Edit tour

Linux Analysis Report
sync.arm7.elf

Overview

General Information

Sample name:	sync.arm7.elf
Analysis ID:	1637902
MD5:	8a6109d58a08dd6e18e72999fdea5e7e
SHA1:	e33eb5d16a428ef6693aba34336ffa43a800b644
SHA256:	597e16b001de0eefc8eee2ebcfb53e6c670f94c4fdc42ded8f5e42d7ec25c76b
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	72
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Performs DNS TXT record lookups

Sample deletes itself

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Sample has stripped symbol table

Sleeps for long times indicative of sandbox evasion

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637902
Start date and time:	2025-03-14 01:47:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	sync.arm7.elf
Detection:	MAL
Classification:	mal72.evad.linELF@0/0@54/0

Warnings

VT rate limit hit for: dnsresolve.socialgains.cf

Runtime Messages

Command:	/tmp/sync.arm7.elf
PID:	6271
Exit Code:	1
Exit Code Info:
Killed:	False
Standard Output:	Infect
Standard Error:

Process Tree

system is lnxubuntu20

sync.arm7.elf (PID: 6271, Parent: 6192, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/sync.arm7.elf

sync.arm7.elf New Fork (PID: 6273, Parent: 6271)

sync.arm7.elf New Fork (PID: 6275, Parent: 6273)

dash New Fork (PID: 6282, Parent: 4331)

rm (PID: 6282, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.8qFPUqxga1 /tmp/tmp.KKoCOey2qq /tmp/tmp.Ik5SJzv8Ic

dash New Fork (PID: 6283, Parent: 4331)

rm (PID: 6283, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.8qFPUqxga1 /tmp/tmp.KKoCOey2qq /tmp/tmp.Ik5SJzv8Ic

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

ET MALWARE Potential DNS Command and Control via TXT queries

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-14T01:49:20.682155+0100	2013514	1	A Network Trojan was detected	192.168.2.23	60647	8.8.8.8	53	UDP

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• HIPS / PFW / Operating System Protection Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: sync.arm7.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: sync.arm7.elf	Virustotal: Detection: 45%			Perma Link
Source: sync.arm7.elf	ReversingLabs: Detection: 60%

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.23:60647 -> 8.8.8.8:53

Source: global traffic

TCP traffic: 192.168.2.23:55782 -> 142.44.232.40:61003

Source: unknown

DNS traffic detected: query: dnsresolve.socialgains.cf replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.44.232.40
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: dnsresolve.socialgains.cf

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39256
Source: unknown	Network traffic detected: HTTP traffic on port 39256 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal72.evad.linELF@0/0@54/0

Source: /usr/bin/dash (PID: 6282)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.8qFPUqxga1 /tmp/tmp.KKoCOey2qq /tmp/tmp.Ik5SJzv8Ic			Jump to behavior
Source: /usr/bin/dash (PID: 6283)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.8qFPUqxga1 /tmp/tmp.KKoCOey2qq /tmp/tmp.Ik5SJzv8Ic			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/sync.arm7.elf (PID: 6271)

File: /tmp/sync.arm7.elf

Jump to behavior

Source: /tmp/sync.arm7.elf (PID: 6275)	Sleeps longer then 60s: 60.0s			Jump to behavior
Source: /tmp/sync.arm7.elf (PID: 6275)	Sleeps longer then 60s: 60.0s			Jump to behavior

Source: /tmp/sync.arm7.elf (PID: 6271)

Queries kernel information via 'uname':

Jump to behavior

Source: sync.arm7.elf, 6271.1.000055c8a5bc8000.000055c8a5d17000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: sync.arm7.elf, 6271.1.000055c8a5bc8000.000055c8a5d17000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: sync.arm7.elf, 6271.1.00007ffe3cb7e000.00007ffe3cb9f000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: sync.arm7.elf, 6271.1.00007ffe3cb7e000.00007ffe3cb9f000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/sync.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sync.arm7.elf

HIPS / PFW / Operating System Protection Evasion

Performs DNS TXT record lookups

Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: Traffic	DNS traffic detected: queries for: dnsresolve.socialgains.cf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Virtualization/Sandbox Evasion	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	11 File Deletion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
sync.arm7.elf	45%	Virustotal		Browse
sync.arm7.elf	61%	ReversingLabs	Linux.Backdoor.Mirai
sync.arm7.elf	100%	Avira	ANDROID/AVE.Agent.xdjci

