Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86_64.elf

Overview

General Information

Sample name:x86_64.elf
Analysis ID:1589176
MD5:1051bd577f495017e13de6fe2c3b81dd
SHA1:9d888be69ee1d1cfd4f592cc0c27d071a5847553
SHA256:61be3ad682f78b5482ce52071ab0b69ddd0422b79b95ee4d77e9a99220a38b81
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false

Signatures

Contains symbols with names commonly found in malware
Machine Learning detection for sample
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Sample contains strings that are user agent strings indicative of HTTP manipulation

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1589176
Start date and time:2025-01-11 14:51:00 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 36s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:x86_64.elf
Detection:MAL
Classification:mal48.linELF@0/0@2/0
Cookbook Comments:
  • Analysis time extended to 480s due to sleep detection in submitted sample

Warnings

  • Max analysis timeout: 600s exceeded, the analysis took too long

Runtime Messages

Command:/tmp/x86_64.elf
PID:5483
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:

Standard Error:/tmp/x86_64.elf: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/x86_64.elf)

Process Tree

  • system is lnxubuntu20
  • x86_64.elf (PID: 5483, Parent: 5407, MD5: 1051bd577f495017e13de6fe2c3b81dd) Arguments: /tmp/x86_64.elf
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: x86_64.elfJoe Sandbox ML: detected
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

barindex
Contains symbols with names commonly found in malware
Source: ELF static info symbol of initial sampleName: http_attack
Source: ELF static info symbol of initial sampleName: socket_attack
Source: ELF static info symbol of initial sampleName: syn_attack
Source: ELF static info symbol of initial sampleName: udp_attack
Source: ELF static info symbol of initial sampleName: vse_attack
Source: classification engineClassification label: mal48.linELF@0/0@2/0
Source: ELF symbol in initial sampleSymbol name: sleep
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/16.17017
Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Data Obfuscation		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
x86_64.elf8%ReversingLabsLinux.Trojan.Mirai
x86_64.elf6%VirustotalBrowse
x86_64.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.24
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    daisy.ubuntu.commips.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    i686.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    ssx.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.24
    sss.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.24
    sst.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.25
    ssb.elfGet hashmaliciousGafgytBrowse
    • 162.213.35.25
    MIPSEL.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    I686.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.24
    X86_64.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=33d4e0c4f57a397928dcf9fa6833b601c829a67f, for GNU/Linux 3.2.0, not stripped
    Entropy (8bit):3.6721845503521586
    TrID:
    • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
    • ELF Executable and Linkable format (generic) (4004/1) 49.46%
    • Lumena CEL bitmap (63/63) 0.78%
    File name:x86_64.elf
    File size:21'720 bytes
    MD5:1051bd577f495017e13de6fe2c3b81dd
    SHA1:9d888be69ee1d1cfd4f592cc0c27d071a5847553
    SHA256:61be3ad682f78b5482ce52071ab0b69ddd0422b79b95ee4d77e9a99220a38b81
    SHA512:93855b9f2e92aa9eab76072487e1c4e6b15482c71f6fd1384aefc9817c15df3163e3bcf97864e681fc22d6488834afd4e0c56d947232e2ab5de9e8b7a75d69d2
    SSDEEP:384:uEAXmAOXn6yqiaSKC6yqiaSKC6yldVNF91tldVNFvJhdILQQk5hR2FH9s9XKVkqj:u/on6yqiaSKC6yqiaSKC6yldVNF91tlS
    TLSH:60A2642FA2A0CD39C884B2348ADF962451B1F0B5BF33611F2A1456F73DA375C4E39A91
    File Content Preview:.ELF..............>.....@.......@........M..........@.8...@.............@.......@.......@.......................................................................................................................`.......`......................................

