Edit tour

Linux Analysis Report
flow.elf

Overview

General Information

Sample name:	flow.elf
Analysis ID:	1520643
MD5:	3f110a26621193c8e1a7c8f58231ad3f
SHA1:	39c767af6e1da1bd504e986107526c72a566c87e
SHA256:	d7bece4b8b7eab33488a5ade41981d63f5217f5451d381daabc98758970a8282
Tags:	elf
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Sample and/or dropped files likely contain functionality related to malicious behavior

ELF contains segments with high entropy indicating compressed/encrypted content

Executes the "rm" command used to delete files or directories

Sample and/or dropped files contains symbols with suspicious names

Sample has stripped symbol table

Sample tries to set the executable flag

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Writes ELF files to disk

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520643
Start date and time:	2024-09-27 17:48:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	flow.elf
Detection:	MAL
Classification:	mal52.linELF@0/29@0/0

Warnings

VT rate limit hit for: flow.elf

Runtime Messages

Command:	/tmp/flow.elf
PID:	6229
Exit Code:	255
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:	[PYI-6234:ERROR] Failed to load Python shared library '/tmp/_MEIx67uLe/libpython3.10.so.1.0': dlopen: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.35' not found (required by /tmp/_MEIx67uLe/libpython3.10.so.1.0)

Process Tree

system is lnxubuntu20

dash New Fork (PID: 6199, Parent: 4333)

rm (PID: 6199, Parent: 4333, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.9Q77JLay1z /tmp/tmp.M1BKrdKBH5 /tmp/tmp.qgT6A2WxQj

dash New Fork (PID: 6200, Parent: 4333)

rm (PID: 6200, Parent: 4333, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.9Q77JLay1z /tmp/tmp.M1BKrdKBH5 /tmp/tmp.qgT6A2WxQj

flow.elf (PID: 6229, Parent: 6124, MD5: 3f110a26621193c8e1a7c8f58231ad3f) Arguments: /tmp/flow.elf

flow.elf New Fork (PID: 6234, Parent: 6229)

flow.elf (PID: 6234, Parent: 6229, MD5: 3f110a26621193c8e1a7c8f58231ad3f) Arguments: /tmp/flow.elf

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: flow.elf

ReversingLabs: Detection: 15%

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43

Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://blog.jaraco.com/skeleton
Source: _cffi_backend.cpython-310-x86_64-linux-gnu.so.16.dr	String found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://github.com/fake-useragent/fake-useragent/blob/main/AUTHORS).
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://github.com/psf/black
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/workflows/tests/badge.svg
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://github.com/tailhook/injections
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://img.shields.io/badge/code%20style-black-000000.svg
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://img.shields.io/badge/skeleton-2021-informational
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://importlib_metadata.readthedocs.io/
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://pypi.org/project/black/)
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://pypi.org/project/fake-useragent/#history)):
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://pypi.org/project/importlib_metadata
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	String found in binary or memory: https://www.w3schools.com/browsers/browsers_stats.asp

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Sample and/or dropped files likely contain functionality related to malicious behavior

Source: _openssl.abi3.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_get_keylog_callback
Source: _openssl.abi3.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_set_keylog_callback
Source: _ssl.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_set_keylog_callback

Source: _openssl.abi3.so.16.dr	ELF static info symbol of dropped file: Cryptography_pem_password_cb
Source: _openssl.abi3.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_set_default_passwd_cb
Source: _openssl.abi3.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_set_default_passwd_cb_userdata
Source: _ssl.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_get_default_passwd_cb
Source: _ssl.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_get_default_passwd_cb_userdata
Source: _ssl.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_set_default_passwd_cb
Source: _ssl.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: SSL_CTX_set_default_passwd_cb_userdata
Source: readline.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: PyOS_InputHook
Source: readline.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: rl_completion_display_matches_hook
Source: readline.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: rl_pre_input_hook
Source: readline.cpython-310-x86_64-linux-gnu.so.16.dr	ELF static info symbol of dropped file: rl_startup_hook

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal52.linELF@0/29@0/0

Source: /usr/bin/dash (PID: 6199)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.9Q77JLay1z /tmp/tmp.M1BKrdKBH5 /tmp/tmp.qgT6A2WxQj			Jump to behavior
Source: /usr/bin/dash (PID: 6200)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.9Q77JLay1z /tmp/tmp.M1BKrdKBH5 /tmp/tmp.qgT6A2WxQj			Jump to behavior

Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/_cffi_backend.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/bcrypt/_bcrypt.abi3.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/cryptography/hazmat/bindings/_openssl.abi3.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_bz2.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_codecs_cn.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_codecs_hk.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_codecs_iso2022.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_codecs_jp.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_codecs_kr.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_codecs_tw.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_contextvars.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_ctypes.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_decimal.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_hashlib.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_json.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_lzma.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_multibytecodec.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_multiprocessing.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_opcode.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_posixshmem.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_queue.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_ssl.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/_uuid.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/mmap.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/readline.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/resource.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/lib-dynload/termios.cpython-310-x86_64-linux-gnu.so (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libbz2.so.1.0 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libcrypto.so.3 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libexpat.so.1 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libffi.so.8 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/liblzma.so.5 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libmpdec.so.3 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libpython3.10.so.1.0 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libreadline.so.8 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libssl.so.3 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libtinfo.so.6 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libuuid.so.1 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/libz.so.1 (bits: - usr: - grp: - all: rwx)	Jump to behavior
Source: /tmp/flow.elf (PID: 6229)	File: /tmp/_MEIx67uLe/ossl-modules/legacy.so (bits: - usr: - grp: - all: rwx)	Jump to behavior

Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/_cffi_backend.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/bcrypt/_bcrypt.abi3.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/cryptography/hazmat/bindings/_openssl.abi3.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_bz2.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_codecs_cn.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_codecs_hk.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_codecs_iso2022.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_codecs_jp.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_codecs_kr.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_codecs_tw.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_contextvars.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_ctypes.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_decimal.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_hashlib.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_json.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_lzma.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_multibytecodec.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_multiprocessing.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_opcode.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_posixshmem.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_queue.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_ssl.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/_uuid.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/mmap.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/readline.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/resource.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/lib-dynload/termios.cpython-310-x86_64-linux-gnu.so	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/libbz2.so.1.0	Jump to dropped file
Source: /tmp/flow.elf (PID: 6229)	File written: /tmp/_MEIx67uLe/libcrypto.so.3	Jump to dropped file

