Linux
Analysis Report
i686.elf
Overview
General Information
Sample name: | i686.elf |
Analysis ID: | 1619180 |
MD5: | 33035ce545aeca7452edab105f2177d2 |
SHA1: | 24c0f08c09f934ba5b12ff4819372f635cb5c084 |
SHA256: | c4a3a163977fab408cb8d7e57fd31b26a16da129c946e067912160b68bd1a77e |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Mirai
Score: | 80 |
Range: | 0 - 100 |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Performs DNS TXT record lookups
Sample reads /proc/mounts (often used for finding a writable filesystem)
Uses STUN server to do NAT traversial
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1619180 |
Start date and time: | 2025-02-19 16:42:24 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | i686.elf |
Detection: | MAL |
Classification: | mal80.troj.evad.linELF@0/0@3/0 |
- VT rate limit hit for: lib.libre
Command: | /tmp/i686.elf |
PID: | 6231 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life |
Standard Error: |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_9e9530a7 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_807911a2 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_d4227dbf | unknown | unknown |
| |
Linux_Trojan_Gafgyt_d996d335 | unknown | unknown |
| |
Click to see the 3 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_9e9530a7 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_807911a2 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_d4227dbf | unknown | unknown |
| |
Linux_Trojan_Gafgyt_d996d335 | unknown | unknown |
| |
Click to see the 11 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • HIPS / PFW / Operating System Protection Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Networking |
---|
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | UDP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Persistence and Installation Behavior |
---|
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Linux.Backdoor.Gafgyt |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stun.l.google.com | 74.125.250.129 | true | false | high | |
lib.libre | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
154.40.24.23 | unknown | United States | 174 | COGENT-174US | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
220.176.241.21 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
212.75.95.238 | unknown | Sweden | 2119 | TELENOR-NEXTELTelenorNorgeASNO | false | |
12.103.252.200 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
70.103.100.19 | unknown | United States | 7385 | ALLSTREAMUS | false | |
64.23.188.144 | unknown | United States | 3064 | AFFINITY-FTLUS | true | |
74.125.250.129 | stun.l.google.com | United States | 15169 | GOOGLEUS | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
64.23.188.144 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
91.189.91.43 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
91.189.91.42 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CHINANET-BACKBONENo31Jin-rongStreetCN | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
INIT7CH | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
COGENT-174US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
TELENOR-NEXTELTelenorNorgeASNO | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.114546793288269 |
TrID: |
|
File name: | i686.elf |
File size: | 88'768 bytes |
MD5: | 33035ce545aeca7452edab105f2177d2 |
SHA1: | 24c0f08c09f934ba5b12ff4819372f635cb5c084 |
SHA256: | c4a3a163977fab408cb8d7e57fd31b26a16da129c946e067912160b68bd1a77e |
SHA512: | ca2430560516a1e68812259cc57d67b4ca47dc0d9039e490c5100c9da110b25b5a56bc72a09efcacefdf51546e1bd104692bb97e7f2ca796badc7fa66169ea19 |
SSDEEP: | 1536:B39/ggQxmYmoUV3ZuQijyiR3LD344wrivdiPZb58QPN/lrq1n:jymYmoUVJiyituWvdiV588/lrq1 |
TLSH: | 0B833A03B5C08CFED896C2744FAEA136D662F0AD2235716B27D0BE216F5EE111F1B568 |
File Content Preview: | .ELF..............>.......@.....@.......@H..........@.8...@.......................@.......@......B.......B.......................B.......BQ......BQ.....H.......0p..............Q.td....................................................H...._....*...H........ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 3 |
Section Header Offset: | 84032 |
Section Header Size: | 64 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x4000e8 | 0xe8 | 0x13 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x400100 | 0x100 | 0x11156 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x411256 | 0x11256 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x411280 | 0x11280 | 0x3030 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x5142b8 | 0x142b8 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.dtors | PROGBITS | 0x5142c8 | 0x142c8 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.data | PROGBITS | 0x5142e0 | 0x142e0 | 0x520 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x514800 | 0x14800 | 0x6ae8 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0x14800 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x142b0 | 0x142b0 | 6.3704 | 0x5 | R E | 0x100000 | .init .text .fini .rodata | |
LOAD | 0x142b8 | 0x5142b8 | 0x5142b8 | 0x548 | 0x7030 | 2.3831 | 0x6 | RW | 0x100000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 |