    Static ELF Info

    ELF header

    Class:ELF64
    Data:2's complement, little endian
    Version:1 (current)
    Machine:Advanced Micro Devices X86-64
    Version Number:0x1
    Type:DYN (Shared object file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x1440
    Flags:0x0
    ELF Header Size:64
    Program Header Offset:64
    Program Header Size:56
    Number of Program Headers:13
    Section Header Offset:19736
    Section Header Size:64
    Number of Section Headers:31
    Header String Table Index:30

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .interpPROGBITS0x3180x3180x1c0x00x2A001
    .note.gnu.propertyNOTE0x3380x3380x300x00x2A008
    .note.gnu.build-idNOTE0x3680x3680x240x00x2A004
    .note.ABI-tagNOTE0x38c0x38c0x200x00x2A004
    .gnu.hashGNU_HASH0x3b00x3b00x240x00x2A608
    .dynsymDYNSYM0x3d80x3d80x3900x180x2A718
    .dynstrSTRTAB0x7680x7680x1960x00x2A001
    .gnu.versionVERSYM0x8fe0x8fe0x4c0x20x2A602
    .gnu.version_rVERNEED0x9500x9500x500x00x2A718
    .rela.dynRELA0x9a00x9a00xc00x180x2A608
    .rela.pltRELA0xa600xa600x3000x180x42AI6248
    .initPROGBITS0x10000x10000x1b0x00x6AX004
    .pltPROGBITS0x10200x10200x2100x100x6AX0016
    .plt.gotPROGBITS0x12300x12300x100x100x6AX0016
    .plt.secPROGBITS0x12400x12400x2000x100x6AX0016
    .textPROGBITS0x14400x14400x10f80x00x6AX0016
    .finiPROGBITS0x25380x25380xd0x00x6AX004
    .rodataPROGBITS0x30000x30000x3020x00x2A008
    .eh_frame_hdrPROGBITS0x33040x33040x6c0x00x2A004
    .eh_framePROGBITS0x33700x33700x1900x00x2A008
    .init_arrayINIT_ARRAY0x4cc00x3cc00x80x80x3WA008
    .fini_arrayFINI_ARRAY0x4cc80x3cc80x80x80x3WA008
    .dynamicDYNAMIC0x4cd00x3cd00x1f00x100x3WA708
    .gotPROGBITS0x4ec00x3ec00x1400x80x3WA008
    .dataPROGBITS0x50000x40000x100x00x3WA008
    .bssNOBITS0x50100x40100x180x00x3WA008
    .commentPROGBITS0x00x40100x2b0x10x30MS001
    .symtabSYMTAB0x00x40400x7200x180x029208
    .strtabSTRTAB0x00x47600x4970x00x0001
    .shstrtabSTRTAB0x00x4bf70x11a0x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    PHDR0x400x400x400x2d80x2d81.64700x4R 0x8
    INTERP0x3180x3180x3180x1c0x1c3.94080x4R 0x1/lib64/ld-linux-x86-64.so.2.interp
    LOAD0x00x00x00xd600xd602.52810x4R 0x1000.interp .note.gnu.property .note.gnu.build-id .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt
    LOAD0x10000x10000x10000x15450x15455.68310x5R E0x1000.init .plt .plt.got .plt.sec .text .fini
    LOAD0x30000x30000x30000x5000x5005.70990x4R 0x1000.rodata .eh_frame_hdr .eh_frame
    LOAD0x3cc00x4cc00x4cc00x3500x3681.60590x6RW 0x1000.init_array .fini_array .dynamic .got .data .bss
    DYNAMIC0x3cd00x4cd00x4cd00x1f00x1f01.46780x6RW 0x8.dynamic
    NOTE0x3380x3380x3380x300x301.93450x4R 0x8.note.gnu.property
    NOTE0x3680x3680x3680x440x443.33780x4R 0x4.note.gnu.build-id .note.ABI-tag
    GNU_PROPERTY0x3380x3380x3380x300x301.93450x4R 0x8.note.gnu.property
    GNU_EH_FRAME0x33040x33040x33040x6c0x6c3.77740x4R 0x4.eh_frame_hdr
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x10
    GNU_RELRO0x3cc00x4cc00x4cc00x3400x3401.61400x4R 0x1.init_array .fini_array .dynamic .got

