Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
mips.elf

Overview

General Information

Sample name:mips.elf
Analysis ID:1589169
MD5:e8e5f70f4a9b18665ca53a2fd0e7b9dc
SHA1:b9fa5aa42f6dd1b97a279c0b140385a29077281f
SHA256:7e1226aa38a9f5e729bfce4b956ab068bb7aaf942c7fbba5effaca59bb7282d6
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Contains symbols with names commonly found in malware
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Sample contains strings that are user agent strings indicative of HTTP manipulation
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1589169
Start date and time:2025-01-11 14:40:31 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 42s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mips.elf
Detection:MAL
Classification:mal52.linELF@0/0@2/0
Cookbook Comments:
  • Analysis time extended to 480s due to sleep detection in submitted sample

Warnings

  • Max analysis timeout: 600s exceeded, the analysis took too long

Runtime Messages

Command:/tmp/mips.elf
PID:5839
Exit Code:255
Exit Code Info:
Killed:False
Standard Output:

Standard Error:/lib/ld.so.1: No such file or directory

Process Tree

  • system is lnxubuntu20
  • mips.elf (PID: 5839, Parent: 5764, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.elf
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: mips.elfVirustotal: Detection: 9%Perma Link
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

barindex
Contains symbols with names commonly found in malware
Source: ELF static info symbol of initial sampleName: http_attack
Source: ELF static info symbol of initial sampleName: socket_attack
Source: ELF static info symbol of initial sampleName: syn_attack
Source: ELF static info symbol of initial sampleName: udp_attack
Source: ELF static info symbol of initial sampleName: vse_attack
Source: classification engineClassification label: mal52.linELF@0/0@2/0
Source: ELF symbol in initial sampleSymbol name: sleep
Source: /tmp/mips.elf (PID: 5839)Queries kernel information via 'uname': Jump to behavior
Source: mips.elf, 5839.1.000055d837aa2000.000055d837b29000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
Source: mips.elf, 5839.1.000055d837aa2000.000055d837b29000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: mips.elf, 5839.1.00007ffd11941000.00007ffd11962000.rw-.sdmpBinary or memory string: Tx86_64/usr/bin/qemu-mips/tmp/mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.elf
Source: mips.elf, 5839.1.00007ffd11941000.00007ffd11962000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/16.17017
Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Data Obfuscation		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
mips.elf10%VirustotalBrowse
mips.elf5%ReversingLabsLinux.Trojan.Gafgyt

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.24
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    daisy.ubuntu.comi686.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    ssx.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.24
    sss.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.24
    sst.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.25
    ssb.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.25
    MIPSEL.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    I686.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    X86_64.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    ARMV4L.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    POWERPC.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit MSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld.so.1, BuildID[sha1]=515f65c6ccd6aa30a7a195b3e8b638b62c04ff22, for GNU/Linux 3.2.0, not stripped
    Entropy (8bit):4.604294925016619
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:mips.elf
    File size:17'412 bytes
    MD5:e8e5f70f4a9b18665ca53a2fd0e7b9dc
    SHA1:b9fa5aa42f6dd1b97a279c0b140385a29077281f
    SHA256:7e1226aa38a9f5e729bfce4b956ab068bb7aaf942c7fbba5effaca59bb7282d6
    SHA512:56ba2c2f02f34325e460a5aeaef34196d081a63f164e1f6c69b29adbbca9f40fe0ce25b48a2b6dd0ea5501a8df3d13292a82cdcfb0a64275f5a9e57726619817
    SSDEEP:384:JDBXvdUqbLJva8/QlCXAk7zuVwZlZtsdIVUtZaLwlS/:Jd15bLJt/QlCXAazumZtQ8WM
    TLSH:CA72102EB250FBDFEA69D27401F247E4436214E3AEC24793E07DD9150EEA11C1CAD9E6
    File Content Preview:.ELF.....................@.....4..?.p....4. ...(. .........4.@.4.@.4...`...`.................@...@..................p........@...@..................p........@...@...........................@...@....)...).............../..A/..A/..........................@.