Download Network PCAP: filtered – full
- Total Packets: 67
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 19, 2025 16:43:06.239919901 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 19, 2025 16:43:06.808532953 CET | 47038 | 23 | 192.168.2.23 | 154.40.24.23 |
Feb 19, 2025 16:43:06.813736916 CET | 23 | 47038 | 154.40.24.23 | 192.168.2.23 |
Feb 19, 2025 16:43:06.813910007 CET | 47038 | 23 | 192.168.2.23 | 154.40.24.23 |
Feb 19, 2025 16:43:06.841527939 CET | 42974 | 23 | 192.168.2.23 | 220.176.241.21 |
Feb 19, 2025 16:43:06.846086979 CET | 60236 | 23 | 192.168.2.23 | 70.103.100.19 |
Feb 19, 2025 16:43:06.846559048 CET | 23 | 42974 | 220.176.241.21 | 192.168.2.23 |
Feb 19, 2025 16:43:06.846620083 CET | 42974 | 23 | 192.168.2.23 | 220.176.241.21 |
Feb 19, 2025 16:43:06.851067066 CET | 23 | 60236 | 70.103.100.19 | 192.168.2.23 |
Feb 19, 2025 16:43:06.851232052 CET | 60236 | 23 | 192.168.2.23 | 70.103.100.19 |
Feb 19, 2025 16:43:06.853027105 CET | 38212 | 23 | 192.168.2.23 | 12.103.252.200 |
Feb 19, 2025 16:43:06.858968973 CET | 23 | 38212 | 12.103.252.200 | 192.168.2.23 |
Feb 19, 2025 16:43:06.859009027 CET | 38212 | 23 | 192.168.2.23 | 12.103.252.200 |
Feb 19, 2025 16:43:06.871018887 CET | 40008 | 23 | 192.168.2.23 | 212.75.95.238 |
Feb 19, 2025 16:43:06.875971079 CET | 23 | 40008 | 212.75.95.238 | 192.168.2.23 |
Feb 19, 2025 16:43:06.876049995 CET | 40008 | 23 | 192.168.2.23 | 212.75.95.238 |
Feb 19, 2025 16:43:06.903052092 CET | 38212 | 23 | 192.168.2.23 | 12.103.252.200 |
Feb 19, 2025 16:43:06.903053999 CET | 40008 | 23 | 192.168.2.23 | 212.75.95.238 |
Feb 19, 2025 16:43:06.903053999 CET | 60236 | 23 | 192.168.2.23 | 70.103.100.19 |
Feb 19, 2025 16:43:06.903063059 CET | 42974 | 23 | 192.168.2.23 | 220.176.241.21 |
Feb 19, 2025 16:43:06.903074026 CET | 47038 | 23 | 192.168.2.23 | 154.40.24.23 |
Feb 19, 2025 16:43:06.908132076 CET | 23 | 38212 | 12.103.252.200 | 192.168.2.23 |
Feb 19, 2025 16:43:06.908242941 CET | 38212 | 23 | 192.168.2.23 | 12.103.252.200 |
Feb 19, 2025 16:43:06.908274889 CET | 23 | 40008 | 212.75.95.238 | 192.168.2.23 |
Feb 19, 2025 16:43:06.908282042 CET | 23 | 60236 | 70.103.100.19 | 192.168.2.23 |
Feb 19, 2025 16:43:06.908286095 CET | 23 | 47038 | 154.40.24.23 | 192.168.2.23 |
Feb 19, 2025 16:43:06.908291101 CET | 23 | 42974 | 220.176.241.21 | 192.168.2.23 |
Feb 19, 2025 16:43:06.908313990 CET | 60236 | 23 | 192.168.2.23 | 70.103.100.19 |
Feb 19, 2025 16:43:06.908314943 CET | 47038 | 23 | 192.168.2.23 | 154.40.24.23 |
Feb 19, 2025 16:43:06.908356905 CET | 40008 | 23 | 192.168.2.23 | 212.75.95.238 |
Feb 19, 2025 16:43:06.908369064 CET | 42974 | 23 | 192.168.2.23 | 220.176.241.21 |
Feb 19, 2025 16:43:08.904047966 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:08.909066916 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:08.909147978 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:09.488562107 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:09.488626003 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:09.581159115 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:09.581217051 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:11.619059086 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 19, 2025 16:43:12.638926029 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Feb 19, 2025 16:43:13.540966034 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:13.546540976 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:23.549429893 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:23.554744959 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:23.554845095 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:23.559951067 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:27.228972912 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 19, 2025 16:43:36.731590986 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:36.736733913 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:36.736816883 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:43:36.741940975 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:37.467449903 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 19, 2025 16:43:43.610629082 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Feb 19, 2025 16:43:50.870881081 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:43:50.870959997 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:00.876193047 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:00.881217003 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:44:00.881303072 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:00.887028933 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:44:08.183211088 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 19, 2025 16:44:15.570141077 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:15.575372934 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:44:15.575423002 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:15.580568075 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:44:28.660288095 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 19, 2025 16:44:30.576076984 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:30.581212997 