Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
own.elf

Overview

General Information

Sample name:own.elf
Analysis ID:1565969
MD5:7a2503b10e533f29f7cd518b84c5b2ab
SHA1:b9ccb7f419df5c1d55b1a2b033ccfa0d85522b81
SHA256:f3bc4114fcad5ec02fc21cb4ab5e788cfdd3d7daa2c79801b6472af331b47487
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Sample and/or dropped files contains symbols with suspicious names
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1565969
Start date and time:2024-12-01 03:36:48 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 29s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:own.elf
Detection:MAL
Classification:mal60.linELF@0/0@2/0
Cookbook Comments:
  • Analysis time extended to 480s due to sleep detection in submitted sample

Warnings

  • Max analysis timeout: 600s exceeded, the analysis took too long

Runtime Messages

Command:/tmp/own.elf
PID:5569
Exit Code:255
Exit Code Info:
Killed:False
Standard Output:
/tmp/own.elf host port listfile threads limit[-1 for none] time
Standard Error:

Process Tree

  • system is lnxubuntu20
  • own.elf (PID: 5569, Parent: 5489, MD5: 7a2503b10e533f29f7cd518b84c5b2ab) Arguments: /tmp/own.elf
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
own.elfLinux_Hacktool_Flooder_a2795a4cunknownunknown
  • 0x102e:$a: 48 8B 45 D8 66 89 50 04 48 8B 45 D8 0F B7 40 02 66 D1 E8 0F
own.elfLinux_Hacktool_Flooder_4bcea1c4unknownunknown
  • 0x1224:$a: 50 FF 48 8B 45 C0 48 01 D0 0F B6 00 3C 0A 74 22 48 8B 45 C0 48

Memory Dumps

SourceRuleDescriptionAuthorStrings
5569.1.0000000000400000.0000000000402000.r-x.sdmpLinux_Hacktool_Flooder_a2795a4cunknownunknown
  • 0x102e:$a: 48 8B 45 D8 66 89 50 04 48 8B 45 D8 0F B7 40 02 66 D1 E8 0F
5569.1.0000000000400000.0000000000402000.r-x.sdmpLinux_Hacktool_Flooder_4bcea1c4unknownunknown
  • 0x1224:$a: 50 FF 48 8B 45 C0 48 01 D0 0F B6 00 3C 0A 74 22 48 8B 45 C0 48

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: own.elfVirustotal: Detection: 40%Perma Link
Machine Learning detection for sample
Source: own.elfJoe Sandbox ML: detected
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: own.elf, type: SAMPLEMatched rule: Linux_Hacktool_Flooder_a2795a4c Author: unknown
Source: own.elf, type: SAMPLEMatched rule: Linux_Hacktool_Flooder_4bcea1c4 Author: unknown
Source: 5569.1.0000000000400000.0000000000402000.r-x.sdmp, type: MEMORYMatched rule: Linux_Hacktool_Flooder_a2795a4c Author: unknown
Source: 5569.1.0000000000400000.0000000000402000.r-x.sdmp, type: MEMORYMatched rule: Linux_Hacktool_Flooder_4bcea1c4 Author: unknown
Source: own.elfELF static info symbol of initial sample: PAYLOAD
Source: own.elfELF static info symbol of initial sample: PAYLOADSIZE
Source: own.elf, type: SAMPLEMatched rule: Linux_Hacktool_Flooder_a2795a4c reference_sample = 9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = 7c8bf248b159f3a140f10cd40d182fa84f334555b92306e6f44e746711b184cc, id = a2795a4c-16c0-4237-a014-3570d1edb287, last_modified = 2021-09-16
Source: own.elf, type: SAMPLEMatched rule: Linux_Hacktool_Flooder_4bcea1c4 reference_sample = 9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = e859966e8281e024c82dedd5bd237ab53af28a0cb21d24daa456e5cd1186c352, id = 4bcea1c4-de08-4526-8d31-89c5512f07af, last_modified = 2021-09-16
Source: 5569.1.0000000000400000.0000000000402000.r-x.sdmp, type: MEMORYMatched rule: Linux_Hacktool_Flooder_a2795a4c reference_sample = 9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = 7c8bf248b159f3a140f10cd40d182fa84f334555b92306e6f44e746711b184cc, id = a2795a4c-16c0-4237-a014-3570d1edb287, last_modified = 2021-09-16
Source: 5569.1.0000000000400000.0000000000402000.r-x.sdmp, type: MEMORYMatched rule: Linux_Hacktool_Flooder_4bcea1c4 reference_sample = 9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Hacktool.Flooder, fingerprint = e859966e8281e024c82dedd5bd237ab53af28a0cb21d24daa456e5cd1186c352, id = 4bcea1c4-de08-4526-8d31-89c5512f07af, last_modified = 2021-09-16
Source: classification engineClassification label: mal60.linELF@0/0@2/0
Source: ELF symbol in initial sampleSymbol name: usleep

