Edit tour

Linux Analysis Report
bot.i486.elf

Overview

General Information

Sample name:	bot.i486.elf
Analysis ID:	1671910
MD5:	d696effe3fa83dd1daec511187a5554e
SHA1:	1f2ee7bf1cefe22ae28052aa6df15306614c51fe
SHA256:	4ca24b72cdcb14e1948e01f480dbaf39042f98fb91eeefbb6cdd61a330041177
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	60
Range:	0 - 100

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Contains symbols with names commonly found in malware

Executes the "rm" command used to delete files or directories

Sample and/or dropped files contains symbols with suspicious names

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1671910
Start date and time:	2025-04-23 12:12:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	bot.i486.elf
Detection:	MAL
Classification:	mal60.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/bot.i486.elf
PID:	6232
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

bot.i486.elf (PID: 6232, Parent: 6155, MD5: d696effe3fa83dd1daec511187a5554e) Arguments: /tmp/bot.i486.elf

bot.i486.elf New Fork (PID: 6233, Parent: 6232)

dash New Fork (PID: 6288, Parent: 4331)

rm (PID: 6288, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.Jqw8vI3RPK /tmp/tmp.CADM4lX4xv /tmp/tmp.Wn7iLqPsuo

dash New Fork (PID: 6289, Parent: 4331)

rm (PID: 6289, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.Jqw8vI3RPK /tmp/tmp.CADM4lX4xv /tmp/tmp.Wn7iLqPsuo

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
bot.i486.elf	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0xc0af:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00

Memory Dumps

Source	Rule	Description	Author	Strings
6232.1.0000000008048000.0000000008056000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0xc0af:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
6233.1.0000000008048000.0000000008056000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0xc0af:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Persistence and Installation Behavior

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: bot.i486.elf

ReversingLabs: Detection: 13%

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219

Source: unknown	Network traffic detected: HTTP traffic on port 39246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39246
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: bot.i486.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6232.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6233.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample

Name: attack_running

Source: bot.i486.elf

ELF static info symbol of initial sample: execute_command

Source: bot.i486.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6232.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6233.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16

Source: classification engine

Classification label: mal60.linELF@0/0@0/0

Source: /usr/bin/dash (PID: 6288)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.Jqw8vI3RPK /tmp/tmp.CADM4lX4xv /tmp/tmp.Wn7iLqPsuo			Jump to behavior
Source: /usr/bin/dash (PID: 6289)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.Jqw8vI3RPK /tmp/tmp.CADM4lX4xv /tmp/tmp.Wn7iLqPsuo			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
bot.i486.elf	14%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.249.145.219	unknown	United States	16509	AMAZON-02US	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
34.249.145.219	meihao.mpsl.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	bin.sh.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	meihao.mpsl.elf	Get hash	malicious	Unknown	Browse
	meihao.arm6.elf	Get hash	malicious	Mirai	Browse
	meihao.arc.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	i.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	bin.sh.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
91.189.91.42	meihao.mpsl.elf	Get hash	malicious	Unknown	Browse
	meihao.arm6.elf	Get hash	malicious	Mirai	Browse
	meihao.arc.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	i.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	bin.sh.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	meihao.mpsl.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	meihao.arm6.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	meihao.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	bin.sh.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	185.125.190.26
CANONICAL-ASGB	meihao.mpsl.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	meihao.arm6.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	meihao.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	bin.sh.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	185.125.190.26
INIT7CH	meihao.mpsl.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	meihao.arm6.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	meihao.arc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	bin.sh.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
AMAZON-02US	meihao.mpsl.elf	Get hash	malicious	Mirai	Browse	54.217.77.5
	meihao.mpsl.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	https://coinrh.com/	Get hash	malicious	Unknown	Browse	13.33.21.102
	Modelo3_hcib.vbs	Get hash	malicious	Unknown	Browse	3.3.9.1
	https://coinrh.com/	Get hash	malicious	Unknown	Browse	13.33.21.102
	spreadsheet.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://fromsmash.com/TBlvw0JrK4-ct?e=cmVnaW9uYWxAZm9zdGVyLWdhbWtvLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	18.154.132.127
	na.elf	Get hash	malicious	Prometei	Browse	54.171.230.55
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	i.elf	Get hash	malicious	Unknown	Browse	54.171.230.55

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	6.268875071580512
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	bot.i486.elf
File size:	76'151 bytes
MD5:	d696effe3fa83dd1daec511187a5554e
SHA1:	1f2ee7bf1cefe22ae28052aa6df15306614c51fe
SHA256:	4ca24b72cdcb14e1948e01f480dbaf39042f98fb91eeefbb6cdd61a330041177
SHA512:	fac3141a357d80497406b708015ce10e0ef0092ed8c4b5dd33b59133378efb2c199d9b0e45e2851aca14d6e47f5f10c2a4a426510a4c25698067e12e3e87ad20
SSDEEP:	1536:kIO/+qAEPI/wqnJofOx9WUH31gT2dy8Gr0E9eFB305:kpPI/wJWq2xO00eFBG
TLSH:	2E734C49F793E4B2C8870B7102ABA7798730ED520725CE1AE31C7FF49E22781B55A61D
File Content Preview:	.ELF....................d...4...........4. ...(.....................0...0...............0...0h..0h..0...x...........Q.td................................t..../..................U......=`i...t..D....................h......h......u........t....h0h...........

