Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

na.elf

Status: finished
Submission Time: 2025-04-15 02:28:08 +02:00
Malicious
Trojan
Evader
Prometei

Comments

Tags

  • elf

Details

  • Analysis ID:
    1665014
  • API (Web) ID:
    1665014
  • Analysis Started:
    2025-04-15 02:28:08 +02:00
  • Analysis Finished:
    2025-04-15 02:33:42 +02:00
  • MD5:
    1f2fc445540636c0bca08ee232210ac0
  • SHA1:
    01b88b5df24f00b2cfbff81ec0fa2a2ff4d92055
  • SHA256:
    87111d8fd945c477de1e79326436a5e2faaf795468b77c2961fc6579aafb60bd
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

Third Party Analysis Engines

Open Full Report
malicious
Score: 24/64
malicious
Score: 18/36
malicious
malicious

IPs

IP Country Detection
152.36.128.18
 United States
34.249.145.219
 United States
109.202.202.202
 Switzerland
Click to see the 2 hidden entries
91.189.91.43
 United Kingdom
91.189.91.42
 United Kingdom

URLs

Name Detection
http://152.36.128.18/cgi-bin/p.cgi?r=8&i=G695WSUPZ3Z3394V
http://152.36.128.18/cgi-bin/p.cgihttp://dummy.zero/cgi-bin/prometei.cgihttps://gb7ni5rgeexdcncj.oni
http://upx.sf.net
Click to see the 5 hidden entries
http://mkhkjxgchtfgu7uhofxzgoawntfzrkdccymveektqgpxrpjb72oq.b32.i2p/cgi-bin/prometei.cgi
https://gb7ni5rgeexdcncj.onion/cgi-bin/prometei.cgi
http://152.36.128.18/cgi-bin/p.cgi
http://dummy.zero/cgi-bin/prometei.cgi
http://152.36.128

Dropped files

Name File Type Hashes Detection
/etc/CommId
 ASCII text, with no line terminators
 #
/usr/sbin/uplugplay
 ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
 #