Source: _bcrypt.abi3.so.16.dr	Dropped file: segment LOAD with 7.4819 entropy (max. 8.0)
Source: _codecs_cn.cpython-310-x86_64-linux-gnu.so.16.dr	Dropped file: segment LOAD with 7.6419 entropy (max. 8.0)

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File and Directory Permissions Modification	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
flow.elf	16%	ReversingLabs	Linux.Trojan.Generic

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://importlib-metadata.readthedocs.io/en/latest/?badge=latest	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://importlib_metadata.readthedocs.io/	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://readthedocs.org/projects/importlib-metadata/badge/?version=latest	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://docs.python.org/3/library/importlib.metadata.html	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://github.com/psf/black	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://github.com/python/importlib_metadata/workflows/tests/badge.svg	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://cffi.readthedocs.io/en/latest/using.html#callbacks	_cffi_backend.cpython-310-x86_64-linux-gnu.so.16.dr	false	unknown
https://img.shields.io/badge/code%20style-black-000000.svg	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://img.shields.io/badge/skeleton-2021-informational	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://github.com/python/importlib_metadata	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://blog.jaraco.com/skeleton	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://github.com/python/importlib_metadata/issues	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://img.shields.io/pypi/pyversions/importlib_metadata.svg	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://img.shields.io/pypi/v/importlib_metadata.svg	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://pypi.org/project/importlib_metadata	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://github.com/tailhook/injections	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://pypi.org/project/fake-useragent/#history)):	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://docs.python.org/3/reference/import.html#finders-and-loaders	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://www.w3schools.com/browsers/browsers_stats.asp	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://pypi.org/project/black/)	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown
https://github.com/fake-useragent/fake-useragent/blob/main/AUTHORS).	flow.elf, 6229.1.000000000104e000.0000000001070000.rw-.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	SecuriteInfo.com.Linux.Siggen.8107.19273.21368.elf	Get hash	malicious	Unknown	Browse
	pl.arm6.elf	Get hash	malicious	Gafgyt	Browse
	pl.mpsl.elf	Get hash	malicious	Gafgyt	Browse
	pl.arm4.elf	Get hash	malicious	Gafgyt	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.ELF.CVE-2021-4034-T.6244.4007.elf	Get hash	malicious	Unknown	Browse
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	arm61.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse
91.189.91.42	SecuriteInfo.com.Linux.Siggen.8107.19273.21368.elf	Get hash	malicious	Unknown	Browse
	pl.arm6.elf	Get hash	malicious	Gafgyt	Browse
	pl.mpsl.elf	Get hash	malicious	Gafgyt	Browse
	pl.arm4.elf	Get hash	malicious	Gafgyt	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.ELF.CVE-2021-4034-T.6244.4007.elf	Get hash	malicious	Unknown	Browse
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	arm61.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	SecuriteInfo.com.Linux.Siggen.8107.19273.21368.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	pl.arm6.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	pl.mpsl.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	pl.arm4.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	http://beonlineboo.com	Get hash	malicious	Unknown	Browse	185.125.189.223
	i586.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.ELF.CVE-2021-4034-T.6244.4007.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
CANONICAL-ASGB	SecuriteInfo.com.Linux.Siggen.8107.19273.21368.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	pl.arm6.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	pl.mpsl.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	pl.arm4.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	http://beonlineboo.com	Get hash	malicious	Unknown	Browse	185.125.189.223
	i586.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.ELF.CVE-2021-4034-T.6244.4007.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
INIT7CH	SecuriteInfo.com.Linux.Siggen.8107.19273.21368.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	pl.arm6.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	pl.mpsl.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	pl.arm4.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	x86.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SecuriteInfo.com.ELF.CVE-2021-4034-T.6244.4007.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	arm61.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/tmp/_MEIx67uLe/_cffi_backend.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ed2f400ec911275cdcfe419baa7399c5750f536b, with debug_info, not stripped
Category:	dropped
Size (bytes):	985520
Entropy (8bit):	4.975071963360125
Encrypted:	false
SSDEEP:	12288:174Zto8W/RYL5GoI2W2WWuD28cnCkIpOnud3lwHKj:174hkeG7BTJkIlzj
MD5:	870A8D950571B3A486FC55D5AE604CA6
SHA1:	4BEE5EEB61B6CE762C42345BEF8623E1FA59966D
SHA-256:	9DB4618E0772E9707E3791BEB1A72F57F457EB765C7A76DE92A8BC2CCF85E932
SHA-512:	7046F3F6047BD178DE469FE5DD3609D9F26403A66CACD5DC2A91E3B71F3146B2B1BC626F7E1AABA1D145BFC8A4A7DC7C14B371E7B71A2ADB09CFE0D90F990A40
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@.......p...........@.8...@.%.$..................................{.......{..............................................m/......m/..............................................x.......x........................s......................h<.......i.......................\|......................................................p.......p.......p.......$.......$........................s..............................................P.td....\|"......\|"......\|"..............................Q.td....................................................R.td.....s......................P.......P...........................GNU../@...'\..A..s..u.Sk......................P...H....b&.A..0"...@.."-P.^@.......................................................................,^..y......MP^V.;_....^...W...P...<..Z(:.Z.E..s..Z(.Fj.E.1..#]..#ab.w..!.....`.Z(.\..p.B];........T~.....T..{/....#...4.y"..6'.@..................................................................................

/tmp/_MEIx67uLe/bcrypt/_bcrypt.abi3.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=59a01b5d3a6800fe52797e791ea5d81c655ba8b4, stripped
Category:	dropped
Size (bytes):	43336
Entropy (8bit):	5.637492196132291
Encrypted:	false
SSDEEP:	768:yy7GMXvn/3PHfXvn/3PHfXdqK+2JEvPHpTz3UgN33Vx5lqYSzrMPAgLa1vs:yywHpT35c6LaW
MD5:	1AFF51982EB4A7C90D08012D2FA0F61B
SHA1:	82A6CC087D5317CA54C2D7BB51A47F7484B3BB56
SHA-256:	CB58EB5A588380F73698024A34BAD5EFF52AB15ABFF8F3BCD6823E7C4AF2DB30
SHA-512:	D5B12BECA34CB735415CB7808F9EFDD2DE2F332544C4B329A7BE4DFB2922984870E3C79AF1B2971B9CAFF29C667DBE095E7099DA47E677DE98C58967313735B9
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@.......H...........@.8...@.....................................0.......0........................ ....... ....... ......QO......QO.......................p.......p.......p......................................p.......p.......p.......................................P.......P.......P............................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td............................d.......d...............Q.td....................................................R.td....p.......p.......p...........................................GNU.............................GNU.Y..]:h..Ry~y....e[......4...............L ........ ...... ... ).....J ...................................................... ...!..........."...#.......................$.......%...&...............................'...(...*.......+...,...........-.../...0...1...........3...