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	62856
Section Header Size:	40
Number of Section Headers:	25
Header String Table Index:	22

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x8048094	0x94	0x11	0x0	0x6	AX	0	0	1
.text	PROGBITS	0x80480b0	0xb0	0xc754	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x8054804	0xc804	0xc	0x0	0x6	AX	0	0	1
.rodata	PROGBITS	0x8054820	0xc820	0x1010	0x0	0x2	A	0	0	32
.eh_frame	PROGBITS	0x8056830	0xd830	0x74	0x0	0x3	WA	0	0	4
.ctors	PROGBITS	0x80568a4	0xd8a4	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x80568ac	0xd8ac	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x80568b4	0xd8b4	0x4	0x0	0x3	WA	0	0	4
.got.plt	PROGBITS	0x80568b8	0xd8b8	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x80568c4	0xd8c4	0x9c	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x8056960	0xd960	0x648	0x0	0x3	WA	0	0	32
.comment	PROGBITS	0x0	0xd960	0x894	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0xe1f4	0x40	0x0	0x0		0	0	1
.debug_pubnames	PROGBITS	0x0	0xe234	0x40	0x0	0x0		0	0	1
.debug_info	PROGBITS	0x0	0xe274	0x60a	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0xe87e	0x2ac	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0xeb2a	0x190	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0xecbc	0x80	0x0	0x0		0	0	4
.debug_str	PROGBITS	0x0	0xed3c	0x127	0x1	0x30	MS	0	0	1
.debug_loc	PROGBITS	0x0	0xee63	0x5dd	0x0	0x0		0	0	1
.debug_ranges	PROGBITS	0x0	0xf440	0x60	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0xf4a0	0xe5	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0xf970	0x1d50	0x10	0x0		24	232	4
.strtab	STRTAB	0x0	0x116c0	0x12b7	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0xd830	0xd830	6.4178	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xd830	0x8056830	0x8056830	0x130	0x778	2.4699	0x6	RW	0x1000	.eh_frame .ctors .dtors .jcr .got.plt .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x8048094	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80480b0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x8054804	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x8054820	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x8056830	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x80568a4	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x80568ac	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x80568b4	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x80568b8	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x80568c4	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x8056960	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
_DYNAMIC	.symtab	0x0	0	NOTYPE	<unknown>	HIDDEN	SHN_UNDEF
_Exit	.symtab	0x804dd00	21	FUNC	<unknown>	DEFAULT	2
_Exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_GLOBAL_OFFSET_TABLE_	.symtab	0x80568b8	0	OBJECT	<unknown>	HIDDEN	9
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__CTOR_END__	.symtab	0x80568a8	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x80568a4	0	OBJECT	<unknown>	DEFAULT	6
__DTOR_END__	.symtab	0x80568b0	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x80568ac	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x8056830	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x80568a0	0	OBJECT	<unknown>	DEFAULT	5
__JCR_END__	.symtab	0x80568b4	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x80568b4	0	OBJECT	<unknown>	DEFAULT	8
___environ	.symtab	0x8056de4	4	OBJECT	<unknown>	DEFAULT	11
__aio_close	.symtab	0x804c208	5	FUNC	<unknown>	DEFAULT	2
__block_all_sigs	.symtab	0x804c0c3	31	FUNC	<unknown>	DEFAULT	2
__block_app_sigs	.symtab	0x804c0a4	31	FUNC	<unknown>	DEFAULT	2
__bss_start	.symtab	0x8056960	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__clock_gettime	.symtab	0x804d958	87	FUNC	<unknown>	DEFAULT	2
__copy_tls	.symtab	0x804daf4	96	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info_bases	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__dn_expand	.symtab	0x804eaf8	222	FUNC	<unknown>	DEFAULT	2
__dns_parse	.symtab	0x804ebd8	302	FUNC	<unknown>	DEFAULT	2
__do_cleanup_pop	.symtab	0x804d8e8	1	FUNC	<unknown>	DEFAULT	2
__do_cleanup_push	.symtab	0x804d8e8	1	FUNC	<unknown>	DEFAULT	2
__do_global_ctors_aux	.symtab	0x80547d0	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x80480b0	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x80568c4	0	OBJECT	<unknown>	HIDDEN	10
__environ	.symtab	0x8056de4	4	OBJECT	<unknown>	DEFAULT	11
__environ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__errno_location	.symtab	0x8048c5c	10	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__expand_heap	.symtab	0x804e900	389	FUNC	<unknown>	DEFAULT	2
__fclose_ca	.symtab	0x804c168	9	FUNC	<unknown>	DEFAULT	2
__fclose_ca.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__fini_array_end	.symtab	0x80568a4	0	NOTYPE	<unknown>	HIDDEN	6
__fini_array_start	.symtab	0x80568a4	0	NOTYPE	<unknown>	HIDDEN	6
__floatscan	.symtab	0x8051a10	8068	FUNC	<unknown>	DEFAULT	2
__fopen_rb_ca	.symtab	0x804c174	145	FUNC	<unknown>	DEFAULT	2
__fopen_rb_ca.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__fork_handler	.symtab	0x804bfec	1	FUNC	<unknown>	DEFAULT	2
__fpclassifyl	.symtab	0x8053994	103	FUNC	<unknown>	DEFAULT	2
__fpclassifyl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__fsmu8	.symtab	0x8055764	204	OBJECT	<unknown>	DEFAULT	4
__funcs_on_exit	.symtab	0x8048c68	1	FUNC	<unknown>	DEFAULT	2
__fwritex	.symtab	0x804f2e0	152	FUNC	<unknown>	DEFAULT	2
__get_handler_set	.symtab	0x804eec4	23	FUNC	<unknown>	DEFAULT	2
__hwcap	.symtab	0x8056f40	4	OBJECT	<unknown>	DEFAULT	11
__inet_aton	.symtab	0x805400c	234	FUNC	<unknown>	DEFAULT	2
__init_array_end	.symtab	0x80568a4	0	NOTYPE	<unknown>	HIDDEN	6
__init_array_start	.symtab	0x80568a4	0	NOTYPE	<unknown>	HIDDEN	6
__init_ssp	.symtab	0x8048ad9	1	FUNC	<unknown>	DEFAULT	2
__init_tls	.symtab	0x804db54	324	FUNC	<unknown>	DEFAULT	2
__init_tls.