Linux Analysis Report
nsharm7.elf

Overview

General Information

Sample name:	nsharm7.elf
Analysis ID:	1579332
MD5:	1a4375f6423f0c96f3d2377d1c157595
SHA1:	fec7b3bd66d1d4a88b7a22511962007f7b99e34b
SHA256:	4d315e63c562b354627d6b169e197d5cf108f318b446dac59c8edff283314e9d
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: nsharm7.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: nsharm7.elf	ReversingLabs: Detection: 36%
Source: nsharm7.elf	Virustotal: Detection: 31%			Perma Link

Networking

Sends malformed DNS queries

Source: global traffic	DNS traffic detected: malformed DNS query: shitrocket.dyn. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: hikvision.geek. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: catlovingfools.geek. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: catvision.dyn. [malformed]

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:34574 -> 86.107.100.19:12084
Source: global traffic	TCP traffic: 192.168.2.23:34788 -> 212.64.215.71:10004

Sample listens on a socket

Source: /tmp/nsharm7.elf (PID: 6250)

Socket: 127.0.0.1:1172

Jump to behavior

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 101.50.82.95
Source: unknown	TCP traffic detected without corresponding DNS query: 169.22.205.200
Source: unknown	TCP traffic detected without corresponding DNS query: 5.152.137.214
Source: unknown	TCP traffic detected without corresponding DNS query: 65.89.242.238
Source: unknown	TCP traffic detected without corresponding DNS query: 34.184.186.106
Source: unknown	TCP traffic detected without corresponding DNS query: 1.146.100.105
Source: unknown	TCP traffic detected without corresponding DNS query: 150.25.88.76
Source: unknown	TCP traffic detected without corresponding DNS query: 24.75.162.174
Source: unknown	TCP traffic detected without corresponding DNS query: 14.81.217.236
Source: unknown	TCP traffic detected without corresponding DNS query: 32.48.0.41
Source: unknown	TCP traffic detected without corresponding DNS query: 205.113.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 34.82.192.39
Source: unknown	TCP traffic detected without corresponding DNS query: 197.140.109.93
Source: unknown	TCP traffic detected without corresponding DNS query: 148.199.40.187
Source: unknown	TCP traffic detected without corresponding DNS query: 29.20.48.236
Source: unknown	TCP traffic detected without corresponding DNS query: 198.30.146.225
Source: unknown	TCP traffic detected without corresponding DNS query: 182.185.28.48
Source: unknown	TCP traffic detected without corresponding DNS query: 120.14.188.96
Source: unknown	TCP traffic detected without corresponding DNS query: 215.188.0.78
Source: unknown	TCP traffic detected without corresponding DNS query: 138.239.91.64
Source: unknown	TCP traffic detected without corresponding DNS query: 179.105.237.192
Source: unknown	TCP traffic detected without corresponding DNS query: 89.187.65.140
Source: unknown	TCP traffic detected without corresponding DNS query: 108.191.92.45
Source: unknown	TCP traffic detected without corresponding DNS query: 124.98.86.52
Source: unknown	TCP traffic detected without corresponding DNS query: 216.43.129.143
Source: unknown	TCP traffic detected without corresponding DNS query: 156.69.237.221
Source: unknown	TCP traffic detected without corresponding DNS query: 88.36.55.230
Source: unknown	TCP traffic detected without corresponding DNS query: 182.47.32.3
Source: unknown	TCP traffic detected without corresponding DNS query: 36.233.106.40
Source: unknown	TCP traffic detected without corresponding DNS query: 195.21.89.87
Source: unknown	TCP traffic detected without corresponding DNS query: 31.161.171.88
Source: unknown	TCP traffic detected without corresponding DNS query: 139.244.25.87
Source: unknown	TCP traffic detected without corresponding DNS query: 218.212.94.205
Source: unknown	TCP traffic detected without corresponding DNS query: 111.39.7.197
Source: unknown	TCP traffic detected without corresponding DNS query: 21.236.131.147
Source: unknown	TCP traffic detected without corresponding DNS query: 104.251.91.128
Source: unknown	TCP traffic detected without corresponding DNS query: 12.169.156.116
Source: unknown	TCP traffic detected without corresponding DNS query: 217.123.243.45
Source: unknown	TCP traffic detected without corresponding DNS query: 194.66.133.56
Source: unknown	TCP traffic detected without corresponding DNS query: 154.103.172.79
Source: unknown	TCP traffic detected without corresponding DNS query: 82.222.192.162
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.184.126
Source: unknown	TCP traffic detected without corresponding DNS query: 191.230.22.196
Source: unknown	TCP traffic detected without corresponding DNS query: 167.154.19.174
Source: unknown	TCP traffic detected without corresponding DNS query: 125.42.221.8
Source: unknown	TCP traffic detected without corresponding DNS query: 57.4.214.210
Source: unknown	TCP traffic detected without corresponding DNS query: 99.100.16.91
Source: unknown	TCP traffic detected without corresponding DNS query: 41.183.160.124
Source: unknown	TCP traffic detected without corresponding DNS query: 42.235.39.231