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dnsresolve.socialgains.cf	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.249.145.219	unknown	United States	16509	AMAZON-02US	false
142.44.232.40	unknown	Canada	16276	OVHFR	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
34.249.145.219	na.elf	Get hash	malicious	Prometei	Browse
	boatnet.arm6.elf	Get hash	malicious	Mirai	Browse
	NewAge3ATOmpsl.elf	Get hash	malicious	Unknown	Browse
	NewAge3ATOx86.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	zerarm5.elf	Get hash	malicious	Unknown	Browse
	zerm68k.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.42	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	re.bot.mpsl.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	arm-20250314-0007.elf	Get hash	malicious	Mirai	Browse
	zBOVQFssy2.elf	Get hash	malicious	Unknown	Browse
	bot.x86.elf	Get hash	malicious	Mirai, Okiru	Browse
	bot.arm.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	na.elf	Get hash	malicious	Prometei	Browse	185.125.190.26
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	re.bot.mpsl.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	arm-20250314-0007.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	zBOVQFssy2.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	bot.x86.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
INIT7CH	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	re.bot.mpsl.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	arm-20250314-0007.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	zBOVQFssy2.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	bot.x86.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
	bot.arm.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	109.202.202.202
AMAZON-02US	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	na.elf	Get hash	malicious	Prometei	Browse	54.171.230.55
	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	https://uphlold-llogijn.godaddysites.com/	Get hash	malicious	Unknown	Browse	13.248.243.5
	Synapse X (Cracked By Henri) (1).exe	Get hash	malicious	Unknown	Browse	52.216.52.64
OVHFR	general2.exe	Get hash	malicious	XWorm	Browse	91.134.10.182
	https://hospitalnews.com/paramedics-in-six-provinces-to-provide-palliative-care-in-the-home/	Get hash	malicious	Unknown	Browse	198.100.159.124
	faktura_FV2025020660849.html	Get hash	malicious	Unknown	Browse	54.39.128.117
	AAHiVVNIKQESryT.exe	Get hash	malicious	FormBook	Browse	51.222.255.207
	http://observalgerie.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	37.59.22.41
	https://saleemitraders.com/wp/confirm.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	158.69.25.207
	faktura_FV2025020637756.html	Get hash	malicious	Unknown	Browse	149.56.240.129
	https://sceanmcommnunmnlty.com/xroea/spwoe/zxiwe	Get hash	malicious	Unknown	Browse	91.134.10.168
	http://feirao2025.com.br/consulta/	Get hash	malicious	Unknown	Browse	91.134.60.128
	miori.arm.elf	Get hash	malicious	Unknown	Browse	142.44.221.81

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.09255647319265
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	sync.arm7.elf
File size:	87'572 bytes
MD5:	8a6109d58a08dd6e18e72999fdea5e7e
SHA1:	e33eb5d16a428ef6693aba34336ffa43a800b644
SHA256:	597e16b001de0eefc8eee2ebcfb53e6c670f94c4fdc42ded8f5e42d7ec25c76b
SHA512:	673737b695986faa4104aadb40771c3f01c1278863510f96fda741dd6be4fff1757b1d370e03760979980652f80d3f59c5df37d1305b6b9302ab514efabd58d1
SSDEEP:	1536:/An2B7KrKPKwKKKuK1xbCTkwImwSIgcp7MawRNLm5S/dlj3iall/nh6Y79a5f:57KrKPKwKKKuK1gImrIT7MawRNLmUHl+
TLSH:	3D83394AF8816B11D4D526BEFE0E1289335347BDE3EE7112DE244B2037DAA6B0F76512
File Content Preview:	.ELF..............(.........4....S......4. ...(........pPM..P...P...................................hN..hN...............P...P...P..H....................P...P...P..................Q.td..................................-...L..................@-.,@...0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8194
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	86972
Section Header Size:	40
Number of Section Headers:	15
Header String Table Index:	14