/tmp/_MEIx67uLe/cryptography/hazmat/bindings/_openssl.abi3.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=1e6eae65decfe239e139e79ba14710c3ecabcf8d, stripped
Category:	dropped
Size (bytes):	858960
Entropy (8bit):	5.618626322146065
Encrypted:	false
SSDEEP:	6144:gc81uC7rVWHFtxOE9K8fCcjG0WurCqsYwdMfeDqL7W8TBZ4:O1FrV2zOEM/urKYwa8CWQ
MD5:	605D5E724FFB45AED4E59382ADAC42ED
SHA1:	04BC336E8B93F8E0792431BA574334E3EE5B74F1
SHA-256:	DD61A9B0A6B3D2E00883B000BFCBE7BB6CF9E5029D4272697AACC5D69D5CA9D0
SHA-512:	3CEFD7D4C70483146A458B23BBB22B5CCF7693BF4EA981CB3FC0C2A68CAFDC2B05E76F53433466E72785145DD35C98EF2F3D45404A528A5513DCF0D80905D790
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@.......P...........@.8...@......................................`.......`.......................p.......p.......p.......r.......r..............................................@.......@.......................P.......P.......P........K.......L...................................................................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....n.......n.......n......\H......\H..............Q.td....................................................R.td....P.......P.......P...........................................GNU.............................GNU..n.e...9.9.G........'...F.............. Q......mp.f.F...............G.......H...I.......J.......K...........L.......M...N...........O...P.......Q...............R...................S...U...V...W.......X...Z....z;..s.....'C]?.Q.....qAL....&MOU.+;...g..69\^E.......}

/tmp/_MEIx67uLe/lib-dynload/_bz2.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d17e3de2dc59aa2cb080a24acb809318862278b8, stripped
Category:	dropped
Size (bytes):	32120
Entropy (8bit):	3.9633499821123674
Encrypted:	false
SSDEEP:	768:cuBPnfXPKC6yqiaSKC6yqiaSKC6yqiaSKC6yqiaSF91tld4E5gzAlKDI0Pe:cfEHQDI0
MD5:	E63B446654C05BE6D2235568E30F9FC6
SHA1:	F8881A78E6DC8FAAAD4C582E8F99CADB04EB02A9
SHA-256:	739AEA7A634F336564FE8EE9FC898598D54A86B85F052944A03DF2F18A17E21A
SHA-512:	42C29794E450F34386BC3820FD0BE93B51E926DC1CDA9FC3D8C964676B8D54C1B613FB8C83AC5FF0A36706DA2B94A64BFE4FE1E952515D0CAC93070DA5485729
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@.......8v..........@.8...@...................................................................... ....... ....... .......".......".......................P.......P.......P.......................................m.......}.......}......@.......H........................m.......}.......}.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....@\......@\......@\......,.......,...............Q.td....................................................R.td.....m.......}.......}......P.......P...........................GNU.............................GNU..~=..Y.,...J...."x.........7............@...@..7.........L................................................................................. ...................a...............................................D...............................................................

/tmp/_MEIx67uLe/lib-dynload/_codecs_cn.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=271fec538389e0b44d93bb037e145a9713f821d5, stripped
Category:	dropped
Size (bytes):	154128
Entropy (8bit):	6.578910642433931
Encrypted:	false
SSDEEP:	3072:zS3yV3AHSJC6Fk3MwDpHWR3N8urwowVmgTF:tTBcZKC5
MD5:	6A6BD4C39BAF16CF5C7D5F309F9BBD39
SHA1:	C90B70F71188B6F8E4C429861F1F7AB563C99AB5
SHA-256:	D035F163C498CFE2DA2B62C06C38C2EEFB757B8B5DF1C0B99C64A8E2F38FF816
SHA-512:	EACDAAC7DD7F756CE6D95F25FA127A0B64496607C84D1ADB42A87B2CF5689E15DC66A13181E45AB476235EDB74A896E873D7C73E1CFBF1AA76275B04579B1B12
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@........R..........@.8...@......................................................................0.......0.......0......i.......i........................P.......P.......P......<.......<................................................U.......U.......................N.......^.......^.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....................................................Q.td....................................................R.td.............................T.......T..........................GNU.............................GNU.'..S...M...~.Z...!........................."...........a9@`................................ ...................g.......................................................................8.......................(................................................... ...........

/tmp/_MEIx67uLe/lib-dynload/_codecs_hk.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=581b2b2daf99975167b6538c18db901765d86f7c, stripped
Category:	dropped
Size (bytes):	162352
Entropy (8bit):	2.763577359443068
Encrypted:	false
SSDEEP:	1536:mdqJ4ViPV3lf7eJ9JIDFNBs8Jvbe4VTh3D:mdSJt3J7eJ9JIDFNzZpVtD
MD5:	45E7D79E63B499ADEFA31CED29DC8077
SHA1:	7A5349A17DE625F00DC32A1761E2E13D23674F8B
SHA-256:	204387BA933146C36B98057CE0D847F0429C42735EC5859A0EA171A3A66C7111
SHA-512:	5082D28B925EA1C9B4A003FB561EC305BAD7BE913B68DB04A8AFA55F6AA355BC2D080F2445F37F76A8E6A1253989DC86DACD5A0DA73D7FA820E48802F8DF8795
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@........r..........@.8...@..................................... +...... +.......................0.......0.......0......i.......i........................P.......P.......P......H.......H........................<.......L.......L.......4.......4.......................n.......~.......~.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....88......88......88......\|.......\|...............Q.td....................................................R.td.....<.......L.......L.......3.......3..........................GNU.............................GNU.X.+-...Qg.S....e.o\|.....................................:@`................................ ...................g.......................................................................8...............................................(.......................................

/tmp/_MEIx67uLe/lib-dynload/_codecs_iso2022.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a955065648305a7a6a22a8e0292d83478a271559, stripped
Category:	dropped
Size (bytes):	31248
Entropy (8bit):	3.855221734076791
Encrypted:	false
SSDEEP:	768:u5iVK7Sti3ocUsEc0Mk8UsEc0MkjJNI2nkYDS+Zf4D+P255g:ugVK7Sti3+/4+P255g
MD5:	1E414C44824FCDEBD8978FB43BBF555E
SHA1:	94A4A001CE552DABD7E596AE6D2EFE10472324E6
SHA-256:	ECB8A1564EF7CEA5801FFC3F208A5F291E1EBF45641A967C88FB35A67AC9AB93
SHA-512:	69DD8C6BA417FE024CC38F899A41CC2843F346C99D94277BC2D240B7B0BE8CB686A896CB64EDD63908C917F31DFEA3F89F49CCB1099B2A5EE8F640D5FB2E099A
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@........r..........@.8...@...................................................................... ....... ....... .......$.......$.......................P.......P.......P.......................................f.......v.......v.......................................n.......~.......~.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....R.......R.......R......,.......,...............Q.td....................................................R.td.....f.......v.......v......P.......P...........................GNU.............................GNU..U.VH0Zzj"..)-.G.'.Y..................... ..............aS.B................................ ...................l...............................................................................................................................................................

