Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
i686.elf

Overview

General Information

Sample name:i686.elf
Analysis ID:1589168
MD5:8719f0c58fc7e9c2c771bf88d95fcc96
SHA1:7b19c94b22a943676bc543b8f30a750c1d33c3dd
SHA256:15dd328e94ceededfb2300481116bb4269b9f0361ea6e474a6c8fe76bab2d15d
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false

Signatures

Contains symbols with names commonly found in malware
Machine Learning detection for sample
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Sample contains strings that are user agent strings indicative of HTTP manipulation

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1589168
Start date and time:2025-01-11 14:38:42 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 37s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:i686.elf
Detection:MAL
Classification:mal48.linELF@0/0@2/0
Cookbook Comments:
  • Analysis time extended to 480s due to sleep detection in submitted sample

Warnings

  • Max analysis timeout: 600s exceeded, the analysis took too long

Runtime Messages

Command:/tmp/i686.elf
PID:5540
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:

Standard Error:/tmp/i686.elf: /lib/i386-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/i686.elf)

Process Tree

  • system is lnxubuntu20
  • i686.elf (PID: 5540, Parent: 5457, MD5: 8719f0c58fc7e9c2c771bf88d95fcc96) Arguments: /tmp/i686.elf
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: i686.elfJoe Sandbox ML: detected
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

barindex
Contains symbols with names commonly found in malware
Source: ELF static info symbol of initial sampleName: http_attack
Source: ELF static info symbol of initial sampleName: socket_attack
Source: ELF static info symbol of initial sampleName: syn_attack
Source: ELF static info symbol of initial sampleName: udp_attack
Source: ELF static info symbol of initial sampleName: vse_attack
Source: classification engineClassification label: mal48.linELF@0/0@2/0
Source: ELF symbol in initial sampleSymbol name: sleep
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/16.17017
Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Data Obfuscation		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
i686.elf6%VirustotalBrowse
i686.elf5%ReversingLabsLinux.Trojan.Mirai
i686.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.25
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    daisy.ubuntu.comssx.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.24
    sss.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.24
    sst.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.25
    ssb.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.25
    MIPSEL.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    I686.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    X86_64.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    ARMV4L.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    POWERPC.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    ssd.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.24

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit LSB pie executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=16cc00fe8190570c39281b90f22a9c921fa82248, for GNU/Linux 3.2.0, not stripped
    Entropy (8bit):4.0126864092687615
    TrID:
    • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
    • ELF Executable and Linkable format (generic) (4004/1) 49.46%
    • Lumena CEL bitmap (63/63) 0.78%
    File name:i686.elf
    File size:20'540 bytes
    MD5:8719f0c58fc7e9c2c771bf88d95fcc96
    SHA1:7b19c94b22a943676bc543b8f30a750c1d33c3dd
    SHA256:15dd328e94ceededfb2300481116bb4269b9f0361ea6e474a6c8fe76bab2d15d
    SHA512:1b41371cebe01c8ea3e27a1c38f6919cc9837d7b43b56c81829be172826c09d7f305289b5c0669c06f551a6bcab53843b4fd7799e21f5a973583e3adcbb3e2ac
    SSDEEP:192:ewNpSbbNJ3NAmBpPv6MZWMx+slZsqELaARw4R70DWbTZSQaWfZl4:a7reMtlZvtARwM0oIQf
    TLSH:D892A66BAA52C833C0436239028F995C2134C435FA43C667F71889B5BCE575D9F2BEB9
    File Content Preview:.ELF....................p...4...dK......4. ...(.........4...4...4...................................................................P...P................................................0...0...0..<...<...............t>..tN..tN.......................>...N.