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0
.init	PROGBITS	0x80d4	0xd4	0x10	0x0	0x6	AX	0	4
.text	PROGBITS	0x80f0	0xf0	0x130e0	0x0	0x6	AX	0	16
.fini	PROGBITS	0x1b1d0	0x131d0	0x10	0x0	0x6	AX	0	4
.rodata	PROGBITS	0x1b1e0	0x131e0	0x1b58	0x0	0x2	A	0	8
.ARM.extab	PROGBITS	0x1cd38	0x14d38	0x18	0x0	0x2	A	0	4
.ARM.exidx	ARM_EXIDX	0x1cd50	0x14d50	0x118	0x0	0x82	AL	2	4
.eh_frame	PROGBITS	0x25000	0x15000	0x4	0x0	0x3	WA	0	4
.tbss	NOBITS	0x25004	0x15004	0x8	0x0	0x403	WAT	0	4
.init_array	INIT_ARRAY	0x25004	0x15004	0x4	0x0	0x3	WA	0	4
.fini_array	FINI_ARRAY	0x25008	0x15008	0x4	0x0	0x3	WA	0	4
.got	PROGBITS	0x25010	0x15010	0xa8	0x4	0x3	WA	0	4
.data	PROGBITS	0x250b8	0x150b8	0x290	0x0	0x3	WA	0	4
.bss	NOBITS	0x25348	0x15348	0xb094	0x0	0x3	WA	0	4
.shstrtab	STRTAB	0x0	0x15348	0x73	0x0	0x0		0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x14d50	0x1cd50	0x1cd50	0x118	0x118	4.5184	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x14e68	0x14e68	6.1233	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x15000	0x25000	0x25000	0x348	0xb3dc	4.7415	0x6	RW	0x8000	.eh_frame .tbss .init_array .fini_array .got .data .bss
TLS	0x15004	0x25004	0x25004	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-14T01:49:20.682155+0100	2013514	ET MALWARE Potential DNS Command and Control via TXT queries	1	192.168.2.23	60647	8.8.8.8	53	UDP