Source: global traffic	DNS traffic detected: DNS query: catlovingfools.geek
Source: global traffic	DNS traffic detected: DNS query: shitrocket.dyn. [malformed]
Source: global traffic	DNS traffic detected: DNS query: hikvision.geek. [malformed]
Source: global traffic	DNS traffic detected: DNS query: catlovingfools.geek. [malformed]
Source: global traffic	DNS traffic detected: DNS query: catvision.dyn. [malformed]

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal68.troj.linELF@0/0@6/0

Executes the "rm" command used to delete files or directories

Source: /usr/bin/dash (PID: 6222)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.K5KLlKIHcx /tmp/tmp.GpO1acuFux /tmp/tmp.zdKlLUAt0R			Jump to behavior
Source: /usr/bin/dash (PID: 6223)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.K5KLlKIHcx /tmp/tmp.GpO1acuFux /tmp/tmp.zdKlLUAt0R			Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/nsharm7.elf (PID: 6250)

Queries kernel information via 'uname':

Jump to behavior

Source: nsharm7.elf, 6250.1.00007ffcd2fb8000.00007ffcd2fd9000.rw-.sdmp, nsharm7.elf, 6252.1.00007ffcd2fb8000.00007ffcd2fd9000.rw-.sdmp, nsharm7.elf, 6306.1.00007ffcd2fb8000.00007ffcd2fd9000.rw-.sdmp	Binary or memory string: !x86_64/usr/bin/qemu-arm/tmp/nsharm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/nsharm7.elf
Source: nsharm7.elf, 6306.1.000056305bee4000.000056305c056000.rw-.sdmp	Binary or memory string: !/proc/78/exe1/proc/115/exe/arm/Q0A/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd!/proc/17/exe1/usr/bin/vmtoolsdrm/ro10!/proc/202/exe0!/proc/18/exe1/proc/249/exe/arm/ro10!/proc/201/exe0!/proc/20/exe1/usr/bin/dbus-run-session0!/proc/157/exe0!/proc/21/exe1/proc/250/exe/arm/ro10!/proc/144/exe0!/proc/22/exe1/proc/721/exe/arm/ro10!/proc/141/exe0!/proc/23/exe1/proc/251/exe/arm/ro10!/proc/132/exe0!/proc/24/exe1/proc/1476/exe/arm/ro10!/proc/130/exe0!/proc/25/exe1/proc/252/exe/arm/ro10!/proc/128/exe0!/proc/26/exe1/usr/bin/VGAuthServiceo10!/proc/127/exe0!/proc/27/exe1/proc/253/exe/arm/ro10!/proc/126/exe0!/proc/28/exe1/usr/libexec/gnome-session-binary!/proc/125/exe0!/proc/29/exe1/proc/254/exe/arm/ro10!/proc/124/exe0!/proc/30/exe1/usr/bin'
Source: nsharm7.elf, 6306.1.000056305bee4000.000056305c056000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: nsharm7.elf, 6250.1.000056305bee4000.000056305c056000.rw-.sdmp, nsharm7.elf, 6252.1.000056305bee4000.000056305c056000.rw-.sdmp, nsharm7.elf, 6306.1.000056305bee4000.000056305c056000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmtP
Source: nsharm7.elf, 6250.1.000056305bee4000.000056305c056000.rw-.sdmp, nsharm7.elf, 6252.1.000056305bee4000.000056305c056000.rw-.sdmp, nsharm7.elf, 6306.1.000056305bee4000.000056305c056000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmtP /proc/4444/exefce4/paneQ
Source: nsharm7.elf, 6250.1.000056305bee4000.000056305c056000.rw-.sdmp, nsharm7.elf, 6252.1.000056305bee4000.000056305c056000.rw-.sdmp, nsharm7.elf, 6306.1.000056305bee4000.000056305c056000.rw-.sdmp	Binary or memory string: [0V!/etc/qemu-binfmt/arm
Source: nsharm7.elf, 6250.1.000056305bee4000.000056305c056000.rw-.sdmp, nsharm7.elf, 6252.1.000056305bee4000.000056305c056000.rw-.sdmp, nsharm7.elf, 6306.1.000056305bee4000.000056305c056000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: nsharm7.elf, 6250.1.00007ffcd2fb8000.00007ffcd2fd9000.rw-.sdmp, nsharm7.elf, 6252.1.00007ffcd2fb8000.00007ffcd2fd9000.rw-.sdmp, nsharm7.elf, 6306.1.00007ffcd2fb8000.00007ffcd2fd9000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: nsharm7.elf, 6306.1.00007ffcd2fb8000.00007ffcd2fd9000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: nsharm7.elf, type: SAMPLE
Source: Yara match	File source: 6306.1.00007f2d6c017000.00007f2d6c02f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6250.1.00007f2d6c017000.00007f2d6c02f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6252.1.00007f2d6c017000.00007f2d6c02f000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: nsharm7.elf, type: SAMPLE
Source: Yara match	File source: 6306.1.00007f2d6c017000.00007f2d6c02f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6250.1.00007f2d6c017000.00007f2d6c02f000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6252.1.00007f2d6c017000.00007f2d6c02f000.r-x.sdmp, type: MEMORY