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, little endian
    Version:1 (current)
    Machine:Intel 80386
    Version Number:0x1
    Type:DYN (Shared object file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x1470
    Flags:0x0
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:12
    Section Header Offset:19300
    Section Header Size:40
    Number of Section Headers:31
    Header String Table Index:30

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .interpPROGBITS0x1b40x1b40x130x00x2A001
    .note.gnu.build-idNOTE0x1c80x1c80x240x00x2A004
    .note.gnu.propertyNOTE0x1ec0x1ec0x1c0x00x2A004
    .note.ABI-tagNOTE0x2080x2080x200x00x2A004
    .gnu.hashGNU_HASH0x2280x2280x200x40x2A604
    .dynsymDYNSYM0x2480x2480x2700x100x2A714
    .dynstrSTRTAB0x4b80x4b80x1af0x00x2A001
    .gnu.versionVERSYM0x6680x6680x4e0x20x2A602
    .gnu.version_rVERNEED0x6b80x6b80x600x00x2A714
    .rel.dynREL0x7180x7180x300x80x2A604
    .rel.pltREL0x7480x7480x1080x80x42AI6244
    .initPROGBITS0x10000x10000x2e0x00x6AX004
    .pltPROGBITS0x10300x10300x2200x40x6AX0016
    .plt.gotPROGBITS0x12500x12500x100x100x6AX0016
    .plt.secPROGBITS0x12600x12600x2100x100x6AX0016
    .textPROGBITS0x14700x14700x11790x00x6AX0016
    .finiPROGBITS0x25ec0x25ec0x1d0x00x6AX004
    .rodataPROGBITS0x30000x30000x2f20x00x2A004
    .eh_frame_hdrPROGBITS0x32f40x32f40x740x00x2A004
    .eh_framePROGBITS0x33680x33680x1d40x00x2A004
    .ctorsPROGBITS0x4e740x3e740x80x00x3WA004
    .dtorsPROGBITS0x4e7c0x3e7c0x80x00x3WA004
    .dynamicDYNAMIC0x4e840x3e840xd80x80x3WA704
    .gotPROGBITS0x4f5c0x3f5c0xa40x40x3WA004
    .dataPROGBITS0x50000x40000x80x00x3WA004
    .bssNOBITS0x50080x40080x100x00x3WA004
    .commentPROGBITS0x00x40080x2b0x10x30MS001
    .symtabSYMTAB0x00x40340x5500x100x029234
    .strtabSTRTAB0x00x45840x4d20x00x0001
    .shstrtabSTRTAB0x00x4a560x10e0x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    PHDR0x340x340x340x1800x1802.52970x4R 0x4
    INTERP0x1b40x1b40x1b40x130x133.68190x4R 0x1/lib/ld-linux.so.2.interp
    LOAD0x00x00x00x8500x8503.71560x4R 0x1000.interp .note.gnu.build-id .note.gnu.property .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt
    LOAD0x10000x10000x10000x16090x16095.76950x5R E0x1000.init .plt .plt.got .plt.sec .text .fini
    LOAD0x30000x30000x30000x53c0x53c5.87720x4R 0x1000.rodata .eh_frame_hdr .eh_frame
    LOAD0x3e740x4e740x4e740x1940x1a42.83620x6RW 0x1000.ctors .dtors .dynamic .got .data .bss
    DYNAMIC0x3e840x4e840x4e840xd80xd82.56020x6RW 0x4.dynamic
    NOTE0x1c80x1c80x1c80x600x603.07870x4R 0x4.note.gnu.build-id .note.gnu.property .note.ABI-tag
    GNU_PROPERTY0x1ec0x1ec0x1ec0x1c0x1c2.05530x4R 0x4.note.gnu.property
    GNU_EH_FRAME0x32f40x32f40x32f40x740x743.81520x4R 0x4.eh_frame_hdr
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x10
    GNU_RELRO0x3e740x4e740x4e740x18c0x18c2.84420x4R 0x1.ctors .dtors .dynamic .got

    Dynamic Tags

    TypeMetaValueTag
    DT_NEEDEDsharedliblibc.so.60x1
    DT_INITvalue0x10000xc
    DT_FINIvalue0x25ec0xd
    DT_GNU_HASHvalue0x2280x6ffffef5
    DT_STRTABvalue0x4b80x5
    DT_SYMTABvalue0x2480x6
    DT_STRSZbytes4310xa
    DT_SYMENTbytes160xb
    DT_DEBUGvalue0x00x15
    DT_PLTGOTvalue0x4f5c0x3
    DT_PLTRELSZbytes2640x2
    DT_PLTRELpltrelDT_REL0x14
    DT_JMPRELvalue0x7480x17
    DT_RELvalue0x7180x11
    DT_RELSZbytes480x12
    DT_RELENTbytes80x13
    DT_FLAGSvalue0x80x1e
    DT_FLAGS_1value0x80000010x6ffffffb
    DT_VERNEEDvalue0x6b80x6ffffffe
    DT_VERNEEDNUMvalue10x6fffffff
    DT_VERSYMvalue0x6680x6ffffff0
    DT_RELCOUNTvalue20x6ffffffa
    DT_NULLvalue0x00x0

