Edit tour
Linux
Analysis Report
server.elf
Overview
General Information
| Sample name: | server.elf |
| Analysis ID: | 1672059 |
| MD5: | 76baf7a9d282c02d28b7f40cbc1bb257 |
| SHA1: | 28ba72273e005ebd55bcd8d94691c9d12eaa359d |
| SHA256: | 0ec46ac50ed81d06f59ca042c3d0695a4dd4899f95cb76aa0ceb4aec43e79d29 |
| Tags: | elfuser-abuse_ch |
| Infos: |
Detection
| Score: | 0 |
| Range: | 0 - 100 |
Signatures
Executes the "rm" command used to delete files or directories
Classification
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1672059 |
| Start date and time: | 2025-04-23 14:47:29 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 26s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | server.elf |
| Detection: | CLEAN |
| Classification: | clean0.linELF@0/0@0/0 |
| Command: | /tmp/server.elf |
| PID: | 6225 |
| Exit Code: | 1 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | |
| Standard Error: | /tmp/server.elf: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/server.elf) |
⊘No yara matches
⊘No Suricata rule has matched
- • Networking
- • System Summary
- • Persistence and Installation Behavior
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | Rm executable: | Jump to behavior | ||
| Source: | Rm executable: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
Internet| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 34.249.145.219 | unknown | United States | 16509 | AMAZON-02US | false | |
| 109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
| 91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
| 91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 34.249.145.219 | Get hash | malicious | Prometei | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| 109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
| 91.189.91.43 | Get hash | malicious | Prometei | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| 91.189.91.42 | Get hash | malicious | Prometei | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| INIT7CH | Get hash | malicious | Prometei | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| AMAZON-02US | Get hash | malicious | Prometei | Browse |
| |
| Get hash | malicious | DarkTortilla, FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Phantom stealer | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 3.5468705824754623 |
| TrID: |
|
| File name: | server.elf |
| File size: | 23'208 bytes |
| MD5: | 76baf7a9d282c02d28b7f40cbc1bb257 |
| SHA1: | 28ba72273e005ebd55bcd8d94691c9d12eaa359d |
| SHA256: | 0ec46ac50ed81d06f59ca042c3d0695a4dd4899f95cb76aa0ceb4aec43e79d29 |
| SHA512: | e32ace1af127364a622152e96c34ea96630a55fbc11e289842af3ef9b4d6b4d386801546d3df6303afcc47cf1a3cbcb9cb3f733d01c0c24cd8759244711750d1 |
| SSDEEP: | 384:kHy0ZVZm4EemzS+qTxd5AtxgSO34D9vWeUwdVMvmjWVxPVUpm:kJZVreLxdK+jWHWpm |
| TLSH: | ADA2A42BA6D3CF39ECC0B77815A38634E2B1BCB4DF35911B921451A62A013D84F2AA95 |
| File Content Preview: | .ELF..............>......"......@........R..........@.8...@. ...........@.......@.......@.......................................................................................................................x.......x........................ ....... ..... |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 64 |
| Program Header Offset: | 64 |
| Program Header Size: | 56 |
| Number of Program Headers: | 13 |
| Section Header Offset: | 21160 |
| Section Header Size: | 64 |
| Number of Section Headers: | 32 |
| Header String Table Index: | 31 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .interp | PROGBITS | 0x318 | 0x318 | 0x1c | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .note.gnu.property | NOTE | 0x338 | 0x338 | 0x20 | 0x0 | 0x2 | A | 0 | 0 | 8 |
