Source: unknown |
HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.14:37904 version: TLS 1.2 |
Source: global traffic |
TCP traffic: 192.168.2.14:34906 -> 85.203.42.10:5555 |
Source: global traffic |
TCP traffic: 192.168.2.14:51326 -> 92.38.135.253:38441 |
Source: /tmp/botnt.mpsl.elf (PID: 5480) |
Socket: 127.0.0.1:2174 |
Jump to behavior |
Source: unknown |
TCP traffic detected without corresponding DNS query: 85.203.42.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 85.203.42.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 85.203.42.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.125.190.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 85.203.42.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 54.171.230.55 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 85.203.42.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.125.190.26 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 208.67.222.222 |
Source: global traffic |
DNS traffic detected: DNS query: e.foxnointel.ru |
Source: global traffic |
DNS traffic detected: DNS query: e.dosbotbig.mom |
Source: unknown |
Network traffic detected: HTTP traffic on port 37904 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 46540 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 37904 |
Source: unknown |
HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.14:37904 version: TLS 1.2 |
Source: ELF static info symbol of initial sample |
.symtab present: no |
Source: classification engine |
Classification label: clean2.linELF@0/0@4/0 |
Source: /usr/bin/dash (PID: 5497) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.IVmJa2rF9m /tmp/tmp.98uZxoFVPb /tmp/tmp.eU1NtABKew |
Jump to behavior |
Source: /usr/bin/dash (PID: 5506) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.IVmJa2rF9m /tmp/tmp.98uZxoFVPb /tmp/tmp.eU1NtABKew |
Jump to behavior |
Source: submitted sample |
Stderr: Segmentation fault: exit code = 0 |
Source: /tmp/botnt.mpsl.elf (PID: 5478) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: botnt.mpsl.elf, 5478.1.0000563c2c032000.0000563c2c0d9000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/mipsel |
Source: botnt.mpsl.elf, 5478.1.00007ffdce6ba000.00007ffdce6db000.rw-.sdmp |
Binary or memory string: (x86_64/usr/bin/qemu-mipsel/tmp/botnt.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/botnt.mpsl.elf |
Source: botnt.mpsl.elf, 5478.1.0000563c2c032000.0000563c2c0d9000.rw-.sdmp |
Binary or memory string: ,<V!/etc/qemu-binfmt/mipsel |
Source: botnt.mpsl.elf, 5478.1.00007ffdce6ba000.00007ffdce6db000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-mipsel |