Edit tour

Linux Analysis Report
mips.elf

Overview

General Information

Sample name:mips.elf
Analysis ID:1654176
MD5:6575643658d174a9bd49f7077a16983b
SHA1:84a9ce200105fb21b94d72cdf3557291c3ebee72
SHA256:262668cd1b21f5ca7ab0e1e78a2194dc7635a6ce195f5b31a67222659a88631c
Tags:elfuser-abuse_ch
Infos:
Errors
  • No or unstable Internet during analysis

Detection

Score:48
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1654176
Start date and time:2025-04-02 02:58:15 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 59s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mips.elf
Detection:MAL
Classification:mal48.linELF@0/2@0/0
  • No or unstable Internet during analysis
  • Excluded IPs from analysis (whitelisted): 8.8.4.4
Command:/tmp/mips.elf
PID:6261
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
For God so loved the world
Standard Error:
  • system is lnxubuntu20
  • mips.elf (PID: 6261, Parent: 6182, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.elf
    • mips.elf New Fork (PID: 6265, Parent: 6261)
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: mips.elfAvira: detected
Source: global trafficTCP traffic: 192.168.2.23:44774 -> 216.73.156.19:26141
Source: /tmp/mips.elf (PID: 6265)Socket: 127.0.0.1:22448Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknownUDP traffic detected without corresponding DNS query: 208.67.220.220
Source: mips.elf, 6261.1.00007fbb78457000.00007fbb78461000.rw-.sdmpString found in binary or memory: http://0/t/wget.sh
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.linELF@0/2@0/0
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1582/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1579/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1698/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1334/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1576/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/2302/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/236/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/237/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/910/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/912/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/2307/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/918/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/15/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/6245/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/16/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/6244/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/17/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1594/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/120/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/121/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1349/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/122/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/243/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/123/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/124/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/3/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/4/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/125/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/126/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1344/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1465/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1586/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/127/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/6/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/248/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/128/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/249/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1463/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/9/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/801/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/20/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/21/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1900/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/22/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/23/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/24/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/25/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/26/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/27/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/28/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/29/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/491/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/250/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/130/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/251/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/252/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/132/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/253/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/254/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/255/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/256/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1599/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/257/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1477/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/379/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/258/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1476/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/259/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/6129/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/30/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/2208/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/35/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1809/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/1494/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)File opened: /proc/260/cmdlineJump to behavior
Source: /tmp/mips.elf (PID: 6261)Queries kernel information via 'uname': Jump to behavior
Source: mips.elf, 6261.1.00007ffdedb03000.00007ffdedb24000.rw-.sdmpBinary or memory string: /tmp/qemu-open.fQMC4A
Source: mips.elf, 6261.1.00007fbb78457000.00007fbb78461000.rw-.sdmpBinary or memory string: vmwarem
Source: mips.elf, 6261.1.00007fbb78457000.00007fbb78461000.rw-.sdmpBinary or memory string: vmware
Source: mips.elf, 6261.1.00007fbb78457000.00007fbb78461000.rw-.sdmpBinary or memory string: qemu-arm2QB
Source: mips.elf, 6261.1.000055abace67000.000055abacf0e000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
Source: mips.elf, 6261.1.00007fbb78457000.00007fbb78461000.rw-.sdmpBinary or memory string: qemu-arm
Source: mips.elf, 6261.1.000055abace67000.000055abacf0e000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: mips.elf, 6261.1.00007ffdedb03000.00007ffdedb24000.rw-.sdmpBinary or memory string: U/tmp/qemu-open.fQMC4A\
Source: mips.elf, 6261.1.00007ffdedb03000.00007ffdedb24000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.elf
Source: mips.elf, 6261.1.00007ffdedb03000.00007ffdedb24000.rw-.sdmpBinary or memory string: %s/qemu-op
Source: mips.elf, 6261.1.00007ffdedb03000.00007ffdedb24000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
Source: mips.elf, 6261.1.00007ffdedb03000.00007ffdedb24000.rw-.sdmpBinary or memory string: MPDIR%s/qemu-op
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1654176 Sample: mips.elf Startdate: 02/04/2025 Architecture: LINUX Score: 48 11 216.73.156.19, 26141, 44774 WINDSTREAMUS United States 2->11 13 109.202.202.202, 80 INIT7CH Switzerland 2->13 15 2 other IPs or domains 2->15 17 Antivirus / Scanner detection for submitted sample 2->17 7 mips.elf 2->7         started        signatures3 process4 process5 9 mips.elf 7->9         started       
SourceDetectionScannerLabelLink
mips.elf100%AviraEXP/ELF.Agent.J.8