| .note.gnu.build-id | NOTE | 0x358 | 0x358 | 0x24 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .note.ABI-tag | NOTE | 0x37c | 0x37c | 0x20 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .gnu.hash | GNU_HASH | 0x3a0 | 0x3a0 | 0x34 | 0x0 | 0x2 | A | 6 | 0 | 8 |
| .dynsym | DYNSYM | 0x3d8 | 0x3d8 | 0x480 | 0x18 | 0x2 | A | 7 | 1 | 8 |
| .dynstr | STRTAB | 0x858 | 0x858 | 0x451 | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .gnu.version | VERSYM | 0xcaa | 0xcaa | 0x60 | 0x2 | 0x2 | A | 6 | 0 | 2 |
| .gnu.version_r | VERNEED | 0xd10 | 0xd10 | 0xa0 | 0x0 | 0x2 | A | 7 | 3 | 8 |
| .rela.dyn | RELA | 0xdb0 | 0xdb0 | 0x168 | 0x18 | 0x2 | A | 6 | 0 | 8 |
| .rela.plt | RELA | 0xf18 | 0xf18 | 0x360 | 0x18 | 0x42 | AI | 6 | 25 | 8 |
| .init | PROGBITS | 0x2000 | 0x2000 | 0x17 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .plt | PROGBITS | 0x2020 | 0x2020 | 0x250 | 0x10 | 0x6 | AX | 0 | 0 | 16 |
| .plt.got | PROGBITS | 0x2270 | 0x2270 | 0x8 | 0x8 | 0x6 | AX | 0 | 0 | 8 |
| .text | PROGBITS | 0x2280 | 0x2280 | 0xc8b | 0x0 | 0x6 | AX | 0 | 0 | 16 |
| .fini | PROGBITS | 0x2f0c | 0x2f0c | 0x9 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .rodata | PROGBITS | 0x3000 | 0x3000 | 0x24a | 0x0 | 0x2 | A | 0 | 0 | 8 |
| .eh_frame_hdr | PROGBITS | 0x324c | 0x324c | 0x54 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .eh_frame | PROGBITS | 0x32a0 | 0x32a0 | 0x174 | 0x0 | 0x2 | A | 0 | 0 | 8 |
| .gcc_except_table | PROGBITS | 0x3414 | 0x3414 | 0x1b | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .init_array | INIT_ARRAY | 0x4d88 | 0x3d88 | 0x10 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .fini_array | FINI_ARRAY | 0x4d98 | 0x3d98 | 0x8 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .dynamic | DYNAMIC | 0x4da0 | 0x3da0 | 0x210 | 0x10 | 0x3 | WA | 7 | 0 | 8 |
| .got | PROGBITS | 0x4fb0 | 0x3fb0 | 0x38 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .got.plt | PROGBITS | 0x4fe8 | 0x3fe8 | 0x138 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .data | PROGBITS | 0x5120 | 0x4120 | 0x18 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .bss | NOBITS | 0x5140 | 0x4138 | 0x1188 | 0x0 | 0x3 | WA | 0 | 0 | 64 |
| .comment | PROGBITS | 0x0 | 0x4138 | 0x1f | 0x1 | 0x30 | MS | 0 | 0 | 1 |
| .symtab | SYMTAB | 0x0 | 0x4158 | 0x840 | 0x18 | 0x0 | 30 | 22 | 8 | |
| .strtab | STRTAB | 0x0 | 0x4998 | 0x7e2 | 0x0 | 0x0 | 0 | 0 | 1 | |
| .shstrtab | STRTAB | 0x0 | 0x517a | 0x12c | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| PHDR | 0x40 | 0x40 | 0x40 | 0x2d8 | 0x2d8 | 1.6966 | 0x4 | R | 0x8 | ||
| INTERP | 0x318 | 0x318 | 0x318 | 0x1c | 0x1c | 3.9408 | 0x4 | R | 0x1 | /lib64/ld-linux-x86-64.so.2 | .interp |
| LOAD | 0x0 | 0x0 | 0x0 | 0x1278 | 0x1278 | 3.2908 | 0x4 | R | 0x1000 | .interp .note.gnu.property .note.gnu.build-id .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt | |
| LOAD | 0x2000 | 0x2000 | 0x2000 | 0xf15 | 0xf15 | 5.4512 | 0x5 | R E | 0x1000 | .init .plt .plt.got .text .fini | |
| LOAD | 0x3000 | 0x3000 | 0x3000 | 0x42f | 0x42f | 5.5984 | 0x4 | R | 0x1000 | .rodata .eh_frame_hdr .eh_frame .gcc_except_table | |
| LOAD | 0x3d88 | 0x4d88 | 0x4d88 | 0x3b0 | 0x1540 | 1.6975 | 0x6 | RW | 0x1000 | .init_array .fini_array .dynamic .got .got.plt .data .bss | |
| DYNAMIC | 0x3da0 | 0x4da0 | 0x4da0 | 0x210 | 0x210 | 1.5367 | 0x6 | RW | 0x8 | .dynamic | |
| NOTE | 0x338 | 0x338 | 0x338 | 0x20 | 0x20 | 2.0550 | 0x4 | R | 0x8 | .note.gnu.property | |
| NOTE | 0x358 | 0x358 | 0x358 | 0x44 | 0x44 | 3.3084 | 0x4 | R | 0x4 | .note.gnu.build-id .note.ABI-tag | |
| GNU_PROPERTY | 0x338 | 0x338 | 0x338 | 0x20 | 0x20 | 2.0550 | 0x4 | R | 0x8 | .note.gnu.property | |
| GNU_EH_FRAME | 0x324c | 0x324c | 0x324c | 0x54 | 0x54 | 3.5554 | 0x4 | R | 0x4 | .eh_frame_hdr | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10 | ||
| GNU_RELRO | 0x3d88 | 0x4d88 | 0x4d88 | 0x278 | 0x278 | 1.4405 | 0x4 | R | 0x1 | .init_array .fini_array .dynamic .got |
