Edit tour
Linux
Analysis Report
KwSb7C8Rpy.elf
Overview
General Information
| Sample name: | KwSb7C8Rpy.elfrenamed because original name is a hash value |
| Original sample name: | 43f72f4cdab8ed40b2f913be4a55b17e7fd8a7946a636adb4452f685c1ffea02.elf |
| Analysis ID: | 1500270 |
| MD5: | 9482d7b91ae2c431e8e584cee62ac3e5 |
| SHA1: | e8530cf5652d35148b2fa6f963387d8f21c2ee52 |
| SHA256: | 43f72f4cdab8ed40b2f913be4a55b17e7fd8a7946a636adb4452f685c1ffea02 |
| Tags: | elfsedexp |
| Infos: | |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
ELF contains segments with high entropy indicating compressed/encrypted content
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Classification
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1500270 |
| Start date and time: | 2024-08-28 07:05:05 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 12s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | KwSb7C8Rpy.elfrenamed because original name is a hash value |
| Original Sample Name: | 43f72f4cdab8ed40b2f913be4a55b17e7fd8a7946a636adb4452f685c1ffea02.elf |
| Detection: | MAL |
| Classification: | mal48.linELF@0/0@0/0 |
| Command: | /tmp/KwSb7C8Rpy.elf |
| PID: | 6219 |
| Exit Code: | 255 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | |
| Standard Error: |
- system is lnxubuntu20
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | .symtab present: | ||
| Source: | Classification label: | ||
| Source: | Submission file: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Obfuscated Files or Information | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 45% | ReversingLabs | Linux.Trojan.Generic | ||
| 46% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
| 91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
| 91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
| 91.189.91.43 | Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | ||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 91.189.91.42 | Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | ||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
| Get hash | malicious | Mirai, Okiru | Browse | |||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CANONICAL-ASGB | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| INIT7CH | Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| |
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 5.78406429984848 |
| TrID: |
|
| File name: | KwSb7C8Rpy.elf |
| File size: | 214'456 bytes |
| MD5: | 9482d7b91ae2c431e8e584cee62ac3e5 |
| SHA1: | e8530cf5652d35148b2fa6f963387d8f21c2ee52 |
| SHA256: | 43f72f4cdab8ed40b2f913be4a55b17e7fd8a7946a636adb4452f685c1ffea02 |
| SHA512: | ff9a6f2bc207e531b0218ea5d7f5b288a7a9ffed364433b6f2a716e21f3cf2d6fe6168fa1711e0a45e63e2f05e16f5d0bb64ee562457cbdabe959b5e5fffd790 |
| SSDEEP: | 3072:LRfZJgy8WKR0HdxiJw39vCcaA4itvVJ3vZylta9tAuyXnrgp1jjY/ztwpx8sUT/z:tCtI91r1crRYO12OTBV |
| TLSH: | 1424B521C4E341EBEAFBE2334B8B792B7D223559C5309B1BE65453121B35A38AD7D390 |
| File Content Preview: | .ELF..............>.....0-......@........>..........@.8...@.............@.......@.......@.......................................................................................................................h.......h........................ ....... ..... |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 64 |
| Program Header Offset: | 64 |
| Program Header Size: | 56 |
| Number of Program Headers: | 12 |
| Section Header Offset: | 212728 |
| Section Header Size: | 64 |
| Number of Section Headers: | 27 |
| Header String Table Index: | 26 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .interp | PROGBITS | 0x318 | 0x318 | 0x1c | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .note.gnu.property | NOTE | 0x338 | 0x338 | 0x20 | 0x0 | 0x2 | A | 0 | 0 | 8 |
| .note.ABI-tag | NOTE | 0x37c | 0x37c | 0x20 | 0x0 | 0x2 | A | 0 | 0 | 4 |
| .hash | HASH | 0x3a0 | 0x3a0 | 0x2fc | 0x4 | 0x2 | A | 6 | 0 | 8 |
| .gnu.hash | GNU_HASH | 0x6a0 | 0x6a0 | 0x2c | 0x0 | 0x2 | A | 6 | 0 | 8 |
| .dynsym | DYNSYM | 0x6d0 | 0x6d0 | 0x618 | 0x18 | 0x2 | A | 7 | 1 | 8 |
| .dynstr | STRTAB | 0xce8 | 0xce8 | 0x226 | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .gnu.version | VERSYM | 0xf0e | 0xf0e | 0x82 | 0x2 | 0x2 | A | 6 | 0 | 2 |
| .gnu.version_r | VERNEED | 0xf90 | 0xf90 | 0x50 | 0x0 | 0x2 | A | 7 | 2 | 8 |
| .rela.dyn | RELA | 0xfe0 | 0xfe0 | 0x618 | 0x18 | 0x2 | A | 6 | 0 | 8 |
| .rela.plt | RELA | 0x15f8 | 0x15f8 | 0x570 | 0x18 | 0x42 | AI | 6 | 23 | 8 |