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__intscan	.symtab	0x804dd20	1929	FUNC	<unknown>	DEFAULT	2
__isalnum_l	.symtab	0x804daec	5	FUNC	<unknown>	DEFAULT	2
__isoc99_sscanf	.symtab	0x804c574	30	FUNC	<unknown>	DEFAULT	2
__isoc99_vfscanf	.symtab	0x8050d8a	2436	FUNC	<unknown>	DEFAULT	2
__isoc99_vsscanf	.symtab	0x804c698	89	FUNC	<unknown>	DEFAULT	2
__lctrans	.symtab	0x804e895	5	FUNC	<unknown>	DEFAULT	2
__lctrans.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lctrans_cur	.symtab	0x804e89a	32	FUNC	<unknown>	DEFAULT	2
__lctrans_impl	.symtab	0x804e890	5	FUNC	<unknown>	DEFAULT	2
__libc	.symtab	0x8056f60	52	OBJECT	<unknown>	DEFAULT	11
__libc_sigaction	.symtab	0x804eedb	331	FUNC	<unknown>	DEFAULT	2
__libc_start_main	.symtab	0x8048ada	386	FUNC	<unknown>	DEFAULT	2
__libc_start_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lock	.symtab	0x804d813	52	FUNC	<unknown>	DEFAULT	2
__lock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lockfile	.symtab	0x804f099	78	FUNC	<unknown>	DEFAULT	2
__lockfile.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lookup_ipliteral	.symtab	0x804ed5c	357	FUNC	<unknown>	DEFAULT	2
__lookup_name	.symtab	0x804a87f	2097	FUNC	<unknown>	DEFAULT	2
__lookup_serv	.symtab	0x804b0b0	746	FUNC	<unknown>	DEFAULT	2
__madvise	.symtab	0x8049f64	33	FUNC	<unknown>	DEFAULT	2
__malloc0	.symtab	0x8049f20	65	FUNC	<unknown>	DEFAULT	2
__memcpy_fwd	.symtab	0x804ced0	0	NOTYPE	<unknown>	HIDDEN	2
__mmap	.symtab	0x8049f89	162	FUNC	<unknown>	DEFAULT	2
__mremap	.symtab	0x804a02c	64	FUNC	<unknown>	DEFAULT	2
__munmap	.symtab	0x804a06d	44	FUNC	<unknown>	DEFAULT	2
__ofl_lock	.symtab	0x8054425	22	FUNC	<unknown>	DEFAULT	2
__ofl_unlock	.symtab	0x8054414	17	FUNC	<unknown>	DEFAULT	2
__overflow	.symtab	0x8054108	108	FUNC	<unknown>	DEFAULT	2
__overflow.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__progname	.symtab	0x8056984	4	OBJECT	<unknown>	DEFAULT	11
__progname_full	.symtab	0x8056988	4	OBJECT	<unknown>	DEFAULT	11
__pthread_setcancelstate	.symtab	0x804d92c	42	FUNC	<unknown>	DEFAULT	2
__register_frame_info_bases	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__res_mkquery	.symtab	0x804b440	387	FUNC	<unknown>	DEFAULT	2
__res_msend	.symtab	0x804b5fe	1963	FUNC	<unknown>	DEFAULT	2
__restore	.symtab	0x80540f8	0	FUNC	<unknown>	DEFAULT	2
__restore_rt	.symtab	0x8054100	0	FUNC	<unknown>	DEFAULT	2
__restore_sigs	.symtab	0x804c0e2	31	FUNC	<unknown>	DEFAULT	2
__set_thread_area	.symtab	0x8051794	0	FUNC	<unknown>	DEFAULT	2
__shgetc	.symtab	0x804e530	273	FUNC	<unknown>	DEFAULT	2
__shlim	.symtab	0x804e4b0	118	FUNC	<unknown>	DEFAULT	2
__sigaction	.symtab	0x804f026	42	FUNC	<unknown>	DEFAULT	2
__signbitl	.symtab	0x80539fc	35	FUNC	<unknown>	DEFAULT	2
__signbitl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__simple_malloc	.symtab	0x8048d10	245	FUNC	<unknown>	DEFAULT	2
__static_tls	.symtab	0x8056f98	16	OBJECT	<unknown>	DEFAULT	11
__stderr_used	.symtab	0x80568d0	4	OBJECT	<unknown>	DEFAULT	10
__stdin_used	.symtab	0x8056f18	4	OBJECT	<unknown>	DEFAULT	11
__stdio_close	.symtab	0x804c20d	39	FUNC	<unknown>	DEFAULT	2
__stdio_close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdio_exit	.symtab	0x80543e5	47	FUNC	<unknown>	DEFAULT	2
__stdio_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdio_exit_needed	.symtab	0x80543e5	47	FUNC	<unknown>	DEFAULT	2
__stdio_read	.symtab	0x804c234	155	FUNC	<unknown>	DEFAULT	2
__stdio_read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdio_seek	.symtab	0x804c2d0	124	FUNC	<unknown>	DEFAULT	2
__stdio_seek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdio_write	.symtab	0x804f0e8	204	FUNC	<unknown>	DEFAULT	2
__stdio_write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdout_used	.symtab	0x8056f18	4	OBJECT	<unknown>	DEFAULT	11
__stpcpy	.symtab	0x8051710	131	FUNC	<unknown>	DEFAULT	2
__stpncpy	.symtab	0x8054440	206	FUNC	<unknown>	DEFAULT	2
__strchrnul	.symtab	0x804d030	203	FUNC	<unknown>	DEFAULT	2
__strerror_l	.symtab	0x804dc98	74	FUNC	<unknown>	DEFAULT	2
__string_read	.symtab	0x804f1b4	93	FUNC	<unknown>	DEFAULT	2
__string_read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__strtoimax_internal	.symtab	0x804cd86	5	FUNC	<unknown>	DEFAULT	2
__strtol_internal	.symtab	0x804cd2a	31	FUNC	<unknown>	DEFAULT	2
__strtoll_internal	.symtab	0x804cd65	33	FUNC	<unknown>	DEFAULT	2
__strtoul_internal	.symtab	0x804cd49	28	FUNC	<unknown>	DEFAULT	2
__strtoull_internal	.symtab	0x804cd8b	33	FUNC	<unknown>	DEFAULT	2
__strtoumax_internal	.symtab	0x804cdac	5	FUNC	<unknown>	DEFAULT	2
__syscall	.symtab	0x8048ce7	0	FUNC	<unknown>	HIDDEN	2
__syscall_cp	.symtab	0x804d848	5	FUNC	<unknown>	DEFAULT	2
__syscall_cp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_cp_c	.symtab	0x804d84d	5	FUNC	<unknown>	DEFAULT	2
__syscall_ret	.symtab	0x804e650	39	FUNC	<unknown>	DEFAULT	2
__sysinfo	.symtab	0x8056f94	4	OBJECT	<unknown>	HIDDEN	11
__sysv_signal	.symtab	0x804c104	98	FUNC	<unknown>	DEFAULT	2
__toread	.symtab	0x8054174	104	FUNC	<unknown>	DEFAULT	2
__toread.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__toread_needs_stdio_exit	.symtab	0x80541dc	5	FUNC	<unknown>	DEFAULT	2
__towrite	.symtab	0x80541e4	65	FUNC	<unknown>	DEFAULT	2
__towrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__towrite_needs_stdio_exit	.symtab	0x8054225	5	FUNC	<unknown>	DEFAULT	2
__udivdi3	.symtab	0x8054510	331	FUNC	<unknown>	HIDDEN	2
__uflow	.symtab	0x804f214	54	FUNC	<unknown>	DEFAULT	2
__uflow.