    Dynamic Tags

    TypeMetaValueTag
    DT_NEEDEDsharedliblibc.so.60x1
    DT_INITvalue0x10000xc
    DT_FINIvalue0x25380xd
    DT_INIT_ARRAYvalue0x4cc00x19
    DT_INIT_ARRAYSZbytes80x1b
    DT_FINI_ARRAYvalue0x4cc80x1a
    DT_FINI_ARRAYSZbytes80x1c
    DT_GNU_HASHvalue0x3b00x6ffffef5
    DT_STRTABvalue0x7680x5
    DT_SYMTABvalue0x3d80x6
    DT_STRSZbytes4060xa
    DT_SYMENTbytes240xb
    DT_DEBUGvalue0x00x15
    DT_PLTGOTvalue0x4ec00x3
    DT_PLTRELSZbytes7680x2
    DT_PLTRELpltrelDT_RELA0x14
    DT_JMPRELvalue0xa600x17
    DT_RELAvalue0x9a00x7
    DT_RELASZbytes1920x8
    DT_RELAENTbytes240x9
    DT_FLAGSvalue0x80x1e
    DT_FLAGS_1value0x80000010x6ffffffb
    DT_VERNEEDvalue0x9500x6ffffffe
    DT_VERNEEDNUMvalue10x6fffffff
    DT_VERSYMvalue0x8fe0x6ffffff0
    DT_RELACOUNTvalue30x6ffffff9
    DT_NULLvalue0x00x0

    Symbols

    NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
    .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_deregisterTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_registerTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __cxa_finalizeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __isoc99_sscanfGLIBC_2.7libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __libc_start_mainGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_failGLIBC_2.4libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    chdirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    closeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    connectGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    exitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    forkGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    freeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htonlGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htonsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_addrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ntoaGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ptonGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    mallocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_cancelGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_createGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    randGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    recvGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sendGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sendtoGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsockoptGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sleepGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    snprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    socketGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    srandGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strcmpGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strlenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strncmpGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    timeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    umaskGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    GLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    Scrt1.oGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    _DYNAMICGLIBC_2.2.5libc.so.6.symtab0x4cd00OBJECT<unknown>DEFAULT23
    _GLOBAL_OFFSET_TABLE_GLIBC_2.2.5libc.so.6.symtab0x4ec00OBJECT<unknown>DEFAULT24
    _IO_stdin_used.symtab0x30004OBJECT<unknown>DEFAULT18
    _ITM_deregisterTMCloneTableGLIBC_2.2.5libc.so.6.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_registerTMCloneTable.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __FRAME_END__GLIBC_2.2.5libc.so.6.symtab0x34fc0OBJECT<unknown>DEFAULT20
    __GNU_EH_FRAME_HDRGLIBC_2.2.5libc.so.6.symtab0x33040NOTYPE<unknown>DEFAULT19
    __TMC_END__.symtab0x50100OBJECT<unknown>HIDDEN25
    __abi_tagGLIBC_2.2.5libc.so.6.symtab0x38c32OBJECT<unknown>DEFAULT4
    __bss_start.symtab0x50100NOTYPE<unknown>DEFAULT26
    __cxa_finalize@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __data_start.symtab0x50000NOTYPE<unknown>DEFAULT25
    __do_global_dtors_auxGLIBC_2.2.5libc.so.6.symtab0x14e00FUNC<unknown>DEFAULT16
    __do_global_dtors_aux_fini_array_entryGLIBC_2.2.5libc.so.6.symtab0x4cc80OBJECT<unknown>DEFAULT22
    __dso_handle.symtab0x50080OBJECT<unknown>HIDDEN25
    __frame_dummy_init_array_entryGLIBC_2.4libc.so.6.symtab0x4cc00OBJECT<unknown>DEFAULT21
    __gmon_start__.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __isoc99_sscanf@GLIBC_2.7.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __libc_start_main@GLIBC_2.34.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_fail@GLIBC_2.4GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    _edataGLIBC_2.2.5libc.so.6.symtab0x50100NOTYPE<unknown>DEFAULT25
    _end.symtab0x50280NOTYPE<unknown>DEFAULT26
    _finiGLIBC_2.2.5libc.so.6.symtab0x25380FUNC<unknown>HIDDEN17
    _init.symtab0x10000FUNC<unknown>HIDDEN12
    _start.symtab0x144038FUNC<unknown>DEFAULT16
    bot.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    chdir@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    close@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    completed.0GLIBC_2.2.5libc.so.6.symtab0x50101OBJECT<unknown>DEFAULT26
    connect@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    crtstuff.cGLIBC_2.34libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    crtstuff.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
    daemonize.symtab0x1529148FUNC<unknown>DEFAULT16
    data_startGLIBC_2.2.5libc.so.6.symtab0x50000NOTYPE<unknown>DEFAULT25
    deregister_tm_clonesGLIBC_2.2.5libc.so.6.symtab0x14700FUNC<unknown>DEFAULT16
    exit@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fork@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    frame_dummyGLIBC_2.2.5libc.so.6.symtab0x15200FUNC<unknown>DEFAULT16
    free@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    handle_commandGLIBC_2.2.5libc.so.6.symtab0x1def1391FUNC<unknown>DEFAULT16
    htonl@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    htons@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    http_attack.symtab0x1bc2557FUNC<unknown>DEFAULT16
    inet_addr@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_ntoa@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    inet_pton@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    main.symtab0x235e474FUNC<unknown>DEFAULT16
    malloc@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memset@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    params.1GLIBC_2.2.5libc.so.6.symtab0x50188OBJECT<unknown>DEFAULT26
    pthread_cancel@GLIBC_2.34.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    pthread_create@GLIBC_2.34.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rand@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    recv@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    register_tm_clones.symtab0x14a00FUNC<unknown>DEFAULT16
    send@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sendto@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsid@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setsockopt@GLIBC_2.2.5GLIBC_2.7libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    sleep@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    snprintf@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    socket@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    socket_attackGLIBC_2.34libc.so.6.symtab0x1b32144FUNC<unknown>DEFAULT16
    srand@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strcmp@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strlen@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strncmp@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    syn_attackGLIBC_2.34libc.so.6.symtab0x178f931FUNC<unknown>DEFAULT16
    threads.0GLIBC_2.2.5libc.so.6.symtab0x50208OBJECT<unknown>DEFAULT26
    time@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    udp_attack.symtab0x15bd226FUNC<unknown>DEFAULT16
    umask@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
    vse_attack.symtab0x169f240FUNC<unknown>DEFAULT16