| Type | Meta | Value | Tag |
|---|---|---|---|
| DT_NEEDED | sharedlib | libsqlite3.so.0 | 0x1 |
| DT_NEEDED | sharedlib | libstdc++.so.6 | 0x1 |
| DT_NEEDED | sharedlib | libgcc_s.so.1 | 0x1 |
| DT_NEEDED | sharedlib | libc.so.6 | 0x1 |
| DT_INIT | value | 0x2000 | 0xc |
| DT_FINI | value | 0x2f0c | 0xd |
| DT_INIT_ARRAY | value | 0x4d88 | 0x19 |
| DT_INIT_ARRAYSZ | bytes | 16 | 0x1b |
| DT_FINI_ARRAY | value | 0x4d98 | 0x1a |
| DT_FINI_ARRAYSZ | bytes | 8 | 0x1c |
| DT_GNU_HASH | value | 0x3a0 | 0x6ffffef5 |
| DT_STRTAB | value | 0x858 | 0x5 |
| DT_SYMTAB | value | 0x3d8 | 0x6 |
| DT_STRSZ | bytes | 1105 | 0xa |
| DT_SYMENT | bytes | 24 | 0xb |
| DT_DEBUG | value | 0x0 | 0x15 |
| DT_PLTGOT | value | 0x4fe8 | 0x3 |
| DT_PLTRELSZ | bytes | 864 | 0x2 |
| DT_PLTREL | pltrel | DT_RELA | 0x14 |
| DT_JMPREL | value | 0xf18 | 0x17 |
| DT_RELA | value | 0xdb0 | 0x7 |
| DT_RELASZ | bytes | 360 | 0x8 |
| DT_RELAENT | bytes | 24 | 0x9 |
| DT_FLAGS_1 | value | 0x8000000 | 0x6ffffffb |
| DT_VERNEED | value | 0xd10 | 0x6ffffffe |
| DT_VERNEEDNUM | value | 3 | 0x6fffffff |
| DT_VERSYM | value | 0xcaa | 0x6ffffff0 |
| DT_RELACOUNT | value | 4 | 0x6ffffff9 |
| DT_NULL | value | 0x0 | 0x0 |
| Name | Version Info Name | Version Info File Name | Section Name | Value | Size | Symbol Type | Symbol Bind | Symbol Visibility | Ndx |
|---|---|---|---|---|---|---|---|---|---|
| .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
| _ITM_deregisterTMCloneTable | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ITM_registerTMCloneTable | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| _Unwind_Resume | GCC_3.0 | libgcc_s.so.1 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv | GLIBCXX_3.4.21 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSolsEPFRSoS_E | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSolsEi | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKcm | GLIBCXX_3.4.21 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_ | GLIBCXX_3.4.21 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1Ev | GLIBCXX_3.4.21 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev | GLIBCXX_3.4.21 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt8ios_base4InitC1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt8ios_base4InitD1Ev | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZSt4cout | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x5180 | 272 | OBJECT | <unknown> | DEFAULT | 27 |
| _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_ | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc | GLIBCXX_3.4 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE | GLIBCXX_3.4.21 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_atexit | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __cxa_finalize | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __gmon_start__ | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __gxx_personality_v0 | CXXABI_1.3 | libstdc++.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __isoc99_sscanf | GLIBC_2.7 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __libc_start_main | GLIBC_2.34 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| accept | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| bind | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| close | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fprintf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fwrite | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| htons | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| listen | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| printf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| putchar | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| puts | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| recv | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| snprintf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| socket | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| sqlite3_close | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sqlite3_exec | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sqlite3_free | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sqlite3_libversion | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sqlite3_open | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| stderr | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x52a0 | 8 | OBJECT | <unknown> | DEFAULT | 27 |
| stdout | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x5140 | 8 | OBJECT | <unknown> | DEFAULT | 27 |
| strcmp | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strlen | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strncpy | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strsep | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strtok | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
| GLIBC_2.2.5 | libc.so.6 | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS | |
| DW.ref.__gxx_personality_v0 | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x5130 | 8 | OBJECT | <unknown> | HIDDEN | 26 |
| Scrt1.o | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS |
| _DYNAMIC | GLIBC_2.7 | libc.so.6 | .symtab | 0x4da0 | 0 | OBJECT | <unknown> | DEFAULT | 23 |
| _GLOBAL_OFFSET_TABLE_ | GLIBCXX_3.4 | libstdc++.so.6 | .symtab | 0x4fe8 | 0 | OBJECT | <unknown> | DEFAULT | 25 |
| _GLOBAL__sub_I_dnam | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x2ef6 | 21 | FUNC | <unknown> | DEFAULT | 15 |
| _IO_stdin_used | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x3000 | 4 | OBJECT | <unknown> | DEFAULT | 17 |
| _ITM_deregisterTMCloneTable | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ITM_registerTMCloneTable | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| _Unwind_Resume@GCC_3.0 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _Z12check_stringPc | .symtab | 0x24f3 | 1663 | FUNC | <unknown> | DEFAULT | 15 | ||
| _Z12split_bufferNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE | .symtab | 0x2b72 | 132 | FUNC | <unknown> | DEFAULT | 15 | ||
| _Z41__static_initialization_and_destruction_0ii | GLIBCXX_3.4.21 | libstdc++.so.6 | .symtab | 0x2ea4 | 82 | FUNC | <unknown> | DEFAULT | 15 |
| _ZL8callbackPviPPcS1_ | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x2369 | 394 | FUNC | <unknown> | DEFAULT | 15 |
| _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv@GLIBCXX_3.4.21 | CXXABI_1.3 | libstdc++.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSolsEPFRSoS_E@GLIBCXX_3.4 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZNSolsEi@GLIBCXX_3.4 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKcm@GLIBCXX_3.4.21 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_@GLIBCXX_3.4.21 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1Ev@GLIBCXX_3.4.21 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev@GLIBCXX_3.4.21 | GLIBCXX_3.4 | libstdc++.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _ZNSt8ios_base4InitC1Ev@GLIBCXX_3.4 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZNSt8ios_base4InitD1Ev@GLIBCXX_3.4 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZSt4cout@GLIBCXX_3.4 | .symtab | 0x5180 | 272 | OBJECT | <unknown> | DEFAULT | 27 | ||
| _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_@GLIBCXX_3.4 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZStL8__ioinit | .symtab | 0x62c0 | 1 | OBJECT | <unknown> | DEFAULT | 27 | ||