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__umoddi3	.symtab	0x8054660	367	FUNC	<unknown>	HIDDEN	2
__unlock	.symtab	0x804d7cc	71	FUNC	<unknown>	DEFAULT	2
__unlockfile	.symtab	0x804f050	73	FUNC	<unknown>	DEFAULT	2
__vdsosym	.symtab	0x804e680	525	FUNC	<unknown>	DEFAULT	2
__vm_wait	.symtab	0x8049f88	1	FUNC	<unknown>	DEFAULT	2
__vsyscall	.symtab	0x8048c9c	0	FUNC	<unknown>	HIDDEN	2
__vsyscall6	.symtab	0x8048ccd	0	FUNC	<unknown>	HIDDEN	2
__wait	.symtab	0x804d854	148	FUNC	<unknown>	DEFAULT	2
__wait.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_edata	.symtab	0x8056960	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x8056fa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_environ	.symtab	0x8056de4	4	OBJECT	<unknown>	DEFAULT	11
_fini	.symtab	0x8054804	0	NOTYPE	<unknown>	DEFAULT	3
_init	.symtab	0x8048094	0	NOTYPE	<unknown>	DEFAULT	1
_pthread_cleanup_pop	.symtab	0x804d8ff	44	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push	.symtab	0x804d8e9	22	FUNC	<unknown>	DEFAULT	2
_start	.symtab	0x8048164	0	NOTYPE	<unknown>	DEFAULT	2
_start_c	.symtab	0x804817f	35	FUNC	<unknown>	DEFAULT	2
addrcmp	.symtab	0x804a6a1	15	FUNC	<unknown>	DEFAULT	2
all_mask	.symtab	0x80549e8	8	OBJECT	<unknown>	DEFAULT	4
alloc_fwd	.symtab	0x8049070	561	FUNC	<unknown>	DEFAULT	2
alloc_rev	.symtab	0x8048e10	594	FUNC	<unknown>	DEFAULT	2
app_mask	.symtab	0x80549e0	8	OBJECT	<unknown>	DEFAULT	4
arg_n	.symtab	0x8050d70	26	FUNC	<unknown>	DEFAULT	2
attack_running	.symtab	0x8056980	4	OBJECT	<unknown>	DEFAULT	11
authenticate	.symtab	0x8048611	157	FUNC	<unknown>	DEFAULT	2
bind	.symtab	0x804eaa4	83	FUNC	<unknown>	DEFAULT	2
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
block.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bot.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk.1727	.symtab	0x8056f04	4	OBJECT	<unknown>	DEFAULT	11
bsd_signal	.symtab	0x804c104	98	FUNC	<unknown>	DEFAULT	2
buf	.symtab	0x8056dd8	8	OBJECT	<unknown>	DEFAULT	11
builtin_tls	.symtab	0x8056de8	280	OBJECT	<unknown>	DEFAULT	11
calloc	.symtab	0x804e8c0	63	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
cgt.1877	.symtab	0x8056de0	4	OBJECT	<unknown>	DEFAULT	11
cleanup	.symtab	0x804b5c4	15	FUNC	<unknown>	DEFAULT	2
cleanup	.symtab	0x80481a4	43	FUNC	<unknown>	DEFAULT	2
clock_gettime	.symtab	0x804d958	87	FUNC	<unknown>	DEFAULT	2
clock_gettime.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x804da41	57	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close_file	.symtab	0x8054398	77	FUNC	<unknown>	DEFAULT	2
completed.4058	.symtab	0x8056960	1	OBJECT	<unknown>	DEFAULT	11
connect	.symtab	0x804a09c	87	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
copysignl	.symtab	0x8053a20	76	FUNC	<unknown>	DEFAULT	2
copysignl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crt1.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
cur.1594	.symtab	0x8056998	4	OBJECT	<unknown>	DEFAULT	11
cycle	.symtab	0x804c78e	121	FUNC	<unknown>	DEFAULT	2
defpolicy	.symtab	0x805490c	120	OBJECT	<unknown>	DEFAULT	4
dn_expand	.symtab	0x804eaf8	222	FUNC	<unknown>	DEFAULT	2
dn_expand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dns_parse.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dns_parse_callback	.symtab	0x804a720	252	FUNC	<unknown>	DEFAULT	2
do_read	.symtab	0x804c6f1	5	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x8048ad8	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x8048c68	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x8049f88	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x804a06c	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x804bfec	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x804c208	5	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x804d8e8	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x804da3c	5	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x804e890	5	FUNC	<unknown>	DEFAULT	2
dummy1	.symtab	0x8048ad9	1	FUNC	<unknown>	DEFAULT	2
dummy_file	.symtab	0x8056f18	4	OBJECT	<unknown>	DEFAULT	11
end.1595	.symtab	0x8056994	4	OBJECT	<unknown>	DEFAULT	11
end.3155	.symtab	0x80569a0	4	OBJECT	<unknown>	DEFAULT	11
environ	.symtab	0x8056de4	4	OBJECT	<unknown>	DEFAULT	11
errid	.symtab	0x8054a14	88	OBJECT	<unknown>	DEFAULT	4
errmsg	.symtab	0x8054a6c	1804	OBJECT	<unknown>	DEFAULT	4
execute_command	.symtab	0x804842e	254	FUNC	<unknown>	DEFAULT	2
exit	.symtab	0x8048c69	51	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
expand_heap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
f	.symtab	0x80568d4	136	OBJECT	<unknown>	DEFAULT	10
fabs	.symtab	0x8053a6c	0	FUNC	<unknown>	DEFAULT	2
fgets	.symtab	0x804c34c	337	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x804c34c	337	FUNC	<unknown>	DEFAULT	2
floatscan.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmodl	.symtab	0x8053a74	0	FUNC	<unknown>	DEFAULT	2
fmt_u	.symtab	0x804f49d	87	FUNC	<unknown>	DEFAULT	2
fork	.symtab	0x804bfed	138	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputc	.symtab	0x804f24c	148	FUNC	<unknown>	DEFAULT	2
fputc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x8048110	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x80492b0	1107	FUNC	<unknown>	DEFAULT	2
freeaddrinfo	.symtab	0x804a0f4	5	FUNC	<unknown>	DEFAULT	2
freeaddrinfo.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frexpl	.symtab	0x8053a88	155	FUNC	<unknown>	DEFAULT	2