Network Port Distribution

Total Packets: 71
• 61003 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:48:39.246177912 CET	43928	443	192.168.2.23	91.189.91.42
Mar 14, 2025 01:48:51.820359945 CET	443	39256	34.249.145.219	192.168.2.23
Mar 14, 2025 01:48:51.820664883 CET	39256	443	192.168.2.23	34.249.145.219
Mar 14, 2025 01:48:51.825330973 CET	443	39256	34.249.145.219	192.168.2.23
Mar 14, 2025 01:48:54.996675014 CET	55782	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:48:55.001435041 CET	61003	55782	142.44.232.40	192.168.2.23
Mar 14, 2025 01:48:55.001497030 CET	55782	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:48:55.001600981 CET	55782	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:48:55.006275892 CET	61003	55782	142.44.232.40	192.168.2.23
Mar 14, 2025 01:48:55.627985001 CET	42516	80	192.168.2.23	109.202.202.202
Mar 14, 2025 01:48:59.723351002 CET	43928	443	192.168.2.23	91.189.91.42
Mar 14, 2025 01:49:16.379539013 CET	61003	55782	142.44.232.40	192.168.2.23
Mar 14, 2025 01:49:16.380043030 CET	55782	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:49:16.384747982 CET	61003	55782	142.44.232.40	192.168.2.23
Mar 14, 2025 01:49:33.292141914 CET	55784	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:49:33.297003984 CET	61003	55784	142.44.232.40	192.168.2.23
Mar 14, 2025 01:49:33.297136068 CET	55784	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:49:33.297136068 CET	55784	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:49:33.301815987 CET	61003	55784	142.44.232.40	192.168.2.23
Mar 14, 2025 01:49:40.677731037 CET	43928	443	192.168.2.23	91.189.91.42
Mar 14, 2025 01:49:54.679085970 CET	61003	55784	142.44.232.40	192.168.2.23
Mar 14, 2025 01:49:54.679287910 CET	55784	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:49:54.684067011 CET	61003	55784	142.44.232.40	192.168.2.23
Mar 14, 2025 01:50:11.527545929 CET	55786	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:50:11.532357931 CET	61003	55786	142.44.232.40	192.168.2.23
Mar 14, 2025 01:50:11.532423019 CET	55786	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:50:11.532449007 CET	55786	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:50:11.537201881 CET	61003	55786	142.44.232.40	192.168.2.23
Mar 14, 2025 01:50:32.916548967 CET	61003	55786	142.44.232.40	192.168.2.23
Mar 14, 2025 01:50:32.917330027 CET	55786	61003	192.168.2.23	142.44.232.40
Mar 14, 2025 01:50:32.922055006 CET	61003	55786	142.44.232.40	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:48:39.134820938 CET	55553	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:48:39.236597061 CET	53	55553	1.0.0.1	192.168.2.23
Mar 14, 2025 01:48:40.239078045 CET	41346	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:48:40.254486084 CET	53	41346	8.8.8.8	192.168.2.23
Mar 14, 2025 01:48:41.256154060 CET	42948	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:48:41.281104088 CET	53	42948	1.0.0.1	192.168.2.23
Mar 14, 2025 01:48:42.283035994 CET	53497	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:48:42.415119886 CET	53	53497	1.0.0.1	192.168.2.23
Mar 14, 2025 01:48:43.417748928 CET	53395	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:48:43.444219112 CET	53	53395	8.8.4.4	192.168.2.23
Mar 14, 2025 01:48:44.446897984 CET	48734	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:48:44.462861061 CET	53	48734	8.8.4.4	192.168.2.23
Mar 14, 2025 01:48:45.464740992 CET	52602	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:48:45.480025053 CET	53	52602	8.8.8.8	192.168.2.23
Mar 14, 2025 01:48:46.481627941 CET	41703	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:48:46.506474018 CET	53	41703	1.1.1.1	192.168.2.23
Mar 14, 2025 01:48:47.507992029 CET	46202	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:48:47.647207975 CET	53	46202	1.0.0.1	192.168.2.23
Mar 14, 2025 01:48:48.648840904 CET	42367	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:48:48.673717022 CET	53	42367	1.1.1.1	192.168.2.23
Mar 14, 2025 01:48:49.675889015 CET	48685	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:48:49.777173042 CET	53	48685	1.1.1.1	192.168.2.23
Mar 14, 2025 01:48:50.780131102 CET	56138	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:48:50.795197010 CET	53	56138	8.8.8.8	192.168.2.23
Mar 14, 2025 01:48:51.796993017 CET	38436	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:48:51.825294971 CET	53	38436	8.8.4.4	192.168.2.23
Mar 14, 2025 01:48:52.829308987 CET	40630	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:48:52.855660915 CET	53	40630	8.8.4.4	192.168.2.23
Mar 14, 2025 01:48:53.858429909 CET	33087	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:48:53.994760036 CET	53	33087	1.0.0.1	192.168.2.23
Mar 14, 2025 01:49:17.382390022 CET	51604	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:49:17.406884909 CET	53	51604	1.0.0.1	192.168.2.23
Mar 14, 2025 01:49:18.408164978 CET	35286	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:49:18.544640064 CET	53	35286	1.0.0.1	192.168.2.23
Mar 14, 2025 01:49:19.547591925 CET	38894	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:49:19.679615021 CET	53	38894	1.0.0.1	192.168.2.23
Mar 14, 2025 01:49:20.682154894 CET	60647	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:49:20.696975946 CET	53	60647	8.8.8.8	192.168.2.23
Mar 14, 2025 01:49:21.698385000 CET	57217	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:49:21.801558018 CET	53	57217	1.1.1.1	192.168.2.23
Mar 14, 2025 01:49:22.802974939 CET	45356	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:49:22.827456951 CET	53	45356	1.1.1.1	192.168.2.23
Mar 14, 2025 01:49:23.828758001 CET	48415	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:49:23.933381081 CET	53	48415	1.1.1.1	192.168.2.23
Mar 14, 2025 01:49:24.934823036 CET	44476	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:49:25.070182085 CET	53	44476	8.8.8.8	192.168.2.23
Mar 14, 2025 01:49:26.072407961 CET	58490	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:49:26.176239014 CET	53	58490	1.0.0.1	192.168.2.23
Mar 14, 2025 01:49:27.178355932 CET	39482	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:49:27.193649054 CET	53	39482	8.8.8.8	192.168.2.23
Mar 14, 2025 01:49:28.195244074 CET	54695	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:49:28.210820913 CET	53	54695	8.8.4.4	192.168.2.23
Mar 14, 2025 01:49:29.212079048 CET	43556	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:49:29.227672100 CET	53	43556	8.8.4.4	192.168.2.23
Mar 14, 2025 01:49:30.230143070 CET	58749	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:49:30.244966030 CET	53	58749	8.8.8.8	192.168.2.23