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
own.elf40%VirustotalBrowse
own.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.25
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    daisy.ubuntu.comla.bot.arm7.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.25
    botnet.arm7.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    botnet.ppc.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    arm.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.24
    waternetworkdns.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    mpsl.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.25
    ovh.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    botnet.arm.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    botnet.arm6.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=d9e4d752fc0c8bb8e8ec8002423c2cedd1e28904, not stripped
    Entropy (8bit):4.088013508384626
    TrID:
    • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
    • ELF Executable and Linkable format (generic) (4004/1) 49.46%
    • Lumena CEL bitmap (63/63) 0.78%
    File name:own.elf
    File size:14'144 bytes
    MD5:7a2503b10e533f29f7cd518b84c5b2ab
    SHA1:b9ccb7f419df5c1d55b1a2b033ccfa0d85522b81
    SHA256:f3bc4114fcad5ec02fc21cb4ab5e788cfdd3d7daa2c79801b6472af331b47487
    SHA512:d3a722ab17813c74f2073a83105ac9c05d733e083f9688a3172a285dd6b6ec48651adc630a3a00353eb62223d7da8cb7dd529849404e7c2aad991996a2a87202
    SSDEEP:192:GnXFNF7ifaOpTPq8n5V1HF/F/ulFC97HDySps:oVNFOigPqkXNF1ufI7R
    TLSH:C152A417E7A2CD3FC4C1523429878670B2F3D8709B31A327260565B66ED2BC85F6E6D2
    File Content Preview:.ELF..............>.......@.....@......../..........@.8...@.............@.......@.@.....@.@.....................................8.......8.@.....8.@...............................................@.......@....................... .......................`....

    Static ELF Info

    ELF header

    Class:ELF64
    Data:2's complement, little endian
    Version:1 (current)
    Machine:Advanced Micro Devices X86-64
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x400ad0
    Flags:0x0
    ELF Header Size:64
    Program Header Offset:64
    Program Header Size:56
    Number of Program Headers:9
    Section Header Offset:12224
    Section Header Size:64
    Number of Section Headers:30
    Header String Table Index:29

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .interpPROGBITS0x4002380x2380x1c0x00x2A001
    .note.ABI-tagNOTE0x4002540x2540x200x00x2A004
    .note.gnu.build-idNOTE0x4002740x2740x240x00x2A004
    .gnu.hashGNU_HASH0x4002980x2980x280x00x2A508
    .dynsymDYNSYM0x4002c00x2c00x2700x180x2A618
    .dynstrSTRTAB0x4005300x5300x1020x00x2A001
    .gnu.versionVERSYM0x4006320x6320x340x20x2A502
    .gnu.version_rVERNEED0x4006680x6680x500x00x2A628
    .rela.dynRELA0x4006b80x6b80x480x180x2A508
    .rela.pltRELA0x4007000x7000x2280x180x42AI5238
    .initPROGBITS0x4009280x9280x1a0x00x6AX004
    .pltPROGBITS0x4009500x9500x1800x100x6AX0016
    .textPROGBITS0x400ad00xad00xbe20x00x6AX0016
    .finiPROGBITS0x4016b40x16b40x90x00x6AX004
    .rodataPROGBITS0x4016c00x16c00xf20x00x2A0032
    .eh_frame_hdrPROGBITS0x4017b40x17b40x640x00x2A004
    .eh_framePROGBITS0x4018180x18180x1c40x00x2A008
    .init_arrayINIT_ARRAY0x601df00x1df00x80x80x3WA008
    .fini_arrayFINI_ARRAY0x601df80x1df80x80x80x3WA008
    .jcrPROGBITS0x601e000x1e000x80x00x3WA008
    .dynamicDYNAMIC0x601e080x1e080x1f00x100x3WA608
    .gotPROGBITS0x601ff80x1ff80x80x80x3WA008
    .got.pltPROGBITS0x6020000x20000xd00x80x3WA008
    .dataPROGBITS0x6020d00x20d00x180x00x3WA004
    .bssNOBITS0x6021000x20e80x40380x00x3WA0032
    .commentPROGBITS0x00x20e80x2d0x10x30MS001
    .symtabSYMTAB0x00x21180x9900x180x028528
    .strtabSTRTAB0x00x2aa80x40b0x00x0001
    .shstrtabSTRTAB0x00x2eb30x1080x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    PHDR0x400x4000400x4000400x1f80x1f81.84880x5R E0x8
    INTERP0x2380x4002380x4002380x1c0x1c3.94080x4R 0x1/lib64/ld-linux-x86-64.so.2.interp
    LOAD0x00x4000000x4000000x19dc0x19dc5.11100x5R E0x200000.interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
    LOAD0x1df00x601df00x601df00x2f80x43481.89960x6RW 0x200000.init_array .fini_array .jcr .dynamic .got .got.plt .data .bss
    DYNAMIC0x1e080x601e080x601e080x1f00x1f01.49590x6RW 0x8.dynamic
    NOTE0x2540x4002540x4002540x440x443.45190x4R 0x4.note.ABI-tag .note.gnu.build-id
    GNU_EH_FRAME0x17b40x4017b40x4017b40x640x643.75870x4R 0x4.eh_frame_hdr
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x10
    GNU_RELRO0x1df00x601df00x601df00x2100x2101.50970x4R 0x1.init_array .fini_array .jcr .dynamic .got