frexpl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite	.symtab	0x804f378	115	FUNC	<unknown>	DEFAULT	2
fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x804f378	115	FUNC	<unknown>	DEFAULT	2
getaddrinfo	.symtab	0x804a0fc	691	FUNC	<unknown>	DEFAULT	2
getaddrinfo.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getint	.symtab	0x804f4f4	37	FUNC	<unknown>	DEFAULT	2
getsockname	.symtab	0x804ed08	83	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
handle_connection	.symtab	0x80487c7	305	FUNC	<unknown>	DEFAULT	2
handler_set	.symtab	0x8056f0c	8	OBJECT	<unknown>	DEFAULT	11
heap_lock.3154	.symtab	0x80569a4	8	OBJECT	<unknown>	DEFAULT	11
htonl	.symtab	0x804a3b0	41	FUNC	<unknown>	DEFAULT	2
htonl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
htons	.symtab	0x804a3dc	12	FUNC	<unknown>	DEFAULT	2
htons.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
if_nametoindex	.symtab	0x8053fa8	100	FUNC	<unknown>	DEFAULT	2
if_nametoindex.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_aton	.symtab	0x805400c	234	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_pton	.symtab	0x804a3e8	576	FUNC	<unknown>	DEFAULT	2
inet_pton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
internal_state.2886	.symtab	0x8056f14	4	OBJECT	<unknown>	DEFAULT	11
intscan.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ioctl	.symtab	0x8054258	48	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
is_valid_hostname	.symtab	0x804a6bf	97	FUNC	<unknown>	DEFAULT	2
isalnum	.symtab	0x804dac8	36	FUNC	<unknown>	DEFAULT	2
isalnum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isalnum_l	.symtab	0x804daec	5	FUNC	<unknown>	DEFAULT	2
last_heartbeat	.symtab	0x805697c	4	OBJECT	<unknown>	DEFAULT	11
ldexp	.symtab	0x8053b24	0	FUNC	<unknown>	DEFAULT	2
ldexpl	.symtab	0x8053b70	0	FUNC	<unknown>	DEFAULT	2
libc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libgcc2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libgcc2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lite_malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lock.1596	.symtab	0x805698c	8	OBJECT	<unknown>	DEFAULT	11
lookup_ipliteral.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lookup_name.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lookup_serv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
madvise	.symtab	0x8049f64	33	FUNC	<unknown>	DEFAULT	2
madvise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
main	.symtab	0x80488f8	480	FUNC	<unknown>	DEFAULT	2
mal	.symtab	0x80569c0	1040	OBJECT	<unknown>	DEFAULT	11
malloc	.symtab	0x8049710	1459	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mbrtowc	.symtab	0x8053bb0	291	FUNC	<unknown>	DEFAULT	2
mbrtowc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mbsinit	.symtab	0x8053cd4	22	FUNC	<unknown>	DEFAULT	2
mbsinit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mbsrtowcs	.symtab	0x8053cec	661	FUNC	<unknown>	DEFAULT	2
mbsrtowcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mbstowcs	.symtab	0x804ea88	27	FUNC	<unknown>	DEFAULT	2
mbstowcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memchr	.symtab	0x804cdc0	178	FUNC	<unknown>	DEFAULT	2
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcmp	.symtab	0x804ce80	80	FUNC	<unknown>	DEFAULT	2
memcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x804ced0	0	FUNC	<unknown>	DEFAULT	2
memmove	.symtab	0x804cf0c	0	FUNC	<unknown>	DEFAULT	2
memset	.symtab	0x804cf40	0	FUNC	<unknown>	DEFAULT	2
mmap	.symtab	0x8049f89	162	FUNC	<unknown>	DEFAULT	2
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mmap64	.symtab	0x8049f89	162	FUNC	<unknown>	DEFAULT	2
mmap_step.1728	.symtab	0x8056f00	4	OBJECT	<unknown>	DEFAULT	11
mremap	.symtab	0x804a02c	64	FUNC	<unknown>	DEFAULT	2
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mtime	.symtab	0x804b5d3	43	FUNC	<unknown>	DEFAULT	2
munmap	.symtab	0x804a06d	44	FUNC	<unknown>	DEFAULT	2
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
name_from_numeric	.symtab	0x804a6b0	15	FUNC	<unknown>	DEFAULT	2
nanosleep	.symtab	0x80517ec	41	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohl	.symtab	0x804b39c	41	FUNC	<unknown>	DEFAULT	2
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
object.4070	.symtab	0x8056964	24	OBJECT	<unknown>	DEFAULT	11
ofl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ofl_head	.symtab	0x8056f1c	4	OBJECT	<unknown>	DEFAULT	11
ofl_lock	.symtab	0x8056f20	8	OBJECT	<unknown>	DEFAULT	11
out	.symtab	0x804f519	26	FUNC	<unknown>	DEFAULT	2
p.4056	.symtab	0x80568c8	0	OBJECT	<unknown>	DEFAULT	10
p10s.2571	.symtab	0x8055700	32	OBJECT	<unknown>	DEFAULT	4
pad	.symtab	0x804f533	126	FUNC	<unknown>	DEFAULT	2
perror	.symtab	0x804c4a0	173	FUNC	<unknown>	DEFAULT	2
perror.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pntz	.symtab	0x804c6f8	31	FUNC	<unknown>	DEFAULT	2
policyof	.symtab	0x804a81c	99	FUNC	<unknown>	DEFAULT	2
poll	.symtab	0x804c078	43	FUNC	<unknown>	DEFAULT	2
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pop_arg	.symtab	0x804f3ec	177	FUNC	<unknown>	DEFAULT	2
printf_core	.symtab	0x804f5b1	5694	FUNC	<unknown>	DEFAULT	2
program_invocation_name	.symtab	0x8056988	4	OBJECT	<unknown>	DEFAULT	11
program_invocation_short_name	.symtab	0x8056984	4	OBJECT	<unknown>	DEFAULT	11
pthread_cleanup_push.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pthread_setcancelstate	.symtab	0x804d92c	42	FUNC	<unknown>	DEFAULT	2
pthread_setcancelstate.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
qsort	.symtab	0x804c9f3	654	FUNC	<unknown>	DEFAULT	2