    Symbols

    NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
    .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _IO_stdin_used.dynsym0x30044OBJECT<unknown>DEFAULT18
    _ITM_deregisterTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_registerTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __cxa_finalizeGLIBC_2.1.3libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __isoc99_sscanfGLIBC_2.7libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __libc_start_mainGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_failGLIBC_2.4libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    chdirGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    closeGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    connectGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    exitGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    forkGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    freeGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htonlGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htonsGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_addrGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ntoaGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ptonGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    mallocGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memsetGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_cancelGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_createGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    randGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    recvGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sendGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sendtoGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsidGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsockoptGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sleepGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    snprintfGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    socketGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    srandGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strcmpGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strlenGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strncmpGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    timeGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    umaskGLIBC_2.0libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    GLIBC_2.0libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    Scrt1.oGLIBC_2.0libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    _DYNAMICGLIBC_2.7libc.so.6.symtab0x4e840OBJECT<unknown>DEFAULT23
    _GLOBAL_OFFSET_TABLE_GLIBC_2.0libc.so.6.symtab0x4f5c0OBJECT<unknown>DEFAULT24
    _IO_stdin_used.symtab0x30044OBJECT<unknown>DEFAULT18
    _ITM_deregisterTMCloneTableGLIBC_2.0libc.so.6.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_registerTMCloneTable.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __CTOR_END__GLIBC_2.1.3libc.so.6.symtab0x4e780OBJECT<unknown>DEFAULT21
    __CTOR_LIST__.symtab0x4e740OBJECT<unknown>DEFAULT21
    __DTOR_END__.symtab0x4e800OBJECT<unknown>HIDDEN22
    __DTOR_LIST__GLIBC_2.0libc.so.6.symtab0x4e7c0OBJECT<unknown>DEFAULT22
    __FRAME_END__GLIBC_2.0libc.so.6.symtab0x35380OBJECT<unknown>DEFAULT20
    __GNU_EH_FRAME_HDRGLIBC_2.0libc.so.6.symtab0x32f40NOTYPE<unknown>DEFAULT19
    __TMC_END__.symtab0x50080OBJECT<unknown>HIDDEN25
    __abi_tagGLIBC_2.0libc.so.6.symtab0x20832OBJECT<unknown>DEFAULT4
    __bss_start.symtab0x50080NOTYPE<unknown>DEFAULT26
    __cxa_finalize@GLIBC_2.1.3.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __data_start.symtab0x50000NOTYPE<unknown>DEFAULT25
    __do_global_ctors_aux.symtab0x25a00FUNC<unknown>DEFAULT16
    __do_global_dtors_auxGLIBC_2.0libc.so.6.symtab0x15400FUNC<unknown>DEFAULT16
    __dso_handle.symtab0x50040OBJECT<unknown>HIDDEN25
    __gmon_start__.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __isoc99_sscanf@GLIBC_2.7.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __libc_start_main@GLIBC_2.34GLIBC_2.34libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_fail@GLIBC_2.4.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_fail_local.symtab0x258024FUNC<unknown>HIDDEN16
    __x86.get_pc_thunk.bxGLIBC_2.0libc.so.6.symtab0x14a04FUNC<unknown>HIDDEN16
    __x86.get_pc_thunk.di.symtab0x15dd0FUNC<unknown>HIDDEN16
    __x86.get_pc_thunk.dx.symtab0x15d90FUNC<unknown>HIDDEN16
    _edataGLIBC_2.34libc.so.6.symtab0x50080NOTYPE<unknown>DEFAULT25
    _end.symtab0x50180NOTYPE<unknown>DEFAULT26