| _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc@GLIBCXX_3.4 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE@GLIBCXX_3.4.21 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| __FRAME_END__ | .symtab | 0x3410 | 0 | OBJECT | <unknown> | DEFAULT | 19 | ||
| __GNU_EH_FRAME_HDR | GLIBCXX_3.4.21 | libstdc++.so.6 | .symtab | 0x324c | 0 | NOTYPE | <unknown> | DEFAULT | 18 |
| __TMC_END__ | .symtab | 0x5138 | 0 | OBJECT | <unknown> | HIDDEN | 26 | ||
| __abi_tag | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x37c | 32 | OBJECT | <unknown> | DEFAULT | 4 |
| __bss_start | .symtab | 0x5138 | 0 | NOTYPE | <unknown> | DEFAULT | 27 | ||
| __cxa_atexit@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| __cxa_finalize@GLIBC_2.2.5 | GLIBCXX_3.4 | libstdc++.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __data_start | .symtab | 0x5120 | 0 | NOTYPE | <unknown> | DEFAULT | 26 | ||
| __do_global_dtors_aux | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x2320 | 0 | FUNC | <unknown> | DEFAULT | 15 |
| __do_global_dtors_aux_fini_array_entry | GLIBCXX_3.4.21 | libstdc++.so.6 | .symtab | 0x4d98 | 0 | OBJECT | <unknown> | DEFAULT | 22 |
| __dso_handle | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x5128 | 0 | OBJECT | <unknown> | HIDDEN | 26 |
| __frame_dummy_init_array_entry | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x4d88 | 0 | OBJECT | <unknown> | DEFAULT | 21 |
| __gmon_start__ | .symtab | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __gxx_personality_v0@CXXABI_1.3 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| __isoc99_sscanf@GLIBC_2.7 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| __libc_start_main@GLIBC_2.34 | GLIBCXX_3.4 | libstdc++.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| _edata | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x5138 | 0 | NOTYPE | <unknown> | DEFAULT | 26 |
| _end | .symtab | 0x62c8 | 0 | NOTYPE | <unknown> | DEFAULT | 27 | ||
| _fini | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x2f0c | 0 | FUNC | <unknown> | HIDDEN | 16 |
| _init | .symtab | 0x2000 | 0 | FUNC | <unknown> | HIDDEN | 12 | ||
| _start | .symtab | 0x2280 | 34 | FUNC | <unknown> | DEFAULT | 15 | ||
| accept@GLIBC_2.2.5 | GLIBCXX_3.4 | libstdc++.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| bind@GLIBC_2.2.5 | GLIBCXX_3.4.21 | libstdc++.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| close@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| completed.0 | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x52a8 | 1 | OBJECT | <unknown> | DEFAULT | 27 |
| crtstuff.c | GLIBCXX_3.4.21 | libstdc++.so.6 | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS |
| crtstuff.c | GLIBC_2.34 | libc.so.6 | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS |
| data_start | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x5120 | 0 | NOTYPE | <unknown> | DEFAULT | 26 |
| deregister_tm_clones | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x22b0 | 0 | FUNC | <unknown> | DEFAULT | 15 |
| dnam | .symtab | 0x52c0 | 1024 | OBJECT | <unknown> | DEFAULT | 27 | ||
| fprintf@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| frame_dummy | GLIBCXX_3.4.21 | libstdc++.so.6 | .symtab | 0x2360 | 0 | FUNC | <unknown> | DEFAULT | 15 |
| fwrite@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| htons@GLIBC_2.2.5 | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| id | .symtab | 0x56c0 | 1024 | OBJECT | <unknown> | DEFAULT | 27 | ||
| listen@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| main | GCC_3.0 | libgcc_s.so.1 | .symtab | 0x2bf6 | 686 | FUNC | <unknown> | DEFAULT | 15 |
| printf@GLIBC_2.2.5 | GLIBCXX_3.4 | libstdc++.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| putchar@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| puts@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| recv@GLIBC_2.2.5 | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| register_tm_clones | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x22e0 | 0 | FUNC | <unknown> | DEFAULT | 15 |