Mar 14, 2025 01:49:31.246786118 CET	46545	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:49:31.271733999 CET	53	46545	1.0.0.1	192.168.2.23
Mar 14, 2025 01:49:32.273381948 CET	33180	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:49:32.290241957 CET	53	33180	8.8.8.8	192.168.2.23
Mar 14, 2025 01:49:55.681885004 CET	59226	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:49:55.697074890 CET	53	59226	8.8.8.8	192.168.2.23
Mar 14, 2025 01:49:56.699244976 CET	45081	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:49:56.818214893 CET	53	45081	1.1.1.1	192.168.2.23
Mar 14, 2025 01:49:57.820002079 CET	42327	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:49:57.844325066 CET	53	42327	1.0.0.1	192.168.2.23
Mar 14, 2025 01:49:58.846312046 CET	33674	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:49:58.965168953 CET	53	33674	1.0.0.1	192.168.2.23
Mar 14, 2025 01:49:59.967566967 CET	38761	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:49:59.982523918 CET	53	38761	8.8.4.4	192.168.2.23
Mar 14, 2025 01:50:00.984344959 CET	36683	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:50:01.015083075 CET	53	36683	1.1.1.1	192.168.2.23
Mar 14, 2025 01:50:02.016998053 CET	53288	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:50:02.051023960 CET	53	53288	1.0.0.1	192.168.2.23
Mar 14, 2025 01:50:03.052995920 CET	50933	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:50:03.171473026 CET	53	50933	1.1.1.1	192.168.2.23
Mar 14, 2025 01:50:04.173093081 CET	46030	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:50:04.278285980 CET	53	46030	1.0.0.1	192.168.2.23
Mar 14, 2025 01:50:05.279972076 CET	37454	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:50:05.295125961 CET	53	37454	8.8.4.4	192.168.2.23
Mar 14, 2025 01:50:06.296962023 CET	43011	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:50:06.321554899 CET	53	43011	1.1.1.1	192.168.2.23
Mar 14, 2025 01:50:07.323278904 CET	46866	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:50:07.369757891 CET	53	46866	8.8.8.8	192.168.2.23
Mar 14, 2025 01:50:08.371293068 CET	57081	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:50:08.386274099 CET	53	57081	8.8.8.8	192.168.2.23
Mar 14, 2025 01:50:09.387614965 CET	36518	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:50:09.403037071 CET	53	36518	8.8.8.8	192.168.2.23
Mar 14, 2025 01:50:10.404441118 CET	47052	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:50:10.526216030 CET	53	47052	1.0.0.1	192.168.2.23
Mar 14, 2025 01:50:33.919358015 CET	52132	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:50:33.944494963 CET	53	52132	1.1.1.1	192.168.2.23
Mar 14, 2025 01:50:34.945955038 CET	44796	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:50:35.083549976 CET	53	44796	1.1.1.1	192.168.2.23
Mar 14, 2025 01:50:36.085597038 CET	57012	53	192.168.2.23	8.8.4.4
Mar 14, 2025 01:50:36.100718975 CET	53	57012	8.8.4.4	192.168.2.23
Mar 14, 2025 01:50:37.102365971 CET	33970	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:50:37.230719090 CET	53	33970	1.1.1.1	192.168.2.23
Mar 14, 2025 01:50:38.232395887 CET	54807	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:50:38.371865988 CET	53	54807	1.1.1.1	192.168.2.23
Mar 14, 2025 01:50:39.373466015 CET	32959	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:50:39.388720036 CET	53	32959	8.8.8.8	192.168.2.23
Mar 14, 2025 01:50:40.390295029 CET	57873	53	192.168.2.23	1.0.0.1
Mar 14, 2025 01:50:40.529112101 CET	53	57873	1.0.0.1	192.168.2.23
Mar 14, 2025 01:50:41.531939030 CET	55843	53	192.168.2.23	8.8.8.8
Mar 14, 2025 01:50:41.546344995 CET	53	55843	8.8.8.8	192.168.2.23
Mar 14, 2025 01:50:42.549210072 CET	48978	53	192.168.2.23	1.1.1.1
Mar 14, 2025 01:50:42.574299097 CET	53	48978	1.1.1.1	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 14, 2025 01:48:39.134820938 CET	192.168.2.23	1.0.0.1	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:40.239078045 CET	192.168.2.23	8.8.8.8	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:41.256154060 CET	192.168.2.23	1.0.0.1	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:42.283035994 CET	192.168.2.23	1.0.0.1	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:43.417748928 CET	192.168.2.23	8.8.4.4	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:44.446897984 CET	192.168.2.23	8.8.4.4	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:45.464740992 CET	192.168.2.23	8.8.8.8	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:46.481627941 CET	192.168.2.23	1.1.1.1	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:47.507992029 CET	192.168.2.23	1.0.0.1	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:48.648840904 CET	192.168.2.23	1.1.1.1	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:49.675889015 CET	192.168.2.23	1.1.1.1	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:50.780131102 CET	192.168.2.23	8.8.8.8	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:51.796993017 CET	192.168.2.23	8.8.4.4	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:52.829308987 CET	192.168.2.23	8.8.4.4	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:48:53.858429909 CET	192.168.2.23	1.0.0.1	0xd490	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:17.382390022 CET	192.168.2.23	1.0.0.1	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:18.408164978 CET	192.168.2.23	1.0.0.1	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:19.547591925 CET	192.168.2.23	1.0.0.1	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:20.682154894 CET	192.168.2.23	8.8.8.8	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:21.698385000 CET	192.168.2.23	1.1.1.1	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:22.802974939 CET	192.168.2.23	1.1.1.1	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:23.828758001 CET	192.168.2.23	1.1.1.1	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:24.934823036 CET	192.168.2.23	8.8.8.8	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:26.072407961 CET	192.168.2.23	1.0.0.1	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:27.178355932 CET	192.168.2.23	8.8.8.8	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:28.195244074 CET	192.168.2.23	8.8.4.4	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:29.212079048 CET	192.168.2.23	8.8.4.4	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:30.230143070 CET	192.168.2.23	8.8.8.8	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:31.246786118 CET	192.168.2.23	1.0.0.1	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:32.273381948 CET	192.168.2.23	8.8.8.8	0x694f	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:55.681885004 CET	192.168.2.23	8.8.8.8	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:56.699244976 CET	192.168.2.23	1.1.1.