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, big endian
    Version:1 (current)
    Machine:MIPS R3000
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x400a00
    Flags:0x70001007
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:11
    Section Header Offset:16132
    Section Header Size:40
    Number of Section Headers:32
    Header String Table Index:31

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .interpPROGBITS0x4001940x1940xd0x00x2A001
    .MIPS.abiflagsMIPS_ABIFLAGS0x4001a80x1a80x180x180x2A008
    .reginfoMIPS_REGINFO0x4001c00x1c00x180x180x2A004
    .note.gnu.build-idNOTE0x4001d80x1d80x240x00x2A004
    .note.ABI-tagNOTE0x4001fc0x1fc0x200x00x2A004
    .dynamicDYNAMIC0x40021c0x21c0xe80x80x2A904
    .hashHASH0x4003040x3040x1440x40x2A804
    .dynsymDYNSYM0x4004480x4480x2a00x100x2A914
    .dynstrSTRTAB0x4006e80x6e80x1c90x00x2A001
    .gnu.versionVERSYM0x4008b20x8b20x540x20x2A802
    .gnu.version_rVERNEED0x4009080x9080x700x00x2A924
    .initPROGBITS0x4009780x9780x7c0x00x6AX004
    .textPROGBITS0x400a000xa000x19e00x00x6AX0016
    .MIPS.stubsPROGBITS0x4023e00x23e00x2200x00x6AX004
    .finiPROGBITS0x4026000x26000x440x00x6AX004
    .rodataPROGBITS0x4026500x26500x3300x00x2A0016
    .eh_framePROGBITS0x4029800x29800x40x00x2A004
    .ctorsPROGBITS0x412ff00x2ff00x80x00x3WA004
    .dtorsPROGBITS0x412ff80x2ff80x80x00x3WA004
    .dataPROGBITS0x4130000x30000x100x00x3WA0016
    .rld_mapPROGBITS0x4130100x30100x40x00x3WA004
    .gotPROGBITS0x4130200x30200xac0x40x10000003WAp0016
    .sdataPROGBITS0x4130cc0x30cc0x40x00x10000003WAp004
    .bssNOBITS0x4130d00x30d00x200x00x3WA0016
    .commentPROGBITS0x00x30d00x250x10x30MS001
    .pdrPROGBITS0x00x30f80x1000x00x0004
    .gnu.attributesGNU_ATTRIBUTES0x00x31f80x100x00x0001
    .mdebug.abi32PROGBITS0x00x32080x00x00x0001
    .symtabSYMTAB0x00x32080x7300x100x030524
    .strtabSTRTAB0x00x39380x4ab0x00x0001
    .shstrtabSTRTAB0x00x3de30x1210x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    PHDR0x340x4000340x4000340x1600x1602.49030x4R 0x4
    INTERP0x1940x4001940x4001940xd0xd3.23890x4R 0x1/lib/ld.so.1.interp
    ABIFLAGS0x1a80x4001a80x4001a80x180x181.13870x4R 0x8.MIPS.abiflags
    <unknown>0x1c00x4001c00x4001c00x180x181.22200x4R 0x4.reginfo
    LOAD0x00x4000000x4000000x29840x29845.13500x5R E0x10000.interp .MIPS.abiflags .reginfo .note.gnu.build-id .note.ABI-tag .dynamic .hash .dynsym .dynstr .gnu.version .gnu.version_r .init .text .MIPS.stubs .fini .rodata .eh_frame
    LOAD0x2ff00x412ff00x412ff00xe00x1002.63180x6RW 0x10000.ctors .dtors .data .rld_map .got .sdata .bss
    DYNAMIC0x21c0x40021c0x40021c0xe80xe82.71660x4R 0x4.dynamic
    NOTE0x1d80x4001d80x4001d80x440x443.32670x4R 0x4.note.gnu.build-id .note.ABI-tag
    GNU_STACK0x00x00x00x00x00.00000x7RWE0x10
    GNU_RELRO0x2ff00x412ff00x412ff00x100x101.00000x4R 0x1.ctors .dtors
    NULL0x00x00x00x00x00.00000x0 0x4

    Dynamic Tags

    TypeMetaValueTag
    DT_NEEDEDsharedliblibc.so.60x1
    DT_NEEDEDsharedlibld.so.10x1
    DT_INITvalue0x4009780xc
    DT_FINIvalue0x4026000xd
    DT_HASHvalue0x4003040x4
    DT_STRTABvalue0x4006e80x5
    DT_SYMTABvalue0x4004480x6
    DT_STRSZbytes4570xa
    DT_SYMENTbytes160xb
    DT_MIPS_RLD_MAPvalue0x4130100x70000016
    DT_MIPS_RLD_MAP_RELvalue0x12da40x70000035
    DT_DEBUGvalue0x00x15
    DT_PLTGOTvalue0x4130200x3
    DT_MIPS_RLD_VERSIONvalue0x10x70000001
    DT_MIPS_FLAGSvalue0x20x70000005
    DT_MIPS_BASE_ADDRESSvalue0x4000000x70000006
    DT_MIPS_LOCAL_GOTNOvalue0x60x7000000a
    DT_MIPS_SYMTABNOvalue0x2a0x70000011
    DT_MIPS_UNREFEXTNOvalue0x1d0x70000012
    DT_MIPS_GOTSYMvalue0x50x70000013
    DT_VERNEEDvalue0x4009080x6ffffffe
    DT_VERNEEDNUMvalue20x6fffffff
    DT_VERSYMvalue0x4008b20x6ffffff0
    DT_NULLvalue0x00x0