qsort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x804bfad	60	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x8049cd0	584	FUNC	<unknown>	DEFAULT	2
recv	.symtab	0x804b3c8	32	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvfrom	.symtab	0x804b3e8	87	FUNC	<unknown>	DEFAULT	2
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
register_bot	.symtab	0x80486ae	281	FUNC	<unknown>	DEFAULT	2
res_mkquery	.symtab	0x804b440	387	FUNC	<unknown>	DEFAULT	2
res_mkquery.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
res_msend.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sc_clock_gettime	.symtab	0x804d9af	95	FUNC	<unknown>	DEFAULT	2
scalbln	.symtab	0x8053b25	0	FUNC	<unknown>	DEFAULT	2
scalblnl	.symtab	0x8053b71	0	FUNC	<unknown>	DEFAULT	2
scalbn	.symtab	0x8053b26	0	FUNC	<unknown>	DEFAULT	2
scalbnl	.symtab	0x8053b72	0	FUNC	<unknown>	DEFAULT	2
scanexp	.symtab	0x8051820	483	FUNC	<unknown>	DEFAULT	2
sccp	.symtab	0x804d84d	5	FUNC	<unknown>	DEFAULT	2
scopeof	.symtab	0x804a628	121	FUNC	<unknown>	DEFAULT	2
seed	.symtab	0x8056dd0	8	OBJECT	<unknown>	DEFAULT	11
send	.symtab	0x804bdac	32	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send_heartbeat	.symtab	0x80481cf	46	FUNC	<unknown>	DEFAULT	2
sendto	.symtab	0x804bdcc	87	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsid	.symtab	0x804da7c	23	FUNC	<unknown>	DEFAULT	2
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x804be24	83	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
shgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
shl	.symtab	0x804c717	59	FUNC	<unknown>	DEFAULT	2
shr	.symtab	0x804c752	60	FUNC	<unknown>	DEFAULT	2
sift	.symtab	0x804c807	170	FUNC	<unknown>	DEFAULT	2
sigaction	.symtab	0x804f026	42	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x804c104	98	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x804da94	49	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sn_write	.symtab	0x804c663	51	FUNC	<unknown>	DEFAULT	2
snprintf	.symtab	0x804c550	33	FUNC	<unknown>	DEFAULT	2
snprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sock	.symtab	0x80568cc	4	OBJECT	<unknown>	DEFAULT	10
socket	.symtab	0x804be78	287	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x804bf98	21	FUNC	<unknown>	DEFAULT	2
sscanf	.symtab	0x804c574	30	FUNC	<unknown>	DEFAULT	2
sscanf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
states	.symtab	0x80553cc	464	OBJECT	<unknown>	DEFAULT	4
stderr	.symtab	0x80549f0	4	OBJECT	<unknown>	DEFAULT	4
stderr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
store_int	.symtab	0x8050d3c	52	FUNC	<unknown>	DEFAULT	2
stpcpy	.symtab	0x8051710	131	FUNC	<unknown>	DEFAULT	2
stpcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stpncpy	.symtab	0x8054440	206	FUNC	<unknown>	DEFAULT	2
stpncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x804d000	43	FUNC	<unknown>	DEFAULT	2
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchrnul	.symtab	0x804d030	203	FUNC	<unknown>	DEFAULT	2
strchrnul.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x804d100	43	FUNC	<unknown>	DEFAULT	2
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcpy	.symtab	0x804d130	31	FUNC	<unknown>	DEFAULT	2
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror	.symtab	0x804dce2	28	FUNC	<unknown>	DEFAULT	2
strerror.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_l	.symtab	0x804dc98	74	FUNC	<unknown>	DEFAULT	2
strlen	.symtab	0x804d150	81	FUNC	<unknown>	DEFAULT	2
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncmp	.symtab	0x804d1b0	106	FUNC	<unknown>	DEFAULT	2
strncmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x8054230	39	FUNC	<unknown>	DEFAULT	2
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x804d220	61	FUNC	<unknown>	DEFAULT	2
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x804d260	1386	FUNC	<unknown>	DEFAULT	2
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoimax	.symtab	0x804cd86	5	FUNC	<unknown>	DEFAULT	2
strtol	.symtab	0x804cd2a	31	FUNC	<unknown>	DEFAULT	2
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoll	.symtab	0x804cd65	33	FUNC	<unknown>	DEFAULT	2
strtoul	.symtab	0x804cd49	28	FUNC	<unknown>	DEFAULT	2
strtoull	.symtab	0x804cd8b	33	FUNC	<unknown>	DEFAULT	2
strtoumax	.symtab	0x804cdac	5	FUNC	<unknown>	DEFAULT	2
strtox	.symtab	0x804cc84	166	FUNC	<unknown>	DEFAULT	2
syscall_ret.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table	.symtab	0x80551a0	257	OBJECT	<unknown>	DEFAULT	4
time	.symtab	0x804da10	42	FUNC	<unknown>	DEFAULT	2
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trinkle	.symtab	0x804c8b1	322	FUNC	<unknown>	DEFAULT	2
try_connect	.symtab	0x804852c	229	FUNC	<unknown>	DEFAULT	2
udp_flood	.symtab	0x80481fd	561	FUNC	<unknown>	DEFAULT	2
unmask_done	.symtab	0x8056f08	4	OBJECT	<unknown>	DEFAULT	11
vdso.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vfprintf	.symtab	0x8050bef	333	FUNC	<unknown>	DEFAULT	2
vfprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vfscanf	.symtab	0x8050d8a	2436	FUNC	<unknown>	DEFAULT	2
vfscanf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vsnprintf	.symtab	0x804c594	207	FUNC	<unknown>	DEFAULT	2
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vsscanf	.symtab	0x804c698	89	FUNC	<unknown>	DEFAULT	2
vsscanf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcrtomb	.symtab	0x8054288	270	FUNC	<unknown>	DEFAULT	2
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wctomb	.symtab	0x8053f84	33	FUNC	<unknown>	DEFAULT	2
wctomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
xdigits	.symtab	0x805559c	16	OBJECT	<unknown>	DEFAULT	4