| sensorid | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x5ec0 | 1024 | OBJECT | <unknown> | DEFAULT | 27 |
| server.cpp | GLIBCXX_3.4 | libstdc++.so.6 | .symtab | 0x0 | 0 | FILE | <unknown> | DEFAULT | SHN_ABS |
| snprintf@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| socket@GLIBC_2.2.5 | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| sqlite3_close | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sqlite3_exec | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sqlite3_free | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sqlite3_libversion | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sqlite3_open | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| stationid | .symtab | 0x5ac0 | 1024 | OBJECT | <unknown> | DEFAULT | 27 | ||
| stderr@GLIBC_2.2.5 | .symtab | 0x52a0 | 8 | OBJECT | <unknown> | DEFAULT | 27 | ||
| stdout@GLIBC_2.2.5 | .symtab | 0x5140 | 8 | OBJECT | <unknown> | DEFAULT | 27 | ||
| strcmp@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strlen@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strncpy@GLIBC_2.2.5 | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strsep@GLIBC_2.2.5 | GLIBC_2.2.5 | libc.so.6 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strtok@GLIBC_2.2.5 | .symtab | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
Download Network PCAP: filtered – full
- Total Packets: 11
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 23, 2025 14:48:14.782681942 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Apr 23, 2025 14:48:20.157924891 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Apr 23, 2025 14:48:21.949712992 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Apr 23, 2025 14:48:35.362337112 CEST | 39248 | 443 | 192.168.2.23 | 34.249.145.219 |
| Apr 23, 2025 14:48:35.362394094 CEST | 443 | 39248 | 34.249.145.219 | 192.168.2.23 |
| Apr 23, 2025 14:48:35.362643003 CEST | 39248 | 443 | 192.168.2.23 | 34.249.145.219 |
| Apr 23, 2025 14:48:35.362854958 CEST | 39248 | 443 | 192.168.2.23 | 34.249.145.219 |
| Apr 23, 2025 14:48:35.362867117 CEST | 443 | 39248 | 34.249.145.219 | 192.168.2.23 |
| Apr 23, 2025 14:48:36.283725023 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Apr 23, 2025 14:48:46.522399902 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Apr 23, 2025 14:48:52.665431023 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Apr 23, 2025 14:49:17.238078117 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Apr 23, 2025 14:49:35.354824066 CEST | 39248 | 443 | 192.168.2.23 | 34.249.145.219 |
| Apr 23, 2025 14:49:35.396313906 CEST | 443 | 39248 | 34.249.145.219 | 192.168.2.23 |
| Apr 23, 2025 14:50:16.464035034 CEST | 443 | 39248 | 34.249.145.219 | 192.168.2.23 |
System Behavior
| Start time (UTC): | 12:48:12 |
| Start date (UTC): | 23/04/2025 |
| Path: | /tmp/server.elf |
| Arguments: | /tmp/server.elf |
| File size: | 23208 bytes |
| MD5 hash: | 76baf7a9d282c02d28b7f40cbc1bb257 |
| Start time (UTC): | 12:49:34 |
| Start date (UTC): | 23/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 12:49:34 |
| Start date (UTC): | 23/04/2025 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.9ZBT5CLGTa /tmp/tmp.3VYKbNdJHy /tmp/tmp.wQjoavZwO1 |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
| Start time (UTC): | 12:49:34 |
| Start date (UTC): | 23/04/2025 |
| Path: | /usr/bin/dash |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 12:49:34 |
| Start date (UTC): | 23/04/2025 |
| Path: | /usr/bin/rm |
| Arguments: | rm -f /tmp/tmp.9ZBT5CLGTa /tmp/tmp.3VYKbNdJHy /tmp/tmp.wQjoavZwO1 |
| File size: | 72056 bytes |
| MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