    Symbols

    NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
    .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _DYNAMIC_LINKING.dynsym0x10SECTION<unknown>DEFAULTSHN_ABS
    _IO_stdin_used.dynsym0x4026504OBJECT<unknown>DEFAULT16
    _ITM_deregisterTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_registerTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __RLD_MAP.dynsym0x4130100OBJECT<unknown>DEFAULT21
    __gmon_start__.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __isoc99_sscanfGLIBC_2.7libc.so.6.dynsym0x4024e00FUNC<unknown>DEFAULTSHN_UNDEF
    __libc_start_mainGLIBC_2.34libc.so.6.dynsym0x4024000FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_failGLIBC_2.4libc.so.6.dynsym0x4024700FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_guardGLIBC_2.4ld.so.1.dynsym0x00OBJECT<unknown>DEFAULTSHN_UNDEF
    chdirGLIBC_2.0libc.so.6.dynsym0x4024600FUNC<unknown>DEFAULTSHN_UNDEF
    closeGLIBC_2.0libc.so.6.dynsym0x4025d00FUNC<unknown>DEFAULTSHN_UNDEF
    connectGLIBC_2.0libc.so.6.dynsym0x4025b00FUNC<unknown>DEFAULTSHN_UNDEF
    exitGLIBC_2.0libc.so.6.dynsym0x4024a00FUNC<unknown>DEFAULTSHN_UNDEF
    forkGLIBC_2.0libc.so.6.dynsym0x4025400FUNC<unknown>DEFAULTSHN_UNDEF
    freeGLIBC_2.0libc.so.6.dynsym0x4024100FUNC<unknown>DEFAULTSHN_UNDEF
    htonlGLIBC_2.0libc.so.6.dynsym0x4025500FUNC<unknown>DEFAULTSHN_UNDEF
    htonsGLIBC_2.0libc.so.6.dynsym0x4024800FUNC<unknown>DEFAULTSHN_UNDEF
    inet_addrGLIBC_2.0libc.so.6.dynsym0x4025700FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ntoaGLIBC_2.0libc.so.6.dynsym0x4024400FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ptonGLIBC_2.0libc.so.6.dynsym0x4024200FUNC<unknown>DEFAULTSHN_UNDEF
    main.dynsym0x4020c0692FUNC<unknown>DEFAULT13
    mallocGLIBC_2.0libc.so.6.dynsym0x4024900FUNC<unknown>DEFAULTSHN_UNDEF
    memsetGLIBC_2.0libc.so.6.dynsym0x4024f00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_cancelGLIBC_2.34libc.so.6.dynsym0x4025a00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_createGLIBC_2.34libc.so.6.dynsym0x4025300FUNC<unknown>DEFAULTSHN_UNDEF
    randGLIBC_2.0libc.so.6.dynsym0x4025100FUNC<unknown>DEFAULTSHN_UNDEF
    recvGLIBC_2.0libc.so.6.dynsym0x4025c00FUNC<unknown>DEFAULTSHN_UNDEF
    sendGLIBC_2.0libc.so.6.dynsym0x4025e00FUNC<unknown>DEFAULTSHN_UNDEF
    sendtoGLIBC_2.0libc.so.6.dynsym0x4025200FUNC<unknown>DEFAULTSHN_UNDEF
    setsidGLIBC_2.0libc.so.6.dynsym0x4024b00FUNC<unknown>DEFAULTSHN_UNDEF
    setsockoptGLIBC_2.0libc.so.6.dynsym0x4023e00FUNC<unknown>DEFAULTSHN_UNDEF
    sleepGLIBC_2.0libc.so.6.dynsym0x4024500FUNC<unknown>DEFAULTSHN_UNDEF
    snprintfGLIBC_2.0libc.so.6.dynsym0x4025000FUNC<unknown>DEFAULTSHN_UNDEF
    socketGLIBC_2.0libc.so.6.dynsym0x4025600FUNC<unknown>DEFAULTSHN_UNDEF
    srandGLIBC_2.0libc.so.6.dynsym0x4024c00FUNC<unknown>DEFAULTSHN_UNDEF
    strcmpGLIBC_2.0libc.so.6.dynsym0x4023f00FUNC<unknown>DEFAULTSHN_UNDEF