    Dynamic Tags

    TypeMetaValueTag
    DT_NEEDEDsharedliblibm.so.60x1
    DT_NEEDEDsharedliblibpthread.so.00x1
    DT_NEEDEDsharedliblibc.so.60x1
    DT_INITvalue0x4009280xc
    DT_FINIvalue0x4016b40xd
    DT_INIT_ARRAYvalue0x601df00x19
    DT_INIT_ARRAYSZbytes80x1b
    DT_FINI_ARRAYvalue0x601df80x1a
    DT_FINI_ARRAYSZbytes80x1c
    DT_GNU_HASHvalue0x4002980x6ffffef5
    DT_STRTABvalue0x4005300x5
    DT_SYMTABvalue0x4002c00x6
    DT_STRSZbytes2580xa
    DT_SYMENTbytes240xb
    DT_DEBUGvalue0x00x15
    DT_PLTGOTvalue0x6020000x3
    DT_PLTRELSZbytes5520x2
    DT_PLTRELpltrelDT_RELA0x14
    DT_JMPRELvalue0x4007000x17
    DT_RELAvalue0x4006b80x7
    DT_RELASZbytes720x8
    DT_RELAENTbytes240x9
    DT_VERNEEDvalue0x4006680x6ffffffe
    DT_VERNEEDNUMvalue20x6fffffff
    DT_VERSYMvalue0x4006320x6ffffff0
    DT_NULLvalue0x00x0