/tmp/_MEIx67uLe/lib-dynload/_codecs_jp.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=36b2c97398a3e8f38c5c79d43276ff7c1c26f02e, stripped
Category:	dropped
Size (bytes):	272912
Entropy (8bit):	4.285310396301632
Encrypted:	false
SSDEEP:	3072:ho4aY4F8EyT1xupPxknCqXPvzU0PpV+J9kscm/DiyA:4F8EyTvupPWnCqXnnPpVkkg/O
MD5:	514F26142313E112761099491FFAA735
SHA1:	FE5E23DD9FA753D1E110FBF0929205FAF5066F57
SHA-256:	8454A449B90B70B760978EE64FDE147194F8289F72649205CCB51FF71D5C694A
SHA-512:	084A60BB49323AC7A182C08F76CD329FA9DC60C3728233DD409BA5C7368F6D5D9C9FF1398E326350A8A35040D2FEE7BAE300FAD1E2EA7215FB6869975EAA0141
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@........"..........@.8...@.....................................8N......8N.......................P.......P.......P......a2......a2...............................................................................Z.......j.......j...................................................................................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....J.......J.......J..............................Q.td....................................................R.td.....Z.......j.......j......p.......p...........................GNU.............................GNU.6..s....\y.2v.\|.&......................................K:@`................................ ...................g.......................................................................8.......................(................................................... ...........

/tmp/_MEIx67uLe/lib-dynload/_codecs_kr.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f7ff5c1f0f55f047b291bf40d435181a57b06c3f, stripped
Category:	dropped
Size (bytes):	141840
Entropy (8bit):	5.804285759770989
Encrypted:	false
SSDEEP:	1536:YOcT/RMonZHD1t9pA8DolfEmX0HCcKRa5AQMW/N3fiVcaj2+8onEEu:YlT5Monzx8fEFHDKRa5Au3kcW38on
MD5:	FE86E2802C93EA3CBD85DC919353FC38
SHA1:	9EF166CAF2624517E0CFE02C761D217C528B7716
SHA-256:	885B73C95D09313B1F1C22E4BA0B5F1C048CF13FA36982307D921C9C8170EA66
SHA-512:	A8E63878BD582565C969FD99ADDDC8E75AFB51E35F3436078E8A9EBB8ACAF6D7174D41F6900E828B947BEBF4785BF002309BF7B23BA84375095B32C94730B640
Malicious:	false
Reputation:	low
Preview:	.ELF..............>.............@........"..........@.8...@......................................(.......(.......................0.......0.......0......a.......a........................P.......P.......P....................................p.......p.......p........5...... 5...................................................................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....................................................Q.td....................................................R.td....p.......p.......p........3.......3..........................GNU.............................GNU...\..U.G...@.5..W.l?........................."..........m:@`................................ ...................g.......................................................................8.......................(................................................... ...........

/tmp/_MEIx67uLe/lib-dynload/_codecs_tw.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=bbe80590601c759b20687f46b428138371aa7766, stripped
Category:	dropped
Size (bytes):	113168
Entropy (8bit):	5.819791524511206
Encrypted:	false
SSDEEP:	1536:0P5EtmOxZeWjma5eoUXhQZwDME6VW40NEZEhZTnc/Nh7rihuJuAe/lR:0P4FZe3aYoURHVX40OETLYdiBA+lR
MD5:	70AC5EF828F24F35BB628F36A6564289
SHA1:	F65F3601086CD3325D0170A1036237F21D36E1BC
SHA-256:	505D7128555E8737E15A815CD585F2060D5BF25D1E8E31BED9797E567D165394
SHA-512:	C4CED13310520AB3210D6474AB8A0868E81B8DA4CD167154EDBB477350B8A385C7E713FE254A0006A5DDB8BAFDDBC02D9CA333A36D24C4C1E2884F62AB61E3FD
Malicious:	false
Preview:	.ELF..............>.............@..................@.8...@.....................................p.......p........................ ....... ....... ......A.......A........................0.......0.......0.......6.......6.......................l.......\|.......\|.......D.......D...................................................................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....c.......c.......c..............................Q.td....................................................R.td.....l.......\|.......\|......PC......PC..........................GNU.............................GNU.....`.u. h.F.(..q.wf.........................@...........;@`................................ ...................g.......................................................................:.......................J................................................... ...........

/tmp/_MEIx67uLe/lib-dynload/_contextvars.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3d85a5e9b32cd79ac70a020f158180e090ccf1a8, stripped
Category:	dropped
Size (bytes):	14536
Entropy (8bit):	1.2760077178510911
Encrypted:	false
SSDEEP:	96:R+tZAiBWBMse0ACWMJhZWbtgcCKrOiOvxn54mg:RwZH81vAmJhZWpFzKiM
MD5:	FAD5657BE3D3DF59E4409CC3AC3876B6
SHA1:	9E48D38437DE7F27DD89628214FF1BF7F436D13B
SHA-256:	A700AC1C9B0D1EEB97094E18078642B5A88475726F0AD8736D92F58676602154
SHA-512:	73329C2B59CEF298138419F03ECC317964574FE63E434FB3587EBA2AA58CAE933FA0130CCB7AA29D9E9062E14DD9894E544516732FE3103B7320179A41FDA42D
Malicious:	false
Preview:	.ELF..............>.............@.......H2..........@.8...@.............................................................................................................................. ....... ....... ......`.......`.......................8.......8>......8>......................................H.......H>......H>.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....L ......L ......L ......D.......D...............Q.td....................................................R.td....8.......8>......8>..........................................GNU.............................GNU.=...,................................................!..}....................................................F... ...................i.......................................................................,... ....................... ...................................