| .init | PROGBITS | 0x2000 | 0x2000 | 0x1b | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .plt | PROGBITS | 0x2020 | 0x2020 | 0x3b0 | 0x10 | 0x6 | AX | 0 | 0 | 16 |
| .plt.got | PROGBITS | 0x23d0 | 0x23d0 | 0x10 | 0x10 | 0x6 | AX | 0 | 0 | 16 |
| .plt.sec | PROGBITS | 0x23e0 | 0x23e0 | 0x3a0 | 0x10 | 0x6 | AX | 0 | 0 | 16 |
| .text | PROGBITS | 0x2780 | 0x2780 | 0x26575 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
| .fini | PROGBITS | 0x28cf8 | 0x28cf8 | 0xd | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .rodata | PROGBITS | 0x29000 | 0x29000 | 0x6110 | 0x0 | 0x2 | A | 0 | 0 | 32 |
| .init_array | INIT_ARRAY | 0x309b0 | 0x2f9b0 | 0x8 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .fini_array | FINI_ARRAY | 0x309b8 | 0x2f9b8 | 0x8 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .data.rel.ro | PROGBITS | 0x309c0 | 0x2f9c0 | 0x220 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
| .dynamic | DYNAMIC | 0x30be0 | 0x2fbe0 | 0x210 | 0x10 | 0x3 | WA | 7 | 0 | 8 |
| .got | PROGBITS | 0x30df0 | 0x2fdf0 | 0x210 | 0x8 | 0x3 | WA | 0 | 0 | 8 |
| .data | PROGBITS | 0x31000 | 0x30000 | 0x3e10 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
| .bss | NOBITS | 0x34e20 | 0x33e10 | 0x1020 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
| .shstrtab | STRTAB | 0x0 | 0x33e10 | 0xe3 | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| PHDR | 0x40 | 0x40 | 0x40 | 0x2a0 | 0x2a0 | 1.6698 | 0x4 | R | 0x8 | ||
| INTERP | 0x318 | 0x318 | 0x318 | 0x1c | 0x1c | 3.9408 | 0x4 | R | 0x1 | /lib64/ld-linux-x86-64.so.2 | .interp |
| LOAD | 0x0 | 0x0 | 0x0 | 0x1b68 | 0x1b68 | 2.3595 | 0x4 | R | 0x1000 | .interp .note.gnu.property .note.ABI-tag .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt | |
| LOAD | 0x2000 | 0x2000 | 0x2000 | 0x26d05 | 0x26d05 | 5.6038 | 0x5 | R E | 0x1000 | .init .plt .plt.got .plt.sec .text .fini | |
| LOAD | 0x29000 | 0x29000 | 0x29000 | 0x6110 | 0x6110 | 7.4551 | 0x4 | R | 0x1000 | .rodata | |
| LOAD | 0x2f9b0 | 0x309b0 | 0x309b0 | 0x4460 | 0x5490 | 4.1467 | 0x6 | RW | 0x1000 | .init_array .fini_array .data.rel.ro .dynamic .got .data .bss | |
| DYNAMIC | 0x2fbe0 | 0x30be0 | 0x30be0 | 0x210 | 0x210 | 1.5582 | 0x6 | RW | 0x8 | .dynamic | |
| NOTE | 0x338 | 0x338 | 0x338 | 0x20 | 0x20 | 1.8716 | 0x4 | R | 0x8 | .note.gnu.property | |
| NOTE | 0x37c | 0x37c | 0x37c | 0x20 | 0x20 | 1.5613 | 0x4 | R | 0x4 | .note.ABI-tag | |
| GNU_PROPERTY | 0x338 | 0x338 | 0x338 | 0x20 | 0x20 | 1.8716 | 0x4 | R | 0x8 | .note.gnu.property | |
| GNU_EH_FRAME | 0x0 | 0x2f110 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x4 | R | 0x8 | ||
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 |
| Type | Meta | Value | Tag |
|---|---|---|---|
| DT_NEEDED | sharedlib | libc.so.6 | 0x1 |
| DT_NEEDED | sharedlib | libutil.so.1 | 0x1 |
| DT_INIT | value | 0x2000 | 0xc |
| DT_FINI | value | 0x28cf8 | 0xd |
| DT_INIT_ARRAY | value | 0x309b0 | 0x19 |
| DT_INIT_ARRAYSZ | bytes | 8 | 0x1b |
| DT_FINI_ARRAY | value | 0x309b8 | 0x1a |
| DT_FINI_ARRAYSZ | bytes | 8 | 0x1c |
| DT_HASH | value | 0x3a0 | 0x4 |
| DT_GNU_HASH | value | 0x6a0 | 0x6ffffef5 |
| DT_STRTAB | value | 0xce8 | 0x5 |
| DT_SYMTAB | value | 0x6d0 | 0x6 |
| DT_STRSZ | bytes | 550 | 0xa |
| DT_SYMENT | bytes | 24 | 0xb |
| DT_DEBUG | value | 0x0 | 0x15 |
| DT_PLTGOT | value | 0x30df0 | 0x3 |
| DT_PLTRELSZ | bytes | 1392 | 0x2 |
| DT_PLTREL | pltrel | DT_RELA | 0x14 |
| DT_JMPREL | value | 0x15f8 | 0x17 |
| DT_RELA | value | 0xfe0 | 0x7 |
| DT_RELASZ | bytes | 1560 | 0x8 |
| DT_RELAENT | bytes | 24 | 0x9 |
| DT_FLAGS | value | 0x8 | 0x1e |
| DT_FLAGS_1 | value | 0x8000001 | 0x6ffffffb |
| DT_VERNEED | value | 0xf90 | 0x6ffffffe |
| DT_VERNEEDNUM | value | 2 | 0x6fffffff |
| DT_VERSYM | value | 0xf0e | 0x6ffffff0 |
| DT_RELACOUNT | value | 60 | 0x6ffffff9 |
| DT_NULL | value | 0x0 | 0x0 |
| Name | Version Info Name | Version Info File Name | Section Name | Value | Size | Symbol Type | Symbol Bind | Symbol Visibility | Ndx |
|---|---|---|---|---|---|---|---|---|---|
| .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