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://0/t/wget.shmips.elf, 6261.1.00007fbb78457000.00007fbb78461000.rw-.sdmpfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    216.73.156.19
    unknownUnited States
    7029WINDSTREAMUSfalse
    109.202.202.202
    unknownSwitzerland
    13030INIT7CHfalse
    91.189.91.43
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    91.189.91.42
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    216.73.156.19ppc.elfGet hashmaliciousUnknownBrowse
      arm.elfGet hashmaliciousUnknownBrowse
        kmips.elfGet hashmaliciousUnknownBrowse
          mips.elfGet hashmaliciousUnknownBrowse
            109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
            • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
            91.189.91.43arm5.elfGet hashmaliciousUnknownBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                na.elfGet hashmaliciousPrometeiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    na.elfGet hashmaliciousPrometeiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        na.elfGet hashmaliciousPrometeiBrowse
                          na.elfGet hashmaliciousPrometeiBrowse
                            na.elfGet hashmaliciousPrometeiBrowse
                              na.elfGet hashmaliciousPrometeiBrowse
                                91.189.91.42arm5.elfGet hashmaliciousUnknownBrowse
                                  na.elfGet hashmaliciousPrometeiBrowse
                                    na.elfGet hashmaliciousPrometeiBrowse
                                      na.elfGet hashmaliciousPrometeiBrowse
                                        na.elfGet hashmaliciousPrometeiBrowse
                                          na.elfGet hashmaliciousPrometeiBrowse
                                            na.elfGet hashmaliciousPrometeiBrowse
                                              na.elfGet hashmaliciousPrometeiBrowse
                                                na.elfGet hashmaliciousPrometeiBrowse
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                    No context
                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CANONICAL-ASGBarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    arc.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    CANONICAL-ASGBarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    arc.elfGet hashmaliciousUnknownBrowse
                                                    • 185.125.190.26
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 91.189.91.42
                                                    WINDSTREAMUSarm4.elfGet hashmaliciousUnknownBrowse
                                                    • 209.92.198.134
                                                    ppc.elfGet hashmaliciousMiraiBrowse
                                                    • 66.0.246.92
                                                    mpsl.elfGet hashmaliciousUnknownBrowse
                                                    • 184.81.122.185
                                                    mssecsvc.exe.exeGet hashmaliciousWannacryBrowse
                                                    • 207.106.28.14
                                                    bimbo-m68k.elfGet hashmaliciousUnknownBrowse
                                                    • 66.16.127.142
                                                    bimbo-mpsl.elfGet hashmaliciousUnknownBrowse
                                                    • 64.196.215.27
                                                    bimbo-ppc.elfGet hashmaliciousUnknownBrowse
                                                    • 71.16.36.149
                                                    bimbo-x86.elfGet hashmaliciousUnknownBrowse
                                                    • 209.254.199.0
                                                    k03ldc.ppc.elfGet hashmaliciousUnknownBrowse
                                                    • 71.23.128.33
                                                    k03ldc.arm7.elfGet hashmaliciousMiraiBrowse
                                                    • 66.217.135.65
                                                    INIT7CHarm5.elfGet hashmaliciousUnknownBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                    • 109.202.202.202
                                                    No context
                                                    No context
                                                    Process:/tmp/mips.elf
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):14
                                                    Entropy (8bit):3.378783493486176
                                                    Encrypted:false
                                                    SSDEEP:3:TgaLGn:TgAG
                                                    MD5:640E98E7A87EC50F267F24DBC141D4DD
                                                    SHA1:BC19B1CF25759386125D933665A8B429D9AE7E26
                                                    SHA-256:6976993806B7CE05EA0AAA6BC975462833B19CF0D6DD4C9480F26FBAF66AF31D
                                                    SHA-512:3887FBDFA33FF58EF35DDD9B1A2C9BDD611208904D8D371B2AFFE6E97F4C2EDA7A5BAA9786BDD3857AB6B31FE933CBE7290E7D9223671670A9BC739D457D4BA9
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:/tmp/mips.elf.
                                                    Process:/tmp/mips.elf
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):14
                                                    Entropy (8bit):3.378783493486176
                                                    Encrypted:false
                                                    SSDEEP:3:TgaLGn:TgAG
                                                    MD5:640E98E7A87EC50F267F24DBC141D4DD
                                                    SHA1:BC19B1CF25759386125D933665A8B429D9AE7E26
                                                    SHA-256:6976993806B7CE05EA0AAA6BC975462833B19CF0D6DD4C9480F26FBAF66AF31D
                                                    SHA-512:3887FBDFA33FF58EF35DDD9B1A2C9BDD611208904D8D371B2AFFE6E97F4C2EDA7A5BAA9786BDD3857AB6B31FE933CBE7290E7D9223671670A9BC739D457D4BA9
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:/tmp/mips.elf.
                                                    File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                                                    Entropy (8bit):5.405542275491713
                                                    TrID:
                                                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                    File name:mips.elf
                                                    File size:93'280 bytes
                                                    MD5:6575643658d174a9bd49f7077a16983b
                                                    SHA1:84a9ce200105fb21b94d72cdf3557291c3ebee72
                                                    SHA256:262668cd1b21f5ca7ab0e1e78a2194dc7635a6ce195f5b31a67222659a88631c
                                                    SHA512:23ca9afc0f4f0e17b2f37ebc0a2c3dac3e24261ed038d68d08e971fd4fc3262e44504b681e9e765645333f77eaed97b8b43b83928b307c56f40ee205de893814
                                                    SSDEEP:1536:y4IpDtuAJiIpUn5DAtQKY0S1a72DnQQ377esOiAXn:y1pDtuAJiIiZAmKX2Dn57xAXn
                                                    TLSH:0D93D70E6E35CFADF269C33447B74A31A39923C523E1C685D26CE2151F6434EA45FBA8
                                                    File Content Preview:.ELF.....................@.`...4..j......4. ...(.............@...@....T0..T0..............`..E`..E`....4..l$........dt.Q............................<...'......!'.......................<...'......!... ....'9... ......................<...'..h...!........'9:

                                                    ELF header

                                                    Class:ELF32
                                                    Data:2's complement, big endian
                                                    Version:1 (current)
                                                    Machine:MIPS R3000
                                                    Version Number:0x1
                                                    Type:EXEC (Executable file)
                                                    OS/ABI:UNIX - System V
                                                    ABI Version:0
                                                    Entry Point Address:0x400260
                                                    Flags:0x1007
                                                    ELF Header Size:52
                                                    Program Header Offset:52
                                                    Program Header Size:32
                                                    Number of Program Headers:3
                                                    Section Header Offset:92800
                                                    Section Header Size:40
                                                    Number of Section Headers:12
                                                    Header String Table Index:11
                                                    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                    NULL0x00x00x00x00x0000
                                                    .initPROGBITS0x4000940x940x8c0x00x6AX004
                                                    .textPROGBITS0x4001200x1200x13a000x00x6AX0016
                                                    .finiPROGBITS0x413b200x13b200x5c0x00x6AX004
                                                    .rodataPROGBITS0x413b800x13b800x18b00x00x2A0016
                                                    .ctorsPROGBITS0x4560000x160000x80x00x3WA004
                                                    .dtorsPROGBITS0x4560080x160080x80x00x3WA004
                                                    .dataPROGBITS0x4560200x160200x4400x00x3WA0016
                                                    .gotPROGBITS0x4564600x164600x5d40x40x10000003WAp0016
                                                    .sbssNOBITS0x456a340x16a340x1c0x00x10000003WAp004
                                                    .bssNOBITS0x456a500x16a340x61d40x00x3WA0016
                                                    .shstrtabSTRTAB0x00x16a340x490x00x0001
                                                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                    LOAD0x00x4000000x4000000x154300x154305.56070x5R E0x10000.init .text .fini .rodata
                                                    LOAD0x160000x4560000x4560000xa340x6c243.72310x6RW 0x10000.ctors .dtors .data .got .sbss .bss
                                                    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                    Download Network PCAP: filteredfull