    strlenGLIBC_2.0libc.so.6.dynsym0x4024d00FUNC<unknown>DEFAULTSHN_UNDEF
    strncmpGLIBC_2.0libc.so.6.dynsym0x4025800FUNC<unknown>DEFAULTSHN_UNDEF
    timeGLIBC_2.0libc.so.6.dynsym0x4024300FUNC<unknown>DEFAULTSHN_UNDEF
    umaskGLIBC_2.0libc.so.6.dynsym0x4025900FUNC<unknown>DEFAULTSHN_UNDEF
    .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    .symtab0x4001940SECTION<unknown>DEFAULT1
    .symtab0x4001a80SECTION<unknown>DEFAULT2
    .symtab0x4001c00SECTION<unknown>DEFAULT3
    .symtab0x4001d80SECTION<unknown>DEFAULT4
    GLIBC_2.0libc.so.6.symtab0x4001fc0SECTION<unknown>DEFAULT5
    GLIBC_2.0libc.so.6.symtab0x40021c0SECTION<unknown>DEFAULT6
    GLIBC_2.0libc.so.6.symtab0x4003040SECTION<unknown>DEFAULT7
    GLIBC_2.0libc.so.6.symtab0x4004480SECTION<unknown>DEFAULT8
    GLIBC_2.34libc.so.6.symtab0x4006e80SECTION<unknown>DEFAULT9
    GLIBC_2.0libc.so.6.symtab0x4008b20SECTION<unknown>DEFAULT10
    GLIBC_2.0libc.so.6.symtab0x4009080SECTION<unknown>DEFAULT11
    GLIBC_2.0libc.so.6.symtab0x4009780SECTION<unknown>DEFAULT12
    .symtab0x400a000SECTION<unknown>DEFAULT13
    GLIBC_2.0libc.so.6.symtab0x4023e00SECTION<unknown>DEFAULT14
    GLIBC_2.0libc.so.6.symtab0x4026000SECTION<unknown>DEFAULT15
    GLIBC_2.0libc.so.6.symtab0x4026500SECTION<unknown>DEFAULT16
    GLIBC_2.34libc.so.6.symtab0x4029800SECTION<unknown>DEFAULT17
    GLIBC_2.0libc.so.6.symtab0x412ff00SECTION<unknown>DEFAULT18
    GLIBC_2.0libc.so.6.symtab0x412ff80SECTION<unknown>DEFAULT19
    GLIBC_2.0libc.so.6.symtab0x4130000SECTION<unknown>DEFAULT20
    GLIBC_2.0libc.so.6.symtab0x4130100SECTION<unknown>DEFAULT21
    GLIBC_2.7libc.so.6.symtab0x4130200SECTION<unknown>DEFAULT22
    GLIBC_2.0libc.so.6.symtab0x4130cc0SECTION<unknown>DEFAULT23
    GLIBC_2.0libc.so.6.symtab0x4130d00SECTION<unknown>DEFAULT24
    GLIBC_2.0libc.so.6.symtab0x00SECTION<unknown>DEFAULT25
    GLIBC_2.0libc.so.6.symtab0x00SECTION<unknown>DEFAULT26
    .symtab0x00SECTION<unknown>DEFAULT27
    GLIBC_2.0libc.so.6.symtab0x00SECTION<unknown>DEFAULT28
    .symtab0x00FILE<unknown>DEFAULTSHN_ABS
    _DYNAMIC.symtab0x40021c0OBJECT<unknown>DEFAULT6
    _DYNAMIC_LINKING.symtab0x10SECTION<unknown>DEFAULTSHN_ABS
    _GLOBAL_OFFSET_TABLE_.symtab0x4130200OBJECT<unknown>HIDDEN22
    _IO_stdin_used.symtab0x4026504OBJECT<unknown>DEFAULT16
    _ITM_deregisterTMCloneTable.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_registerTMCloneTable.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _MIPS_STUBS_.symtab0x4023e00FUNC<unknown>DEFAULT14
    __CTOR_END__.symtab0x412ff40OBJECT<unknown>DEFAULT18
    __CTOR_LIST__GLIBC_2.0libc.so.6.symtab0x412ff00OBJECT<unknown>DEFAULT18
    __DTOR_END__.symtab0x412ffc0OBJECT<unknown>HIDDEN19
    __DTOR_LIST__GLIBC_2.0libc.so.6.symtab0x412ff80OBJECT<unknown>DEFAULT19
    __FRAME_END__.symtab0x4029800OBJECT<unknown>DEFAULT17
    __RLD_MAP.symtab0x4130100OBJECT<unknown>DEFAULT21