    Symbols

    NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
    .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __libc_start_mainGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    atoiGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    bzeroGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    exitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fgetsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fopenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fwriteGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htonlGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htonsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_addrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    mallocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memcpyGLIBC_2.14libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_createGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sendtoGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsockoptGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    socketGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    srandGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    stderrGLIBC_2.2.5libc.so.6.dynsym0x6021088OBJECT<unknown>DEFAULT25
    stdoutGLIBC_2.2.5libc.so.6.dynsym0x6021008OBJECT<unknown>DEFAULT25
    strlenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    timeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    usleepGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    GLIBC_2.2.5libpthread.so.0.symtab0x4002380SECTION<unknown>DEFAULT1
    GLIBC_2.2.5libc.so.6.symtab0x4002540SECTION<unknown>DEFAULT2
    GLIBC_2.2.5libc.so.6.symtab0x4002740SECTION<unknown>DEFAULT3
    GLIBC_2.2.5libc.so.6.symtab0x4002980SECTION<unknown>DEFAULT4
    GLIBC_2.2.5libc.so.6.symtab0x4002c00SECTION<unknown>DEFAULT5
    GLIBC_2.2.5libc.so.6.symtab0x4005300SECTION<unknown>DEFAULT6
    GLIBC_2.2.5libpthread.so.0.symtab0x4006320SECTION<unknown>DEFAULT7
    GLIBC_2.2.5libc.so.6.symtab0x4006680SECTION<unknown>DEFAULT8
    GLIBC_2.2.5libc.so.6.symtab0x4006b80SECTION<unknown>DEFAULT9
    GLIBC_2.2.5libc.so.6.symtab0x4007000SECTION<unknown>DEFAULT10
    GLIBC_2.2.5libc.so.6.symtab0x4009280SECTION<unknown>DEFAULT11
    GLIBC_2.2.5libc.so.6.symtab0x4009500SECTION<unknown>DEFAULT12
    .symtab0x400ad00SECTION<unknown>DEFAULT13
    GLIBC_2.14libc.so.6.symtab0x4016b40SECTION<unknown>DEFAULT14
    GLIBC_2.2.5libc.so.6.symtab0x4016c00SECTION<unknown>DEFAULT15
    GLIBC_2.2.5libc.so.6.symtab0x4017b40SECTION<unknown>DEFAULT16
    GLIBC_2.2.5libc.so.6.symtab0x4018180SECTION<unknown>DEFAULT17
    GLIBC_2.2.5libc.so.6.symtab0x601df00SECTION<unknown>DEFAULT18
    GLIBC_2.2.5libc.so.6.symtab0x601df80SECTION<unknown>DEFAULT19
    GLIBC_2.2.5libc.so.6.symtab0x601e000SECTION<unknown>DEFAULT20
    GLIBC_2.2.5libc.so.6.symtab0x601e080SECTION<unknown>DEFAULT21
    GLIBC_2.2.5libc.so.6.symtab0x601ff80SECTION<unknown>DEFAULT22
    GLIBC_2.2.5libc.so.6.symtab0x6020000SECTION<unknown>DEFAULT23
    GLIBC_2.2.5libc.so.6.symtab0x6020d00SECTION<unknown>DEFAULT24
    GLIBC_2.2.5libc.so.6.symtab0x6021000SECTION<unknown>DEFAULT25
    .symtab0x00SECTION<unknown>DEFAULT26
    .symtab0x00FILE<unknown>DEFAULTSHN_ABS
    DPORT.symtab0x6020d44OBJECT<unknown>DEFAULT24
    PAYLOAD.symtab0x4016e032OBJECT<unknown>DEFAULT15
    PAYLOADSIZE.symtab0x6020dc4OBJECT<unknown>DEFAULT24
    Q.symtab0x60212016384OBJECT<unknown>DEFAULT25
    _DYNAMIC.symtab0x601e080OBJECT<unknown>DEFAULT21
    _GLOBAL_OFFSET_TABLE_.symtab0x6020000OBJECT<unknown>DEFAULT23
    _IO_stdin_used.symtab0x4016c04OBJECT<unknown>DEFAULT15
    __FRAME_END__.symtab0x4019d80OBJECT<unknown>DEFAULT17
    __GNU_EH_FRAME_HDR.symtab0x4017b40NOTYPE<unknown>DEFAULT16
    __JCR_END__.symtab0x601e000OBJECT<unknown>DEFAULT20
    __JCR_LIST__.symtab0x601e000OBJECT<unknown>DEFAULT20
    __TMC_END__.symtab0x6020e80OBJECT<unknown>HIDDEN24
    __bss_start.symtab0x6020e80NOTYPE<unknown>DEFAULT25
    __data_start.symtab0x6020d00NOTYPE<unknown>DEFAULT24
    __do_global_dtors_aux.symtab0x400b700FUNC<unknown>DEFAULT13
    __do_global_dtors_aux_fini_array_entry.symtab0x601df80OBJECT<unknown>DEFAULT19
    __dso_handle.symtab0x4016c80OBJECT<unknown>HIDDEN15
    __frame_dummy_init_array_entry.symtab0x601df00OBJECT<unknown>DEFAULT18
    __gmon_start__.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __init_array_end.symtab0x601df80NOTYPE<unknown>DEFAULT18
    __init_array_start.symtab0x601df00NOTYPE<unknown>DEFAULT18
    __libc_csu_fini.symtab0x4016b02FUNC<unknown>DEFAULT13
    __libc_csu_init.symtab0x401640101FUNC<unknown>DEFAULT13