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 11
• 443 (HTTPS)
• 80 (HTTP)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 12:13:16.899507046 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 23, 2025 12:13:22.275063992 CEST	42836	443	192.168.2.23	91.189.91.43
Apr 23, 2025 12:13:23.810628891 CEST	42516	80	192.168.2.23	109.202.202.202
Apr 23, 2025 12:13:35.570827007 CEST	39246	443	192.168.2.23	34.249.145.219
Apr 23, 2025 12:13:35.570883036 CEST	443	39246	34.249.145.219	192.168.2.23
Apr 23, 2025 12:13:35.570995092 CEST	39246	443	192.168.2.23	34.249.145.219
Apr 23, 2025 12:13:35.571640015 CEST	39246	443	192.168.2.23	34.249.145.219
Apr 23, 2025 12:13:35.571655035 CEST	443	39246	34.249.145.219	192.168.2.23
Apr 23, 2025 12:13:38.400681019 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 23, 2025 12:13:48.639292002 CEST	42836	443	192.168.2.23	91.189.91.43
Apr 23, 2025 12:13:54.782521963 CEST	42516	80	192.168.2.23	109.202.202.202
Apr 23, 2025 12:14:19.355130911 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 23, 2025 12:14:35.563343048 CEST	39246	443	192.168.2.23	34.249.145.219
Apr 23, 2025 12:14:35.608264923 CEST	443	39246	34.249.145.219	192.168.2.23
Apr 23, 2025 12:15:18.121892929 CEST	443	39246	34.249.145.219	192.168.2.23