    __TMC_END__.symtab0x4130140OBJECT<unknown>HIDDEN21
    __abi_tagGLIBC_2.4libc.so.6.symtab0x4001fc32OBJECT<unknown>DEFAULT5
    __bss_start.symtab0x4130d00NOTYPE<unknown>DEFAULT24
    __data_start.symtab0x4130000NOTYPE<unknown>DEFAULT20
    __do_global_ctors_aux.symtab0x4023800FUNC<unknown>DEFAULT13
    __do_global_dtors_auxGLIBC_2.0libc.so.6.symtab0x400ae40FUNC<unknown>DEFAULT13
    __dso_handle.symtab0x4130cc0OBJECT<unknown>HIDDEN23
    __gmon_start__.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __isoc99_sscanf@GLIBC_2.7.symtab0x4024e00FUNC<unknown>DEFAULTSHN_UNDEF
    __libc_start_main@GLIBC_2.34.symtab0x4024000FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_fail@GLIBC_2.4.symtab0x4024700FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_guard@GLIBC_2.4.symtab0x00OBJECT<unknown>DEFAULTSHN_UNDEF
    __start.symtab0x400a000FUNC<unknown>DEFAULT13
    _edata.symtab0x4130d00NOTYPE<unknown>DEFAULT23
    _end.symtab0x4130f00NOTYPE<unknown>DEFAULT24
    _fbss.symtab0x4130d00NOTYPE<unknown>DEFAULT24
    _fdata.symtab0x4130000NOTYPE<unknown>DEFAULT20
    _fini.symtab0x4026000FUNC<unknown>HIDDEN15
    _ftext.symtab0x400a000NOTYPE<unknown>DEFAULT13
    _gp.symtab0x41b0100NOTYPE<unknown>DEFAULT22
    _init.symtab0x4009780FUNC<unknown>HIDDEN12
    bot.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    chdir@GLIBC_2.0.symtab0x4024600FUNC<unknown>DEFAULTSHN_UNDEF
    close@GLIBC_2.0.symtab0x4025d00FUNC<unknown>DEFAULTSHN_UNDEF
    completed.1.symtab0x4130d01OBJECT<unknown>DEFAULT24
    connect@GLIBC_2.0.symtab0x4025b00FUNC<unknown>DEFAULTSHN_UNDEF
    crt1.oGLIBC_2.0libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    crtstuff.cGLIBC_2.0libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    crtstuff.cGLIBC_2.0libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    daemonize.symtab0x400ba0352FUNC<unknown>DEFAULT13
    data_start.symtab0x4130000NOTYPE<unknown>DEFAULT20
    deregister_tm_clonesGLIBC_2.4ld.so.1.symtab0x400a600FUNC<unknown>DEFAULT13
    dtor_idx.0GLIBC_2.34libc.so.6.symtab0x4130d44OBJECT<unknown>DEFAULT24
    exit@GLIBC_2.0.symtab0x4024a00FUNC<unknown>DEFAULTSHN_UNDEF
    fork@GLIBC_2.0.symtab0x4025400FUNC<unknown>DEFAULTSHN_UNDEF
    frame_dummyGLIBC_2.0libc.so.6.symtab0x400b940FUNC<unknown>DEFAULT13
    free@GLIBC_2.0.symtab0x4024100FUNC<unknown>DEFAULTSHN_UNDEF
    handle_command.symtab0x4018b82056FUNC<unknown>DEFAULT13
    hltGLIBC_2.0libc.so.6.symtab0x400a500NOTYPE<unknown>DEFAULT13
    htonl@GLIBC_2.0.symtab0x4025500FUNC<unknown>DEFAULTSHN_UNDEF
    htons@GLIBC_2.0.symtab0x4024800FUNC<unknown>DEFAULTSHN_UNDEF
    http_attack.symtab0x4015d0744FUNC<unknown>DEFAULT13
    inet_addr@GLIBC_2.0.symtab0x4025700FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ntoa@GLIBC_2.0.symtab0x4024400FUNC<unknown>DEFAULTSHN_UNDEF
    inet_pton@GLIBC_2.0.symtab0x4024200FUNC<unknown>DEFAULTSHN_UNDEF