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
16.90.195.142	unknown	United States	unknown	unknown	false
182.183.254.102	unknown	Pakistan	45595	PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPK	false
191.186.71.145	unknown	Brazil	28573	CLAROSABR	false
187.82.196.51	unknown	Brazil	26615	TIMSABR	false
45.12.189.17	unknown	United Kingdom	35085	ACORSOFR	false
128.41.182.212	unknown	United Kingdom	55330	GCN-DCN-ASAFGHANTELECOMGOVERNMENTCOMMUNICATIONNETWORKA	false
50.137.231.233	unknown	United States	7922	COMCAST-7922US	false
194.155.226.13	unknown	United Kingdom	5503	RMIFLGB	false
71.251.6.45	unknown	United States	701	UUNETUS	false
199.212.31.192	unknown	Canada	19350	CENTENNIALCOLLEGECA	false
16.197.86.88	unknown	United States	unknown	unknown	false
139.59.86.249	unknown	Singapore	14061	DIGITALOCEAN-ASNUS	false
48.69.103.126	unknown	United States	2686	ATGS-MMD-ASUS	false
179.18.249.94	unknown	Colombia	22698	AVANTELSASCO	false
145.57.55.241	unknown	Netherlands	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
184.175.52.7	unknown	Canada	5645	TEKSAVVYCA	false
117.20.6.90	unknown	Australia	45671	AS45671-NET-AUWholesaleServicesProviderAU	false
1.128.184.69	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
2.196.140.215	unknown	Italy	16232	ASN-TIMServiceProviderIT	false
117.70.100.235	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
74.85.134.238	unknown	United States	13649	ASN-VINSUS	false
134.197.7.71	unknown	United States	3851	NSHE-NEVADANETUS	false
33.31.167.54	unknown	United States	2686	ATGS-MMD-ASUS	false
205.137.217.139	unknown	United States	7046	RFC2270-UUNET-CUSTOMERUS	false
142.130.161.78	unknown	Canada	13576	SDNW-13576US	false
43.231.49.241	unknown	India	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
124.182.10.235	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
126.82.127.45	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
57.164.147.88	unknown	Belgium	2686	ATGS-MMD-ASUS	false
158.236.205.16	unknown	United States	1540	DNIC-ASBLK-01534-01546US	false
4.21.66.172	unknown	United States	3356	LEVEL3US	false
91.184.212.204	unknown	Cyprus	35432	CABLENET-ASCY	false
60.181.24.12	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
55.113.177.77	unknown	United States	361	DNIC-ASBLK-00306-00371US	false
92.237.207.39	unknown	United Kingdom	5089	NTLGB	false
134.45.209.241	unknown	United States	395226	SACRAMENTO-COEUS	false
82.156.253.85	unknown	China	12513	ECLIPSEGB	false
11.70.172.46	unknown	United States	3356	LEVEL3US	false
67.31.147.195	unknown	United States	202818	LEVEL3COMMUNICATIONSFR	false
46.114.130.216	unknown	Germany	6805	TDDE-ASN1DE	false
158.192.147.71	unknown	France	9159	CreditAgricoleFR	false
176.38.45.4	unknown	Ukraine	39608	LANETUA-ASUA	false
141.32.67.223	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
88.9.29.170	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
28.18.33.139	unknown	United States	7922	COMCAST-7922US	false
190.37.34.103	unknown	Venezuela	8048	CANTVServiciosVenezuelaVE	false
116.252.33.102	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
96.214.8.57	unknown	United States	7922	COMCAST-7922US	false
73.107.75.251	unknown	United States	7922	COMCAST-7922US	false
57.188.219.213	unknown	Belgium	205080	SITA-CORPORATEBE	false
5.240.142.100	unknown	Sweden	1257	TELE2EU	false
217.186.25.18	unknown	Germany	6805	TDDE-ASN1DE	false
11.19.226.42	unknown	United States	3356	LEVEL3US	false
90.60.27.37	unknown	France	3215	FranceTelecom-OrangeFR	false
146.132.148.32	unknown	United States	10695	WAL-MARTUS	false
70.157.209.202	unknown	United States	6389	BELLSOUTH-NET-BLKUS	false
107.116.47.49	unknown	United States	7018	ATT-INTERNET4US	false
