Register Login

Deep Malware Analysis

top title background image

na.elf

Status: finished

Submission Time: 2025-04-22 07:18:18 +02:00

Malicious

Trojan

Evader

Prometei

Comments

Tags

Details

Analysis ID:
1670768
API (Web) ID:
1670768
Analysis Started:

2025-04-22 07:18:18 +02:00
Analysis Finished:

2025-04-22 07:23:35 +02:00
MD5:
1124d82a6a4662e53ef2c46800b590cc
SHA1:
58495657d7f3c36db402ed8dfeb0e311c8752f0e
SHA256:
df0b21bcfc6b63f6c309cf9c4d83e85f095ac037500e4993658e4b200c8e59f5
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 92	System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

Third Party Analysis Engines

malicious

Score: 15/36

IPs

IP	Country	Detection
88.198.246.242	Germany

Domains

Name	IP	Detection
p3.feefreepool.net	88.198.246.242

URLs

Name	Detection
http://p3.feefreepool.net/cgi-bin/prometei.cgihttp://dummy.zero/cgi-bin/prometei.cgihttps://gb7ni5rg
https://bugs.launchpad.net/ubuntu/
http://mkhkjxgchtfgu7uhofxzgoawntfzrkdccymveektqgpxrpjb72oq.b32.i2p/cgi-bin/prometei.cgi
Click to see the 7 hidden entries
http://p3.feefreepool.net/cgi-bin/prometei.cgi
https://gb7ni5rgeexdcncj.onion/cgi-bin/prometei.cgi
http://%s/cgi-bin/prometei.cgi
http://%s/cgi-bin/prometei.cgi?r=0&auth=hash&i=%s&enckey=%shttp://%s/cgi-bin/prometei.cgi%m%d%yxinch
https://http:///:.onion.i2p.zeroGET
http://dummy.zero/cgi-bin/prometei.cgi
http://%s/cgi-bin/prometei.cgi?r=0&auth=hash&i=%s&enckey=%s

Dropped files

Name	File Type	Hashes	Detection
/etc/CommId	ASCII text, with no line terminators	#
/usr/sbin/uplugplay	ELF 32-bit MSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), statically linked, for GNU/Linux 3.2.0, BuildID[sha1]=bc565f9f2dafc5618defa8eccf705f85712c87da, stripped	#