    _fini.symtab0x25ec0FUNC<unknown>HIDDEN17
    _fp_hw.symtab0x30004OBJECT<unknown>DEFAULT18
    _init.symtab0x10000FUNC<unknown>HIDDEN12
    _start.symtab0x147048FUNC<unknown>DEFAULT16
    bot.cGLIBC_2.0libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    chdir@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    close@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    completed.1GLIBC_2.0libc.so.6.symtab0x50081OBJECT<unknown>DEFAULT26
    connect@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    crtstuff.cGLIBC_2.34libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    crtstuff.cGLIBC_2.0libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    daemonizeGLIBC_2.0libc.so.6.symtab0x15e1176FUNC<unknown>DEFAULT16
    data_startGLIBC_2.0libc.so.6.symtab0x50000NOTYPE<unknown>DEFAULT25
    deregister_tm_clonesGLIBC_2.0libc.so.6.symtab0x14b00FUNC<unknown>DEFAULT16
    dtor_idx.0GLIBC_2.0libc.so.6.symtab0x500c4OBJECT<unknown>DEFAULT26
    exit@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fork@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    frame_dummyGLIBC_2.4libc.so.6.symtab0x15d00FUNC<unknown>DEFAULT16
    free@GLIBC_2.0GLIBC_2.0libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    handle_command.symtab0x1ea91240FUNC<unknown>DEFAULT16
    htonl@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htons@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    http_attack.symtab0x1c99528FUNC<unknown>DEFAULT16
    inet_addr@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ntoa@GLIBC_2.0GLIBC_2.0libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_pton@GLIBC_2.0GLIBC_2.0libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    main.symtab0x2381497FUNC<unknown>DEFAULT16
    malloc@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memset@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    params.1GLIBC_2.0libc.so.6.symtab0x50104OBJECT<unknown>DEFAULT26
    pthread_cancel@GLIBC_2.34.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_create@GLIBC_2.34.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rand@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    recv@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    register_tm_clonesGLIBC_2.0libc.so.6.symtab0x14f00FUNC<unknown>DEFAULT16
    send@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sendto@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsid@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsockopt@GLIBC_2.0GLIBC_2.0libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sleep@GLIBC_2.0GLIBC_2.0libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    snprintf@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    socket@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    socket_attackGLIBC_2.0libc.so.6.symtab0x1c05148FUNC<unknown>DEFAULT16
    srand@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strcmp@GLIBC_2.0GLIBC_2.0libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strlen@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strncmp@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    syn_attack.symtab0x1873914FUNC<unknown>DEFAULT16
    threads.0GLIBC_2.0libc.so.6.symtab0x50144OBJECT<unknown>DEFAULT26
    time@GLIBC_2.0GLIBC_2.0libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    udp_attack.symtab0x1691246FUNC<unknown>DEFAULT16
    umask@GLIBC_2.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    vse_attack.symtab0x1787236FUNC<unknown>DEFAULT16

    Network Behavior

    Network Port Distribution

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 11, 2025 14:42:24.449139118 CET3510553192.168.2.141.1.1.1
    Jan 11, 2025 14:42:24.449213982 CET4920153192.168.2.141.1.1.1
    Jan 11, 2025 14:42:24.456419945 CET53351051.1.1.1192.168.2.14
    Jan 11, 2025 14:42:24.456583023 CET53492011.1.1.1192.168.2.14

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jan 11, 2025 14:42:24.449139118 CET192.168.2.141.1.1.10x393cStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
    Jan 11, 2025 14:42:24.449213982 CET192.168.2.141.1.1.10x69e3Standard query (0)daisy.ubuntu.com28IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jan 11, 2025 14:42:24.456419945 CET1.1.1.1192.168.2.140x393cNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
    Jan 11, 2025 14:42:24.456419945 CET1.1.1.1192.168.2.140x393cNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):13:39:39
    Start date (UTC):11/01/2025
    Path:/tmp/i686.elf
    Arguments:/tmp/i686.elf
    File size:20540 bytes
    MD5 hash:8719f0c58fc7e9c2c771bf88d95fcc96

    Chronological Activities