/tmp/_MEIx67uLe/lib-dynload/_ctypes.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e92627054248c18027e5dcdac11df158041d594b, stripped
Category:	dropped
Size (bytes):	132120
Entropy (8bit):	5.36262556263737
Encrypted:	false
SSDEEP:	1536:iJjyiPaImj/5ICg2kvQf44VVX6Q8S70B5B4pCIhvuSTwnGLz:ive1Aq1vX65S707B4pCIhvRTw
MD5:	4D7894CD042BE3C8798970A4F3C6751D
SHA1:	8BA3D9EA409AC5D2A3417376AE5D54D6F1A4839E
SHA-256:	16B1ABC80A026D58203AE2BB99789A8EFF46DB68D25B69A276ACF73B51462692
SHA-512:	DC45F914C8536C6141D866CE41721EC7EE8CCB7C45D9C0E44F7E3EA73B09F66A1A5E913385114CF07F6CC8C8FB6C6791B841EC59E6C025E2D8D03424571C6834
Malicious:	false
Preview:	.ELF..............>.............@...................@.8...@......................................^.......^.......................`.......`.......`.......................................`.......`.......`......\X......\X......................X.......X.......X........>.......>......................h.......h.......h............................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....L.......L.......L.......$.......$...............Q.td....................................................R.td....X.......X.......X...........................................GNU.............................GNU..&'.BH..'......X..YK....................................9W......................................................F...............................................Z...............................................................................................................

/tmp/_MEIx67uLe/lib-dynload/_decimal.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7f8299dec6439d65236d86ce686c90e4e4e5d206, stripped
Category:	dropped
Size (bytes):	180632
Entropy (8bit):	5.585746750635371
Encrypted:	false
SSDEEP:	3072:Xej/rB0t8sCFEY/HlbpCd0CVf2X5B3dTUqeEoWJGHQdp:i0t85FlCOJB3dTUqeEoW8
MD5:	CC0A5D8BDDA933AEB1B7059B10257586
SHA1:	132B3E10C77391567BA57CD81861DE776BEF9FF7
SHA-256:	56A7C17060BCA2EE27DC8245A108CFD3F5DA125A9357BB5A74B13883A53E929B
SHA-512:	95EF3477BA0C9A40FEBB228B056688FD9B6434823299229ECF4BF55EAEB1A4AC209E900DF3C9922C5EF63399B8132CFCF7C42EF64CF449F6F0A503E74AAF2D49
Malicious:	false
Preview:	.ELF..............>.............@...................@.8...@......................................t.......t...............................................@.......@..............................................0.......0...............................................H,......8-......................(.......(.......(............................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....\|<......\|<......\|<..............................Q.td....................................................R.td................................................................GNU.............................GNU......C.e#m..hl...........................................G~.............................................................................}.......................................................................................................................n...............

/tmp/_MEIx67uLe/lib-dynload/_hashlib.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=bdd0048456f1021dab11fcdf8cea59ba8b84864b, stripped
Category:	dropped
Size (bytes):	63728
Entropy (8bit):	5.19928229267002
Encrypted:	false
SSDEEP:	768:pUf/EBsIbjbzrD7TLjbzrD7TLjbzeWum+2OGeWum+2OGeWum+2OGeWum+2OGJxZM:py/Omezop5sVLFMmmEwBViPs
MD5:	52A9305F5153CEC04457107302797D46
SHA1:	8CF0C32855F9339DDD10FC715B648B3D4B2EB94A
SHA-256:	ED8DDC0D3891FED3308A11F5834344FE3EF510C4A77BCE3B2F42D55513F77F05
SHA-512:	0923A45469295323732F0E903E108A76D0D52AC1F1AEC2B386468A0A85C6D511B3328C071066B36D0FD29F954F7CD27058D1040F0F433114772DC46B756A2121
Malicious:	false
Preview:	.ELF..............>.............@...................@.8...@......................................9.......9.......................@.......@.......@......._......._...............................................7.......7..............................................x............................................................................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....................................................Q.td....................................................R.td................................................................GNU.............................GNU.....V........Y....K........n.......................n....3.............................d...............................................M.......................7........................................................................... ...................................

/tmp/_MEIx67uLe/lib-dynload/_json.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6aeb5e9ddaffc4186adf4a718d896d495dc491bc, stripped
Category:	dropped
Size (bytes):	49160
Entropy (8bit):	5.292859706792318
Encrypted:	false
SSDEEP:	768:7b7VtaSF91tldVNF91tldVNF91tldVNF91tldVNoAYwIg4QoAYw45g4QoAYwIg4b:7bEhuGvNc2eCFvOxxrkMoNqXRy
MD5:	3B9E0A2316BAB1225F6594D3BD1B39D7
SHA1:	C50D72764B7141524F144DECB73E99FB5DB6E281
SHA-256:	188FFE352896CFAF2CF102299035E7BC4A5F25275FF6341358473F0D6A75B786
SHA-512:	67AD1170C67C6F53710200DCC60F6688BEAA87E6D72C0C25035F48CD50772498383FF96D29CC0ADA60DA802229FAED8B8EB58EB7E5E7B7DA2F781E0D2CA1597D
Malicious:	false
Preview:	.ELF..............>.............@...................@.8...@.....................................0.......0........................ ....... ....... .......f.......f..............................................T.......T...............................................p.......x....................................................................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....`.......`.......`...............................Q.td....................................................R.td................................................................GNU.............................GNU.j.^.....j.Jq..mI]..........L...................L.....................................................................................V.......................~..............................................._.......................x.......................................

/tmp/_MEIx67uLe/lib-dynload/_lzma.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6d2f32d58a5df0728774fa80580ece4f44b5255d, stripped
Category:	dropped
Size (bytes):	45240
Entropy (8bit):	4.663139519878681
Encrypted:	false
SSDEEP:	768:laEg1UO7dF91tldVNF91tIg4QoAYwIg4QoAYwIg4QoAI5wIg4QoAYw7zrjbTLD75:47wd4uE6yVxhzNHG55
MD5:	463D21ECF8ACE3F7B26E65321554CDA2
SHA1:	221A6B3D692A05A012B406396C25F563552DB3A6
SHA-256:	EFCC8EE2A226B25F31A977B80D65D95DEE1A63DD269A5C53F3C0D3E8C19E643C
SHA-512:	5BA484D476425850C46CDFB67CBE0DCF89FB100AE9173769561114B1A6BF9662B4027B2BCE66438160B5450A54475411E8AAE073EA4912353F5BDA08B6CC1B30
Malicious:	false
Preview:	.ELF..............>.............@.......x...........@.8...@......................................".......".......................0.......0.......0.......8.......8.......................p.......p.......p......<$......<$......................p.......p.......p....................................................................................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....................................................Q.td....................................................R.td....p.......p.......p...........................................GNU.............................GNU.m/2.].r.t..X..OD.%]........T...................T.................................................................................................................. ...........................................*.......................b.......................4...............