System Behavior

Analysis Process: bot.i486.elf PID: 6232, Parent PID: 6155

General

Start time (UTC):	10:13:14
Start date (UTC):	23/04/2025
Path:	/tmp/bot.i486.elf
Arguments:	/tmp/bot.i486.elf
File size:	76151 bytes
MD5 hash:	d696effe3fa83dd1daec511187a5554e

Process Activities

Process Forked

Chronological Activities

Analysis Process: bot.i486.elf PID: 6233, Parent PID: 6232

General

Start time (UTC):	10:13:14
Start date (UTC):	23/04/2025
Path:	/tmp/bot.i486.elf
Arguments:	-
File size:	76151 bytes
MD5 hash:	d696effe3fa83dd1daec511187a5554e

Analysis Process: dash PID: 6288, Parent PID: 4331

General

Start time (UTC):	10:14:34
Start date (UTC):	23/04/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6288, Parent PID: 4331

General

Start time (UTC):	10:14:34
Start date (UTC):	23/04/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.Jqw8vI3RPK /tmp/tmp.CADM4lX4xv /tmp/tmp.Wn7iLqPsuo
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

File Deleted

File Read

Chronological Activities

Analysis Process: dash PID: 6289, Parent PID: 4331

General

Start time (UTC):	10:14:34
Start date (UTC):	23/04/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6289, Parent PID: 4331

General

Start time (UTC):	10:14:34
Start date (UTC):	23/04/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.Jqw8vI3RPK /tmp/tmp.CADM4lX4xv /tmp/tmp.Wn7iLqPsuo
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report bot.i486.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: bot.i486.elf PID: 6232, Parent PID: 6155

General

Process Activities

Process Forked

Chronological Activities

Analysis Process: bot.i486.elf PID: 6233, Parent PID: 6232

General

Analysis Process: dash PID: 6288, Parent PID: 4331

General

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6288, Parent PID: 4331

General

File Activities

File Opened

File Deleted

File Read

Chronological Activities

Analysis Process: dash PID: 6289, Parent PID: 4331

General

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6289, Parent PID: 4331

Linux Analysis Report
bot.i486.elf