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:57.820002079 CET	192.168.2.23	1.0.0.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:58.846312046 CET	192.168.2.23	1.0.0.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:49:59.967566967 CET	192.168.2.23	8.8.4.4	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:00.984344959 CET	192.168.2.23	1.1.1.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:02.016998053 CET	192.168.2.23	1.0.0.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:03.052995920 CET	192.168.2.23	1.1.1.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:04.173093081 CET	192.168.2.23	1.0.0.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:05.279972076 CET	192.168.2.23	8.8.4.4	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:06.296962023 CET	192.168.2.23	1.1.1.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:07.323278904 CET	192.168.2.23	8.8.8.8	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:08.371293068 CET	192.168.2.23	8.8.8.8	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:09.387614965 CET	192.168.2.23	8.8.8.8	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:10.404441118 CET	192.168.2.23	1.0.0.1	0x3c6e	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:33.919358015 CET	192.168.2.23	1.1.1.1	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:34.945955038 CET	192.168.2.23	1.1.1.1	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:36.085597038 CET	192.168.2.23	8.8.4.4	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:37.102365971 CET	192.168.2.23	1.1.1.1	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:38.232395887 CET	192.168.2.23	1.1.1.1	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:39.373466015 CET	192.168.2.23	8.8.8.8	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:40.390295029 CET	192.168.2.23	1.0.0.1	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:41.531939030 CET	192.168.2.23	8.8.8.8	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false
Mar 14, 2025 01:50:42.549210072 CET	192.168.2.23	1.1.1.1	0xc7e8	Standard query (0)	dnsresolve.socialgains.cf	16	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 14, 2025 01:48:39.236597061 CET	1.0.0.1	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:40.254486084 CET	8.8.8.8	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:41.281104088 CET	1.0.0.1	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:42.415119886 CET	1.0.0.1	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:43.444219112 CET	8.8.4.4	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:44.462861061 CET	8.8.4.4	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:45.480025053 CET	8.8.8.8	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:46.506474018 CET	1.1.1.1	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:47.647207975 CET	1.0.0.1	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:48.673717022 CET	1.1.1.1	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:49.777173042 CET	1.1.1.1	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:50.795197010 CET	8.8.8.8	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:51.825294971 CET	8.8.4.4	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:52.855660915 CET	8.8.4.4	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:48:53.994760036 CET	1.0.0.1	192.168.2.23	0xd490	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:17.406884909 CET	1.0.0.1	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:18.544640064 CET	1.0.0.1	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:19.679615021 CET	1.0.0.1	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:20.696975946 CET	8.8.8.8	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:21.801558018 CET	1.1.1.1	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:22.827456951 CET	1.1.1.1	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:23.933381081 CET	1.1.1.1	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:25.070182085 CET	8.8.8.8	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:26.176239014 CET	1.0.0.1	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:27.193649054 CET	8.8.8.8	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:28.210820913 CET	8.8.4.4	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:29.227672100 CET	8.8.4.4	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:30.244966030 CET	8.8.8.8	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:31.271733999 CET	1.0.0.1	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:32.290241957 CET	8.8.8.8	192.168.2.23	0x694f	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:55.697074890 CET	8.8.8.8	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:56.818214893 CET	1.1.1.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:57.844325066 CET	1.0.0.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:58.965168953 CET	1.0.0.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:49:59.982523918 CET	8.8.4.4	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:01.015083075 CET	1.1.1.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:02.051023960 CET	1.0.0.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:03.171473026 CET	1.1.1.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:04.278285980 CET	1.0.0.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:05.295125961 CET	8.8.4.4	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:06.321554899 CET	1.1.1.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:07.369757891 CET	8.8.8.8	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:08.386274099 CET	8.8.8.8	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:09.403037071 CET	8.8.8.8	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:10.526216030 CET	1.0.0.1	192.168.2.23	0x3c6e	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:33.944494963 CET	1.1.1.1	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:35.083549976 CET	1.1.1.1	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:36.100718975 CET	8.8.4.4	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:37.230719090 CET	1.1.1.1	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:38.371865988 CET	1.1.1.1	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:39.388720036 CET	8.8.8.8	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:40.529112101 CET	1.0.0.1	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:41.546344995 CET	8.8.8.8	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false
Mar 14, 2025 01:50:42.574299097 CET	1.1.1.1	192.168.2.23	0xc7e8	Name error (3)	dnsresolve.socialgains.cf	none	none	16	IN (0x0001)	false