/tmp/_MEIx67uLe/lib-dynload/_multibytecodec.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b76ad1c2d4794921864e4a341e8df7b7a4519716, stripped
Category:	dropped
Size (bytes):	50328
Entropy (8bit):	5.092191621283931
Encrypted:	false
SSDEEP:	768:V/KTREBlczBL4og4wIAYQog4wIAYQog4wIAYw5og4wIALjbzrD7TLjbzrD7TLjbe:BK95RcbM
MD5:	A54F402ABF54D34F557FB72AE248C2FE
SHA1:	6218A5708B8C490B270FDF47327CC48C9F1FC2E1
SHA-256:	D3AFCB499245780CD2B449C5555EA4D4D80CED7EFA778ED035ED051532C37A18
SHA-512:	A8A65DBBEEBF0FB1A27A48E6C388CB299E553B3B4D6E973A1AA1D4E98D5828B8955306B4820AC2B8A203B6CB56BA1A9FE2AD2B9B94D56A7D9CCDCFF6C5A466CD
Malicious:	false
Preview:	.ELF..............>.............@.......X...........@.8...@.....................................x)......x).......................0.......0.......0......}X......}X..............................................................................P.......P.......P.................................................................................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.................................................Q.td....................................................R.td....P.......P.......P...........................................GNU.............................GNU..j...yI!.NJ4.....Q..........].............. ...@....]....o.N........................................................................................................ ...................s.......................l...............................................................

/tmp/_MEIx67uLe/lib-dynload/_multiprocessing.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3d98325706828fff98c9c51b55470601a34b0050, stripped
Category:	dropped
Size (bytes):	24336
Entropy (8bit):	3.665117753675592
Encrypted:	false
SSDEEP:	384:jVmsfTVt4ZeXnfXPH/3vnfXPH/3vqiaSKC6yqiaSKC6yqiaSU0tUZnRdXu6YMT:JRfTVLXnfXPH/3vnfXPH/3vqiaSKC6yc
MD5:	9F0468DCD6EE7C05BDE411831501B6BF
SHA1:	10446C991636E78D9024A58DAD008B145E54BCE1
SHA-256:	566CE9B50B5016208DA5E337B8F7EB240B16DF04FFAB6423B68BF0B8553F32EF
SHA-512:	91F93ADEFDDED0CFB8B3E33A0397FB4DA25479A7C2FFEBEE7F5454E6D43720D04D0C0222BC718D3C6886F02EF278C8C2516DD9C4DC0D46C1CEF55250C8CC2479
Malicious:	false
Preview:	.ELF..............>.............@........W..........@.8...@...................................................................... ....... ....... .......................................@.......@.......@......P.......P........................M.......].......].......................................M.......].......].............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....E.......E.......E..............................Q.td....................................................R.td.....M.......].......]......p.......p...........................GNU.............................GNU.=.2W........UG...K.P........0...................0......................................................................................... ...................,.......................m.......................g.......................^.......................L...............

/tmp/_MEIx67uLe/lib-dynload/_opcode.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7318afefac295d968b1e800563ea0e44765649b1, stripped
Category:	dropped
Size (bytes):	14672
Entropy (8bit):	1.9346151242161418
Encrypted:	false
SSDEEP:	96:RIEowBWBGEuUBO9ACWuZxpB5RJh4pHdK2//+VU1dOi5e6jUnX:R8w8gVUg9AUZxpB5RJhWHg237ei
MD5:	C80BBC97C66657B8D1D024FC58E1CA32
SHA1:	ADFA97795E582CA5C13ED1FA1548EE518AD1AE94
SHA-256:	EAF60CF82E21D9468C5966CF1A920308403089FBE5661B2146AAFE2C818399A6
SHA-512:	B97E80D2B7E663BBE012FF85EF90ACAE3C137565171F09A38BAAD7CDE958029E735772A49A30529E7E20BA4224246CBE692C69CC1E957A58B185FDC0FF810EDD
Malicious:	false
Preview:	.ELF..............>.............@........2..........@.8...@.............................................................................................=.......=........................ ....... ....... ...............................................>.......>......X.......`.......................@.......@>......@>.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....h!......h!......h!......<.......<...............Q.td....................................................R.td.............>.......>..........................................GNU.............................GNU.s...)].....c..DvVI....................................................................................................................F... ...........................................d.......................................................................................

/tmp/_MEIx67uLe/lib-dynload/_posixshmem.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a893ad39bb16ba959725f0d20481efee588d2dde, stripped
Category:	dropped
Size (bytes):	14992
Entropy (8bit):	2.3669213890447103
Encrypted:	false
SSDEEP:	192:RRAZ8jYW4oaU0sE8UMkc0avE8UM7e5VxrtIP8iNA:XAOYW4dU0sE8UMkc0avE8UMS9+A
MD5:	AE28DBBE0EAAC7503A837D19CD778426
SHA1:	167C90C63F7A59AD41D56B267FD38C4017B5CCC9
SHA-256:	8874FF77C10EF2F0E36DA85D2F6996B92EA6A514681B6D03B54CFECC97E7906B
SHA-512:	56D5B386EDC335B4F91E97CF6F60F5EAC8BF68A01A71A0A9EF3137EE50FEB4A1EAEA0BCBECD03A3895414CDB81FCC3081DEA5EB1769EC33CA2F1FFD63C0E6148
Malicious:	false
Preview:	.ELF..............>.............@.......P3..........@.8...@.....................................0.......0................................................................................ ....... ....... ......<.......<........................-.......=.......=......X.......`................................>.......>.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....!.......!.......!......<.......<...............Q.td....................................................R.td.....-.......=.......=......P.......P...........................GNU.............................GNU....9.....%......X.-...................... ................................................................................................. ...................h...............................................y.......................5.......................................

/tmp/_MEIx67uLe/lib-dynload/_queue.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a3c4e6f427190d92ae9db00bbb9548fa5c54fcc2, stripped
Category:	dropped
Size (bytes):	23664
Entropy (8bit):	3.504464735766022
Encrypted:	false
SSDEEP:	384:YQTI6GJXX3vnfXPH/3vnfXPH/3vnfXPH/3vqiaSKUZ2PhhzRJS/hIaq6rI/2:YQUPX3vnfXPH/3vnfXPH/3vnfXPH/3vM
MD5:	D1747A367908D5D7922ABF405DB21D9A
SHA1:	0694DFF30FBB87DE7D5026CB41744E847CBBC963
SHA-256:	02D2FA24083FB75694FF3F7D26C3BDA3F17DB03157023442DDC923CCF3F42F9C
SHA-512:	2A7D54F56D3367003DE9E514C2569FF0F9B3FC5268D87158C326B4515F4B2F1ED8E2EE2ED2FC30F62DE1866EA3FEB05D578B67A23BD46FD8AE91AB0B93E13CD1
Malicious:	false
Preview:	.ELF..............>.............@........U..........@.8...@.....................................H.......H........................ ....... ....... .......................................@.......@.......@......@.......@........................M.......].......]...................................... N...... ^...... ^.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....8G......8G......8G..............................Q.td....................................................R.td.....M.......].......]......P.......P...........................GNU.............................GNU.....'.........H.\T..........+............... .......+...%.Cm............................................................................................................................i.......................t.......................F... ...................................