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:44:30.581269979 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:30.586298943 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:44:45.582096100 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:45.587328911 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:44:45.587420940 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:44:45.592541933 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:00.143996000 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:00.149097919 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:00.149152040 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:00.155272007 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:01.896770000 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:01.896876097 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:14.897958040 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:14.903242111 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:14.903326988 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:14.908333063 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:28.800040007 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:28.805119991 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:28.805244923 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:28.810512066 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:41.361053944 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:41.366153955 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:41.366219997 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:41.371212006 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:54.778991938 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:54.784132004 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:45:54.784204960 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:45:54.789210081 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:46:08.466439962 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:46:08.473768950 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:46:08.473882914 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:46:08.478977919 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:46:22.140077114 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:46:22.145169020 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:46:22.145215988 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:46:22.150268078 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:46:23.922230959 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:46:23.922358036 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:46:36.218687057 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:46:36.223843098 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Feb 19, 2025 16:46:36.223952055 CET | 56448 | 10298 | 192.168.2.23 | 64.23.188.144 |
Feb 19, 2025 16:46:36.229091883 CET | 10298 | 56448 | 64.23.188.144 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 19, 2025 16:43:06.864604950 CET | 41945 | 53 | 192.168.2.23 | 192.3.165.37 |
Feb 19, 2025 16:43:08.895504951 CET | 37232 | 53 | 192.168.2.23 | 130.61.64.122 |
Feb 19, 2025 16:43:08.902905941 CET | 53 | 37232 | 130.61.64.122 | 192.168.2.23 |
Feb 19, 2025 16:43:09.909574986 CET | 39660 | 53 | 192.168.2.23 | 8.8.8.8 |
Feb 19, 2025 16:43:09.924650908 CET | 53 | 39660 | 8.8.8.8 | 192.168.2.23 |
Feb 19, 2025 16:43:09.924794912 CET | 51781 | 19302 | 192.168.2.23 | 74.125.250.129 |
Feb 19, 2025 16:43:10.392249107 CET | 19302 | 51781 | 74.125.250.129 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 19, 2025 16:43:06.864604950 CET | 192.168.2.23 | 192.3.165.37 | 0xb137 | Standard query (0) | 16 | IN (0x0001) | false | |
Feb 19, 2025 16:43:08.895504951 CET | 192.168.2.23 | 130.61.64.122 | 0x906d | Standard query (0) | 16 | IN (0x0001) | false | |
Feb 19, 2025 16:43:09.909574986 CET | 192.168.2.23 | 8.8.8.8 | 0x47ae | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 19, 2025 16:43:08.902905941 CET | 130.61.64.122 | 192.168.2.23 | 0x906d | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
Feb 19, 2025 16:43:09.924650908 CET | 8.8.8.8 | 192.168.2.23 | 0x47ae | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 15:43:04 |
Start date (UTC): | 19/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | /tmp/i686.elf |
File size: | 88768 bytes |
MD5 hash: | 33035ce545aeca7452edab105f2177d2 |
Start time (UTC): | 15:43:05 |
Start date (UTC): | 19/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | - |
File size: | 88768 bytes |
MD5 hash: | 33035ce545aeca7452edab105f2177d2 |
Start time (UTC): | 15:43:05 |
Start date (UTC): | 19/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | - |
File size: | 88768 bytes |
MD5 hash: | 33035ce545aeca7452edab105f2177d2 |
Start time (UTC): | 15:43:05 |
Start date (UTC): | 19/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | - |
File size: | 88768 bytes |
MD5 hash: | 33035ce545aeca7452edab105f2177d2 |
Start time (UTC): | 15:43:06 |
Start date (UTC): | 19/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | - |
File size: | 88768 bytes |
MD5 hash: | 33035ce545aeca7452edab105f2177d2 |