    main.symtab0x4020c0692FUNC<unknown>DEFAULT13
    malloc@GLIBC_2.0.symtab0x4024900FUNC<unknown>DEFAULTSHN_UNDEF
    memset@GLIBC_2.0.symtab0x4024f00FUNC<unknown>DEFAULTSHN_UNDEF
    params.1.symtab0x4130e04OBJECT<unknown>DEFAULT24
    pthread_cancel@GLIBC_2.34.symtab0x4025a00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_create@GLIBC_2.34.symtab0x4025300FUNC<unknown>DEFAULTSHN_UNDEF
    rand@GLIBC_2.0.symtab0x4025100FUNC<unknown>DEFAULTSHN_UNDEF
    recv@GLIBC_2.0.symtab0x4025c00FUNC<unknown>DEFAULTSHN_UNDEF
    register_tm_clonesGLIBC_2.0libc.so.6.symtab0x400a980FUNC<unknown>DEFAULT13
    send@GLIBC_2.0.symtab0x4025e00FUNC<unknown>DEFAULTSHN_UNDEF
    sendto@GLIBC_2.0.symtab0x4025200FUNC<unknown>DEFAULTSHN_UNDEF
    setsid@GLIBC_2.0.symtab0x4024b00FUNC<unknown>DEFAULTSHN_UNDEF
    setsockopt@GLIBC_2.0.symtab0x4023e00FUNC<unknown>DEFAULTSHN_UNDEF
    sleep@GLIBC_2.0.symtab0x4024500FUNC<unknown>DEFAULTSHN_UNDEF
    snprintf@GLIBC_2.0.symtab0x4025000FUNC<unknown>DEFAULTSHN_UNDEF
    socket@GLIBC_2.0.symtab0x4025600FUNC<unknown>DEFAULTSHN_UNDEF
    socket_attack.symtab0x4014bc276FUNC<unknown>DEFAULT13
    srand@GLIBC_2.0.symtab0x4024c00FUNC<unknown>DEFAULTSHN_UNDEF
    strcmp@GLIBC_2.0.symtab0x4023f00FUNC<unknown>DEFAULTSHN_UNDEF
    strlen@GLIBC_2.0.symtab0x4024d00FUNC<unknown>DEFAULTSHN_UNDEF
    strncmp@GLIBC_2.0.symtab0x4025800FUNC<unknown>DEFAULTSHN_UNDEF
    syn_attack.symtab0x4010341160FUNC<unknown>DEFAULT13
    threads.0.symtab0x4130e44OBJECT<unknown>DEFAULT24
    time@GLIBC_2.0.symtab0x4024300FUNC<unknown>DEFAULTSHN_UNDEF
    udp_attack.symtab0x400d00384FUNC<unknown>DEFAULT13
    umask@GLIBC_2.0.symtab0x4025900FUNC<unknown>DEFAULTSHN_UNDEF
    vse_attack.symtab0x400e80436FUNC<unknown>DEFAULT13

    Network Behavior

    Network Port Distribution

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 11, 2025 14:44:37.172374964 CET4825653192.168.2.151.1.1.1
    Jan 11, 2025 14:44:37.172434092 CET3650853192.168.2.151.1.1.1
    Jan 11, 2025 14:44:37.181072950 CET53482561.1.1.1192.168.2.15
    Jan 11, 2025 14:44:37.181464911 CET53365081.1.1.1192.168.2.15

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jan 11, 2025 14:44:37.172374964 CET192.168.2.151.1.1.10x2caeStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
    Jan 11, 2025 14:44:37.172434092 CET192.168.2.151.1.1.10x5972Standard query (0)daisy.ubuntu.com28IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jan 11, 2025 14:44:37.181072950 CET1.1.1.1192.168.2.150x2caeNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
    Jan 11, 2025 14:44:37.181072950 CET1.1.1.1192.168.2.150x2caeNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):13:41:53
    Start date (UTC):11/01/2025
    Path:/tmp/mips.elf
    Arguments:/tmp/mips.elf
    File size:5777432 bytes
    MD5 hash:0083f1f0e77be34ad27f849842bbb00c

    Chronological Activities