/tmp/_MEIx67uLe/lib-dynload/_ssl.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=174b847b3e5356edcfcb9440b162efda7e57eae7, stripped
Category:	dropped
Size (bytes):	225296
Entropy (8bit):	4.942011752089717
Encrypted:	false
SSDEEP:	3072:tPxaIXSnGhbLyGBtEhGSSBk2n6GxpgVHkSVGCypsR:hxaIQeAGqpkSVGCypo
MD5:	DE3916BB6F25E2714F2B573783F03816
SHA1:	AC3B377957C44378E930A7238644B3E44C4DC86E
SHA-256:	2A639F489A398697FB56A0B3BBBC28DFB656EF029547B9DE394ED525508C7D43
SHA-512:	114B73BE78625D0F6134ED901F380F37535E33DF4AF51E2ED1FA47E62929871795580841799736B2D9CA42B47DE9DCE17E1E7FBC14F07F8EC06E1DA586545F5A
Malicious:	false
Preview:	.ELF..............>.............@........h..........@.8...@...................................................................... ....... ....... ..............................................................................................0.......0.......0.......X.......h.......................X.......X.......X............................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.................................................Q.td....................................................R.td....0.......0.......0...........................................GNU.............................GNU..K.{>SV...@.b..~W..........Y...................Y.......33M.....................................................................................................B...............................................\...............................................................

/tmp/_MEIx67uLe/lib-dynload/_uuid.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5f3d3bf42c567a8d3ccd8642a0b1e2dfeec11f43, stripped
Category:	dropped
Size (bytes):	14688
Entropy (8bit):	1.366995546790877
Encrypted:	false
SSDEEP:	96:RigpBWBU+YlwCW1RB5RJH7zPwxndbiOvJAGdlM2g:R78C+YlwzRB5RJHHPwxliWA
MD5:	296F2CD2EAE76A88A83A5E5B9D3537C3
SHA1:	CC36B29BEB451858C05614605B5A1131F75A0A57
SHA-256:	3D4F30A9CDBC39EA559B0B302FBA56741653E34FB9101111F54CF454EA7E44EC
SHA-512:	7AFD348EAD3D53D51896D6A47EC02246FF53795580733854C7BA3E91AD71B493E3C86AD0DFA03910E09758638CD477B3F9812D00BFB8DD635A55EAE63C54FDB7
Malicious:	false
Preview:	.ELF..............>.............@.......`2..........@.8...@.....................................8.......8...............................................9.......9........................ ....... ....... ......,.......,................................>.......>......(.......0................................>.......>.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....( ......( ......( ......<.......<...............Q.td....................................................R.td.............>.......>..........................................GNU.............................GNU._=;.,Vz.<.B.......C...................................................................s........................... ...................b................................................... ...................................................................,... ...........

/tmp/_MEIx67uLe/lib-dynload/mmap.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=da188afdc68626afc5bd36ad3b1dd89e8ff84032, stripped
Category:	dropped
Size (bytes):	32600
Entropy (8bit):	4.634701129948385
Encrypted:	false
SSDEEP:	768:q30t6KC6yqiaSKC6yqiaSF91tldVNF91tldVNF91tldVNF91tldVNoAYwMEa3kDj:q3CEai
MD5:	5DF7A6AC240326AC5D5035AAA9FD487F
SHA1:	D6C8248E71CA3AFD1F7524BD54C244DB4D58FEC6
SHA-256:	603E9A3A8BD6F1AF0DA7C7996888C43DAF05CFA5C9013C02402B47ED0B98276B
SHA-512:	C515BF17C4F418224C589DE5EA6E88581ED98B618BAF49092B9F0E12835624F5A1DA097D87ECC59932450BF6965F98CD61F9CA7A52A5BFB866EE05354B10C827
Malicious:	false
Preview:	.ELF..............>.............@.......Xx..........@.8...@...................................................................... ....... ....... .....................................P.......P.......P.......................................m.......}.......}......X.......`........................m.......}.......}.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....[.......[.......[..............................Q.td....................................................R.td.....m.......}.......}......8.......8...........................GNU.............................GNU......&..6.;....@2........D...................D.........T................................................................................. ...................................................................a.......................U.......................................

/tmp/_MEIx67uLe/lib-dynload/readline.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0176e2bbf93b1808600b9eea70363b299459711f, stripped
Category:	dropped
Size (bytes):	40672
Entropy (8bit):	4.3036118739401275
Encrypted:	false
SSDEEP:	768:WqkzCbrA4wIAYQog4wIAYQog4wIAYQogrD7TLjbzrD7TLjbzrD7TLjbzrD7TLjbD:NWYHxyqU
MD5:	2FF617818EA8BACC4CCA5206E9374BDC
SHA1:	D196FBE5F7401FD144FFC6ACD552F3A25580FEC9
SHA-256:	623E8C68CB51237C0EC8AA82B3BF744DA771E8237685F3B0E8E62489CF136834
SHA-512:	01EC9F01EF2A659B6ECAB19DCA93CA120B63F2AFBB3EFFF9861C337277A0E806241E3A6D1C591758F3AAE905976F0DCC39ED0BD3CC4DEC8F65B4B9E3A4C0A26F
Malicious:	false
Preview:	.ELF..............>.............@...................@.8...@......................................).......).......................0.......0.......0......%......%.......................`.......`.......`......................................0.......0.......0.......x...............................@.......@.......@............................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....s.......s.......s..............................Q.td....................................................R.td....0.......0.......0...........................................GNU.............................GNU..v..;..`...p6;).Yq.........p............... .......p...%]......................................................i...............................................................................................j...............................................................