| _ITM_deregisterTMCloneTable | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| _ITM_registerTMCloneTable | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __cxa_finalize | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __errno_location | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __gmon_start__ | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __libc_start_main | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| __xstat64 | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| access | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| basename | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| calloc | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| close | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| connect | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| dup2 | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| execve | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| exit | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fchmod | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fclose | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fileno | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fopen64 | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fork | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| forkpty | GLIBC_2.2.5 | libutil.so.1 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fprintf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| free | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fscanf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| ftw64 | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| fwrite | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| inet_addr | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| init_module | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| lseek64 | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| malloc | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memchr | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memcmp | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memcpy | .dynsym | 0x62c0 | 442 | FUNC | <unknown> | DEFAULT | 17 | ||
| memmem | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memmove | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| memset | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| open | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| open64 | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| pipe2 | GLIBC_2.9 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| prctl | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| printf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| read | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| readlink | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| realloc | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| rename | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| select | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| snprintf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| socket | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| sscanf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strchr | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strcmp | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strdup | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strerror | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strlen | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strncmp | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strstr | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| strtol | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| syscall | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| system | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| uname | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| unlink | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| vsnprintf | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| waitpid | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| write | GLIBC_2.2.5 | libc.so.6 | .dynsym | 0x0 | 0 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Aug 28, 2024 07:05:43.459129095 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Aug 28, 2024 07:05:49.090281010 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Aug 28, 2024 07:05:50.626097918 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Aug 28, 2024 07:06:04.448498964 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Aug 28, 2024 07:06:14.687119007 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Aug 28, 2024 07:06:20.829947948 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Aug 28, 2024 07:06:45.402610064 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Aug 28, 2024 07:07:05.879688978 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
System Behavior
| Start time (UTC): | 05:05:40 |
| Start date (UTC): | 28/08/2024 |
| Path: | /tmp/KwSb7C8Rpy.elf |
| Arguments: | /tmp/KwSb7C8Rpy.elf |
| File size: | 214456 bytes |
| MD5 hash: | 9482d7b91ae2c431e8e584cee62ac3e5 |