    __libc_start_main@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    _edata.symtab0x6020e80NOTYPE<unknown>DEFAULT24
    _end.symtab0x6061380NOTYPE<unknown>DEFAULT25
    _fini.symtab0x4016b40FUNC<unknown>DEFAULT14
    _init.symtab0x4009280FUNC<unknown>DEFAULT11
    _start.symtab0x400ad00FUNC<unknown>DEFAULT13
    atoi@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    bzero@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    c.symtab0x6020d84OBJECT<unknown>DEFAULT24
    completed.6355.symtab0x6021101OBJECT<unknown>DEFAULT25
    crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    csum.symtab0x400ce798FUNC<unknown>DEFAULT13
    data_start.symtab0x6020d00NOTYPE<unknown>DEFAULT24
    deregister_tm_clones.symtab0x400b000FUNC<unknown>DEFAULT13
    exit@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fgets@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    flood.symtab0x400e53619FUNC<unknown>DEFAULT13
    fopen@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fprintf@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    frame_dummy.symtab0x400b900FUNC<unknown>DEFAULT13
    fwrite@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    head.symtab0x6061308OBJECT<unknown>DEFAULT25
    htonl@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htons@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    i.4399.symtab0x6020e44OBJECT<unknown>DEFAULT24
    inet_addr@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    init_rand.symtab0x400bbd124FUNC<unknown>DEFAULT13
    limiter.symtab0x6061204OBJECT<unknown>DEFAULT25
    main.symtab0x4010be1405FUNC<unknown>DEFAULT13
    malloc@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memcpy@@GLIBC_2.14.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memset@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    own.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    pps.symtab0x6061284OBJECT<unknown>DEFAULT25
    pthread_create@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rand_cmwc.symtab0x400c39174FUNC<unknown>DEFAULT13
    register_tm_clones.symtab0x400b300FUNC<unknown>DEFAULT13
    sendto@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsockopt@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setup_ip_header.symtab0x400d49142FUNC<unknown>DEFAULT13
    setup_udp_header.symtab0x400dd7124FUNC<unknown>DEFAULT13
    sleeptime.symtab0x6020e04OBJECT<unknown>DEFAULT24
    socket@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    srand@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    stderr@@GLIBC_2.2.5.symtab0x6021088OBJECT<unknown>DEFAULT25
    stdout@@GLIBC_2.2.5.symtab0x6021008OBJECT<unknown>DEFAULT25
    strlen@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    tehport.symtab0x6061244OBJECT<unknown>DEFAULT25
    time@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    usleep@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Dec 1, 2024 03:40:33.878197908 CET4515653192.168.2.148.8.8.8
    Dec 1, 2024 03:40:33.998058081 CET53451568.8.8.8192.168.2.14
    Dec 1, 2024 03:40:33.998121977 CET4515653192.168.2.148.8.8.8
    Dec 1, 2024 03:40:33.998159885 CET4515653192.168.2.148.8.8.8
    Dec 1, 2024 03:40:33.998193026 CET4515653192.168.2.148.8.8.8
    Dec 1, 2024 03:40:34.118011951 CET53451568.8.8.8192.168.2.14
    Dec 1, 2024 03:40:34.118030071 CET53451568.8.8.8192.168.2.14
    Dec 1, 2024 03:40:35.128094912 CET53451568.8.8.8192.168.2.14
    Dec 1, 2024 03:40:35.128501892 CET4515653192.168.2.148.8.8.8
    Dec 1, 2024 03:40:35.370071888 CET53451568.8.8.8192.168.2.14
    Dec 1, 2024 03:40:35.370163918 CET4515653192.168.2.148.8.8.8
    Dec 1, 2024 03:40:37.128374100 CET53451568.8.8.8192.168.2.14
    Dec 1, 2024 03:40:37.128562927 CET4515653192.168.2.148.8.8.8
    Dec 1, 2024 03:40:37.248434067 CET53451568.8.8.8192.168.2.14

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Dec 1, 2024 03:40:33.998159885 CET192.168.2.148.8.8.80x34Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
    Dec 1, 2024 03:40:33.998193026 CET192.168.2.148.8.8.80x9fc0Standard query (0)daisy.ubuntu.com28IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Dec 1, 2024 03:40:35.128094912 CET8.8.8.8192.168.2.140x34No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
    Dec 1, 2024 03:40:35.128094912 CET8.8.8.8192.168.2.140x34No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):02:37:48
    Start date (UTC):01/12/2024
    Path:/tmp/own.elf
    Arguments:/tmp/own.elf
    File size:14144 bytes
    MD5 hash:7a2503b10e533f29f7cd518b84c5b2ab

    Chronological Activities