x10000xc
                                          DT_FINIvalue0x208c0xd
                                          DT_INIT_ARRAYvalue0x4d100x19
                                          DT_INIT_ARRAYSZbytes80x1b
                                          DT_FINI_ARRAYvalue0x4d180x1a
                                          DT_FINI_ARRAYSZbytes80x1c
                                          DT_GNU_HASHvalue0x3b00x6ffffef5
                                          DT_STRTABvalue0x6b00x5
                                          DT_SYMTABvalue0x3e00x6
                                          DT_STRSZbytes3310xa
                                          DT_SYMENTbytes240xb
                                          DT_DEBUGvalue0x00x15
                                          DT_PLTGOTvalue0x4f100x3
                                          DT_PLTRELSZbytes5280x2
                                          DT_PLTRELpltrelDT_RELA0x14
                                          DT_JMPRELvalue0x9680x17
                                          DT_RELAvalue0x8780x7
                                          DT_RELASZbytes2400x8
                                          DT_RELAENTbytes240x9
                                          DT_FLAGSvalue0x80x1e
                                          DT_FLAGS_1value0x80000010x6ffffffb
                                          DT_VERNEEDvalue0x8380x6ffffffe
                                          DT_VERNEEDNUMvalue10x6fffffff
                                          DT_VERSYMvalue0x7fc0x6ffffff0
                                          DT_RELACOUNTvalue30x6ffffff9
                                          DT_NULLvalue0x00x0

                                          Symbols

                                          NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                          .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          _ITM_deregisterTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          _ITM_registerTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          __cxa_finalizeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          __gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          __libc_start_mainGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          __stack_chk_failGLIBC_2.4libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          atoiGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          closeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          exitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          fcloseGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          fgetsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          fopenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          fprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          fwriteGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          htonlGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          htonsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          inet_addrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          memsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          pthread_createGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          pthread_exitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          pthread_joinGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          sendtoGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          setsockoptGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          socketGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          stderrGLIBC_2.2.5libc.so.6.dynsym0x50608OBJECT<unknown>DEFAULT26
                                          stdoutGLIBC_2.2.5libc.so.6.dynsym0x50408OBJECT<unknown>DEFAULT26
                                          strcspnGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          strdupGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          timeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          GLIBC_2.34libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                          QGLIBC_2.2.5libc.so.6.symtab0x1892016384OBJECT<unknown>DEFAULT26
                                          Scrt1.oGLIBC_2.34libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                          _DYNAMICGLIBC_2.2.5libc.so.6.symtab0x4d200OBJECT<unknown>DEFAULT23
                                          _GLOBAL_OFFSET_TABLE_GLIBC_2.2.5libc.so.6.symtab0x4f100OBJECT<unknown>DEFAULT24
                                          _IO_stdin_used.symtab0x30004OBJECT<unknown>DEFAULT18
                                          _ITM_deregisterTMCloneTable.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          _ITM_registerTMCloneTable.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          __FRAME_END__GLIBC_2.2.5libc.so.6.symtab0x336c0OBJECT<unknown>DEFAULT20
                                          __GNU_EH_FRAME_HDRGLIBC_2.2.5libc.so.6.symtab0x31440NOTYPE<unknown>DEFAULT19
                                          __TMC_END__.symtab0x50380OBJECT<unknown>HIDDEN25
                                          __abi_tag.symtab0x38c32OBJECT<unknown>DEFAULT4
                                          __bss_start.symtab0x50380NOTYPE<unknown>DEFAULT26
                                          __cxa_finalize@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          __data_start.symtab0x50000NOTYPE<unknown>DEFAULT25
                                          __do_global_dtors_auxGLIBC_2.2.5libc.so.6.symtab0x13a00FUNC<unknown>DEFAULT16
                                          __do_global_dtors_aux_fini_array_entryGLIBC_2.2.5libc.so.6.symtab0x4d180OBJECT<unknown>DEFAULT22
                                          __dso_handle.symtab0x50080OBJECT<unknown>HIDDEN25
                                          __frame_dummy_init_array_entryGLIBC_2.2.5libc.so.6.symtab0x4d100OBJECT<unknown>DEFAULT21
                                          __gmon_start__.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                          __libc_start_main@GLIBC_2.34GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          __stack_chk_fail@GLIBC_2.4.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          _edataGLIBC_2.2.5libc.so.6.symtab0x50380NOTYPE<unknown>DEFAULT25
                                          _end.symtab0x1c9280NOTYPE<unknown>DEFAULT26
                                          _fini.symtab0x208c0FUNC<unknown>HIDDEN17
                                          _init.symtab0x10000FUNC<unknown>HIDDEN12
                                          _start.symtab0x130038FUNC<unknown>DEFAULT16
                                          atoi@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          available_ports.symtab0x502020OBJECT<unknown>DEFAULT25
                                          cGLIBC_2.2.5libc.so.6.symtab0x50104OBJECT<unknown>DEFAULT25
                                          close@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          completed.0GLIBC_2.2.5libc.so.6.symtab0x50681OBJECT<unknown>DEFAULT26
                                          crtstuff.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                          crtstuff.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                          csumGLIBC_2.2.5libc.so.6.symtab0x155c102FUNC<unknown>DEFAULT16
                                          data_startGLIBC_2.2.5libc.so.6.symtab0x50000NOTYPE<unknown>DEFAULT25
                                          deregister_tm_clonesGLIBC_2.2.5libc.so.6.symtab0x13300FUNC<unknown>DEFAULT16
                                          enhanced_randGLIBC_2.2.5libc.so.6.symtab0x16bb42FUNC<unknown>DEFAULT16
                                          exit@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          fclose@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          fgets@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          flood.symtab0x16e5875FUNC<unknown>DEFAULT16
                                          fopen@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          fprintf@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          frame_dummyGLIBC_2.2.5libc.so.6.symtab0x13e00FUNC<unknown>DEFAULT16
                                          fwrite@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          htonl@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          htons@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          i.1GLIBC_2.2.5libc.so.6.symtab0x50344OBJECT<unknown>DEFAULT25
                                          inet_addr@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          init_rand.symtab0x13e9165FUNC<unknown>DEFAULT16
                                          ip_count.symtab0x189004OBJECT<unknown>DEFAULT26
                                          ip_list.symtab0x508080000OBJECT<unknown>DEFAULT26
                                          last_random.0.symtab0x1c9204OBJECT<unknown>DEFAULT26
                                          load_ips.symtab0x1a50313FUNC<unknown>DEFAULT16
                                          main.symtab0x1b891282FUNC<unknown>DEFAULT16
                                          memset@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          pthread_create@GLIBC_2.34.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          pthread_exit@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          pthread_join@GLIBC_2.34.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          rand_cmwc.symtab0x148e206FUNC<unknown>DEFAULT16
                                          register_tm_clonesGLIBC_2.4libc.so.6.symtab0x13600FUNC<unknown>DEFAULT16
                                          sendto@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          setsockopt@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          setup_ip_header.symtab0x15c2123FUNC<unknown>DEFAULT16
                                          setup_udp_header.symtab0x163d126FUNC<unknown>DEFAULT16
                                          socket@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          stderr@GLIBC_2.2.5.symtab0x50608OBJECT<unknown>DEFAULT26
                                          stdout@GLIBC_2.2.5GLIBC_2.34libc.so.6.symtab0x50408OBJECT<unknown>DEFAULT26
                                          strcspn@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          strdup@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          time@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                                          udp.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 1, 2024 03:19:53.236702919 CET43928443192.168.2.2391.189.91.42
                                          Dec 1, 2024 03:20:09.474059105 CET4433925634.249.145.219192.168.2.23
                                          Dec 1, 2024 03:20:09.474309921 CET39256443192.168.2.2334.249.145.219
                                          Dec 1, 2024 03:20:09.594232082 CET4433925634.249.145.219192.168.2.23
                                          Dec 1, 2024 03:20:12.946007013 CET4251680192.168.2.23109.202.202.202
                                          Dec 1, 2024 03:20:14.993716002 CET43928443192.168.2.2391.189.91.42
                                          Dec 1, 2024 03:20:55.948247910 CET43928443192.168.2.2391.189.91.42