System Behavior

Analysis Process: sync.arm7.elf PID: 6271, Parent PID: 6192

General

Start time (UTC):	00:48:38
Start date (UTC):	14/03/2025
Path:	/tmp/sync.arm7.elf
Arguments:	/tmp/sync.arm7.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

File Activities

File Opened

File Deleted

File Read

Directory Deleted

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: sync.arm7.elf PID: 6273, Parent PID: 6271

General

Start time (UTC):	00:48:38
Start date (UTC):	14/03/2025
Path:	/tmp/sync.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Process Activities

Process Forked

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: sync.arm7.elf PID: 6275, Parent PID: 6273

General

Start time (UTC):	00:48:38
Start date (UTC):	14/03/2025
Path:	/tmp/sync.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Process Activities

Thread Sleep

Chronological Activities

Analysis Process: dash PID: 6282, Parent PID: 4331

General

Start time (UTC):	00:48:51
Start date (UTC):	14/03/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6282, Parent PID: 4331

General

Start time (UTC):	00:48:51
Start date (UTC):	14/03/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.8qFPUqxga1 /tmp/tmp.KKoCOey2qq /tmp/tmp.Ik5SJzv8Ic
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

File Deleted

File Read

Chronological Activities

Analysis Process: dash PID: 6283, Parent PID: 4331

General

Start time (UTC):	00:48:51
Start date (UTC):	14/03/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6283, Parent PID: 4331

General

Start time (UTC):	00:48:51
Start date (UTC):	14/03/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.8qFPUqxga1 /tmp/tmp.KKoCOey2qq /tmp/tmp.Ik5SJzv8Ic
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report sync.arm7.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: sync.arm7.elf PID: 6271, Parent PID: 6192

General

File Activities

File Opened

File Deleted

File Read

Directory Deleted

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: sync.arm7.elf PID: 6273, Parent PID: 6271

General

Process Activities

Process Forked

Linux Analysis Report
sync.arm7.elf