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 11, 2025 14:54:53.137528896 CET3480053192.168.2.138.8.8.8
    Jan 11, 2025 14:54:53.142790079 CET53348008.8.8.8192.168.2.13
    Jan 11, 2025 14:54:53.142854929 CET3480053192.168.2.138.8.8.8
    Jan 11, 2025 14:54:53.142887115 CET3480053192.168.2.138.8.8.8
    Jan 11, 2025 14:54:53.142920017 CET3480053192.168.2.138.8.8.8
    Jan 11, 2025 14:54:53.148807049 CET53348008.8.8.8192.168.2.13
    Jan 11, 2025 14:54:53.148837090 CET53348008.8.8.8192.168.2.13
    Jan 11, 2025 14:54:53.606620073 CET53348008.8.8.8192.168.2.13
    Jan 11, 2025 14:54:53.606708050 CET3480053192.168.2.138.8.8.8
    Jan 11, 2025 14:54:53.741403103 CET53348008.8.8.8192.168.2.13
    Jan 11, 2025 14:54:53.741543055 CET3480053192.168.2.138.8.8.8
    Jan 11, 2025 14:54:55.606328011 CET53348008.8.8.8192.168.2.13
    Jan 11, 2025 14:54:55.606733084 CET3480053192.168.2.138.8.8.8
    Jan 11, 2025 14:54:55.611687899 CET53348008.8.8.8192.168.2.13

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jan 11, 2025 14:54:53.142887115 CET192.168.2.138.8.8.80xee3Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
    Jan 11, 2025 14:54:53.142920017 CET192.168.2.138.8.8.80xaaf1Standard query (0)daisy.ubuntu.com28IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jan 11, 2025 14:54:53.741403103 CET8.8.8.8192.168.2.130xee3No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
    Jan 11, 2025 14:54:53.741403103 CET8.8.8.8192.168.2.130xee3No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):13:52:08
    Start date (UTC):11/01/2025
    Path:/tmp/x86_64.elf
    Arguments:/tmp/x86_64.elf
    File size:21720 bytes
    MD5 hash:1051bd577f495017e13de6fe2c3b81dd

    Chronological Activities