                                          System Behavior

                                          General

                                          Start time (UTC):02:19:50
                                          Start date (UTC):01/12/2024
                                          Path:/tmp/udp.elf
                                          Arguments:/tmp/udp.elf
                                          File size:21576 bytes
                                          MD5 hash:e69f86da2c209c5030a442a3f06036e2

                                          Chronological Activities


                                          General

                                          Start time (UTC):02:20:08
                                          Start date (UTC):01/12/2024
                                          Path:/usr/bin/dash
                                          Arguments:-
                                          File size:129816 bytes
                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                          Chronological Activities


                                          General

                                          Start time (UTC):02:20:08
                                          Start date (UTC):01/12/2024
                                          Path:/usr/bin/rm
                                          Arguments:rm -f /tmp/tmp.He5K7IV2y1 /tmp/tmp.URZoQsaV7E /tmp/tmp.A8VPLso2Bh
                                          File size:72056 bytes
                                          MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                          Chronological Activities


                                          General

                                          Start time (UTC):02:20:08
                                          Start date (UTC):01/12/2024
                                          Path:/usr/bin/dash
                                          Arguments:-
                                          File size:129816 bytes
                                          MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                          Chronological Activities


                                          General

                                          Start time (UTC):02:20:08
                                          Start date (UTC):01/12/2024
                                          Path:/usr/bin/rm
                                          Arguments:rm -f /tmp/tmp.He5K7IV2y1 /tmp/tmp.URZoQsaV7E /tmp/tmp.A8VPLso2Bh
                                          File size:72056 bytes
                                          MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                          Chronological Activities