63.236.101.74	unknown	United States	21622	PR-NEWSWIRE-USA-1US	false
161.28.193.210	unknown	United States	210	WEST-NET-WESTUS	false
166.17.92.113	unknown	United States	206	CSC-IGN-AMERUS	false
182.235.150.191	unknown	Taiwan; Republic of China (ROC)	9416	MULTIMEDIA-AS-APHoshinMultimediaCenterIncTW	false
136.224.167.219	unknown	United States	22174	NET-SUC-TECH-ALFUS	false
138.7.41.145	unknown	Australia	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
59.79.11.111	unknown	China	24364	CNGI-SH-IX-AS-APCERNET2IXatShanghaiJiaotongUniversity	false
182.247.147.189	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
170.232.210.56	unknown	United States	11685	HNBCOL-ASUS	false
168.157.210.225	unknown	United States	10430	WA-K20US	false
89.3.246.24	unknown	France	20776	OUTREMER-ASFR	false
130.127.133.219	unknown	United States	12148	CLEMSONUUS	false
181.167.201.61	unknown	Argentina	10318	TelecomArgentinaSAAR	false
196.74.188.240	unknown	Morocco	36903	MT-MPLSMA	false
146.87.127.7	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
18.163.241.112	unknown	United States	16509	AMAZON-02US	false
7.38.47.116	unknown	United States	3356	LEVEL3US	false
123.132.173.4	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
148.243.205.109	unknown	Mexico	6503	AxtelSABdeCVMX	false
195.20.14.9	unknown	France	43424	MAGICRETAILFR	false
164.183.197.64	unknown	United States	37717	EL-KhawarizmiTN	false
7.238.100.171	unknown	United States	3356	LEVEL3US	false
182.84.98.221	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
214.68.131.128	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
144.20.235.236	unknown	Sweden	58541	CHINATELECOM-SHANDONG-QINGDAO-IDCQingdao266000CN	false
139.177.229.101	unknown	United States	8968	BT-ITALIAIT	false
90.18.247.102	unknown	France	3215	FranceTelecom-OrangeFR	false
88.59.203.16	unknown	Italy	3269	ASN-IBSNAZIT	false
102.165.19.216	unknown	South Africa	61317	ASDETUKhttpwwwheficedcomGB	false
199.133.151.76	unknown	United States	4152	USDA-1US	false
60.175.129.171	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
215.251.206.71	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
20.234.181.170	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
87.179.206.72	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
81.255.86.109	unknown	France	3215	FranceTelecom-OrangeFR	false
1.253.60.59	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
161.37.102.61	unknown	Spain	158	ERI-ASUS	false
195.143.61.96	unknown	United Kingdom	8928	INTEROUTE25CanadaSquareCanaryWharf31stFloorGB	false
96.1.63.87	unknown	Canada	852	ASN852CA	false
219.31.171.166	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
92.191.124.64	unknown	France	12479	UNI2-ASES	false
124.137.231.92	unknown	Korea Republic of	18302	SKG_NW-AS-KRSKTelecomKR	false
140.23.194.121	unknown	United States	23700	FASTNET-AS-IDLinknet-FastnetASNID	false

Contacted Domains

Name	IP	Active
catlovingfools.geek	37.49.226.109	true
catlovingfools.geek. [malformed]	unknown	unknown
shitrocket.dyn. [malformed]	unknown	unknown
hikvision.geek. [malformed]	unknown	unknown
catvision.dyn. [malformed]	unknown	unknown

ID:	1579332
Product:	CloudBasic
Start time:	18:41:03
Start date:	21.12.2024
Sample:	nsharm7.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	1a4375f6423f0c96f3d2377d1c157595
SHA1:	fec7b3bd66d1d4a88b7a22511962007f7b99e34b
SHA256:	4d315e63c562b354627d6b169e197d5cf108f318b446dac59c8edff283314e9d
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
nsharm7.elf

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report nsharm7.elf

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
nsharm7.elf

Malware Threat Intel
Provided by