                                                    • Total Packets: 35
                                                    • 26141 undefined
                                                    • 443 (HTTPS)
                                                    • 80 (HTTP)
                                                    • 53 (DNS)
                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 2, 2025 02:59:01.881042004 CEST43928443192.168.2.2391.189.91.42
                                                    Apr 2, 2025 02:59:07.512222052 CEST42836443192.168.2.2391.189.91.43
                                                    Apr 2, 2025 02:59:08.536269903 CEST4251680192.168.2.23109.202.202.202
                                                    Apr 2, 2025 02:59:22.870093107 CEST43928443192.168.2.2391.189.91.42
                                                    Apr 2, 2025 02:59:33.108781099 CEST42836443192.168.2.2391.189.91.43
                                                    Apr 2, 2025 02:59:35.754688978 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 02:59:35.926551104 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 02:59:35.926884890 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 02:59:36.099754095 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 02:59:36.099991083 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 02:59:36.271502972 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 02:59:36.271733999 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 02:59:39.251600981 CEST4251680192.168.2.23109.202.202.202
                                                    Apr 2, 2025 02:59:55.724937916 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 02:59:55.725081921 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 03:00:03.824242115 CEST43928443192.168.2.2391.189.91.42
                                                    Apr 2, 2025 03:00:10.738605976 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 03:00:10.901077032 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 03:00:10.901155949 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 03:00:11.069791079 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 03:00:24.301405907 CEST42836443192.168.2.2391.189.91.43
                                                    Apr 2, 2025 03:00:29.748955965 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 03:00:29.912041903 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 03:00:29.912295103 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 03:00:30.070755005 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 03:00:48.489808083 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 03:00:48.651129007 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 03:00:48.651570082 CEST4477426141192.168.2.23216.73.156.19
                                                    Apr 2, 2025 03:00:48.819184065 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 03:00:56.352277040 CEST2614144774216.73.156.19192.168.2.23
                                                    Apr 2, 2025 03:00:56.352582932 CEST4477426141192.168.2.23216.73.156.19
                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 2, 2025 02:59:07.725874901 CEST3729553192.168.2.23208.67.222.222
                                                    Apr 2, 2025 02:59:09.727864027 CEST4683453192.168.2.23208.67.220.220
                                                    Apr 2, 2025 02:59:11.729923964 CEST4393353192.168.2.238.8.8.8
                                                    Apr 2, 2025 02:59:13.731920004 CEST3600753192.168.2.238.8.8.8
                                                    Apr 2, 2025 02:59:15.733781099 CEST5953853192.168.2.23208.67.222.222
                                                    Apr 2, 2025 02:59:17.735743999 CEST4423453192.168.2.23208.67.222.222
                                                    Apr 2, 2025 02:59:21.738131046 CEST5240853192.168.2.23208.67.220.220
                                                    Apr 2, 2025 02:59:23.740107059 CEST4945253192.168.2.23208.67.222.222
                                                    Apr 2, 2025 02:59:25.741873026 CEST3675153192.168.2.23208.67.220.220
                                                    Apr 2, 2025 02:59:29.745790958 CEST4106853192.168.2.238.8.8.8
                                                    Apr 2, 2025 02:59:31.747672081 CEST5299953192.168.2.23208.67.220.220
                                                    Apr 2, 2025 02:59:33.749650002 CEST4837153192.168.2.23208.67.220.220
                                                    Apr 2, 2025 02:59:36.931724072 CEST4802953192.168.2.23208.67.220.220
                                                    Apr 2, 2025 02:59:38.933763981 CEST5072653192.168.2.23208.67.220.220
                                                    Apr 2, 2025 02:59:40.935796022 CEST4451553192.168.2.23208.67.220.220

                                                    System Behavior

                                                    Start time (UTC):00:59:05
                                                    Start date (UTC):02/04/2025
                                                    Path:/tmp/mips.elf
                                                    Arguments:-
                                                    File size:5777432 bytes
                                                    MD5 hash:0083f1f0e77be34ad27f849842bbb00c