/tmp/_MEIx67uLe/lib-dynload/resource.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2ee58fae68a7aa956214eb225e72fcc44102ac67, stripped
Category:	dropped
Size (bytes):	19424
Entropy (8bit):	3.550892117951
Encrypted:	false
SSDEEP:	384:DsbVzZn0kc0sE8Xvn/3PHfXvn/3PHfXvnars1J1ij:AbVx0kc0sE8Xvn/3PHfXvn/3PHfXvnUp
MD5:	54C7A4760F8542F66440BECE1895E97C
SHA1:	B84F3C8DD6BAE39D5D56406C27DC244771F5DF88
SHA-256:	C81CFCE6CEEBA3524AF1C23862471A155D70843CF7B9B08F8EF09B2F6701BBDF
SHA-512:	AA6705DDFB8357E30867BD4BF4C88AA294E4743B083D9DB1C0E88BFD018E8B89C9EEACBAB10BA823A2A62D9D26FE36195D2DB81ACDCB462338DDB1503269BB54
Malicious:	false
Preview:	.ELF..............>.............@........D..........@.8...@.....................................0.......0........................ ....... ....... ......y.......y........................0.......0.......0.......................................=.......M.......M.......................................>.......N.......N.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....6.......6.......6..............................Q.td....................................................R.td.....=.......M.......M..........................................GNU.............................GNU...h...b.."^r..A..g........#.......................#...IZ................................................................................. ...................e......................._.......................................................................O...............

/tmp/_MEIx67uLe/lib-dynload/termios.cpython-310-x86_64-linux-gnu.so

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=20995ace64bf6184cc89bafd2d6dd344ffe4a064, stripped
Category:	dropped
Size (bytes):	31296
Entropy (8bit):	3.586145834852815
Encrypted:	false
SSDEEP:	768:MzLHu4l3H/3vnfXPH/3vnfXPH/3vqiaSKC6yqiaSKCPCCUSTuCC2OHA:MGEHTuC/
MD5:	4F1658AB53E36333B6A3FD0AB1DDF8A2
SHA1:	DCB13D18B4001869725E37571865577E8CF39A2D
SHA-256:	E1DD1448306BEEDA1F8179510C19A1E7E3A0D1B038EE3F6AFBA1BB1EB71B0591
SHA-512:	007095C94A877E6021498855FA1C0C89923876E2809E8AEF1CD9FE78B7795691A0F3E8CAE15B34B716DC4E0C98658D6D56893914596C9B28406DB0158EAB67C1
Malicious:	false
Preview:	.ELF..............>.............@.......@s..........@.8...@......................................'.......'.......................0.......0.......0.......................................@.......@.......@.......................................^.......n.......n.......................................^.......n.......n.............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td.....P.......P.......P..............................Q.td....................................................R.td.....^.......n.......n..........................................GNU.............................GNU. .Z.d.a....-m.D..d..................................E..J............................_................................................... ...................d...............................................#...............................................j...............

/tmp/_MEIx67uLe/libbz2.so.1.0

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e56b62c27bcc7ace8f9be36b255bd7b31bfde405, stripped
Category:	dropped
Size (bytes):	74848
Entropy (8bit):	5.719345328763217
Encrypted:	false
SSDEEP:	768:BAtcnfXPH/3vnfXPH/3vnCYtutQpC2ah/5WqlRNcH+J2dY1onwZ3F6XV7MYwQAp2:CYtB42ihNDg9WEXVQYp+BwySzOAZR8
MD5:	CE4B6426EDFD19EEE5C7FF0E4E911112
SHA1:	C38894EC21666A76704AEB2B302E8F07BDB583BA
SHA-256:	5E516F77FC36DD924FDF02C8489A217F55FA1548883D32C3A5E041FB25D47D6E
SHA-512:	132A929F29FE32AC843692CFA3DDD502EB6173CC8EBD009BA8CF5E5C5F174D4F75A7E3970E52577AD9966892FC7110800D8B2B222CAC23F7A6C81ABB9EB94E0A
Malicious:	false
Preview:	.ELF..............>.............@.......`...........@.8...@.....................................H.......H........................ ....... ....... ......q.......q....................................................................................................................................... ....... ....... ............................................................... ....... ...............................................$.......$...............S.td............................ ....... ...............P.td....`.......`.......`.......\|.......\|...............Q.td....................................................R.td............................p.......p...........................GNU.............................GNU..kb.{.z...k%[..........................@..@.......x......2........T. `............!...#...&.......,.......0...2...3...5...7...8...9...<...k.G..=..P.F....a.G..zi...X...%..t..$...j\|.9...f...&W.H.3.B..i<q.K..........7#..&...pYO...5..J.6}....z..]..r.7..YZ..V.....`.

/tmp/_MEIx67uLe/libcrypto.so.3

Download File

Process:	/tmp/flow.elf
File Type:	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, missing section headers at 4455664
Category:	dropped
Size (bytes):	4407296
Entropy (8bit):	6.1754547011269025
Encrypted:	false
SSDEEP:	98304:wiHCj1FnCPwCto3n8gABa8z6akOSqkkhIr3lWzAKctxw+rcsWrRN:wqCj1FnCPwCto3n8gUzLx0cPNN
MD5:	F4BB6F78B61D489531A2DFA41F7B55C1
SHA1:	60680B1054B7B24D41B6A8C64C16500C53DC96A1
SHA-256:	5F0A450EE0299CC3F25F01C3E67E75CB564476C3494BB82F4DFE0CAE0B6B215F
SHA-512:	D2E75C848D80B7CDC058B494E34F51D694C8B49DA32120D0B927CC15E3B20EAE7ABF249DCC2A216FF0D5DB59E717E16DAE88226DF8BB9EAB5E0D1167AFCCDE99
Malicious:	false
Preview:	.ELF..............>.............@.........C.........@.8...@...................................................................... ....... ....... ......1.%.....1.%.......................1.......1.......1.......................................>......>>......>>.......................................C.......C.......C............................................................. ....... ...............................................$.......$...............S.td............................ ....... ...............P.td......6.......6.......6......3.......3..............Q.td....................................................R.td......>......>>......>>.....0.......0...........................GNU.............................GNU.U........7.x.KD.u.7....................Y.X.M...a.... ........................a.V..........4.....$....0.........4.......bDE.R....>.@W..%..\(.AC.D...........An....D.."......D..H...A.(..@....8..P.43...Y... .....Dk(...M..!B.3G@.E.*@.`I....E..@...@"!..).. ...a..@...$U0...

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=04804d3c31218f938502cbed5cdd1af09d59a8f0, for GNU/Linux 2.6.32, stripped
Entropy (8bit):	7.994755915681597
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 49.77% ELF Executable and Linkable format (generic) (4004/1) 49.46% Lumena CEL bitmap (63/63) 0.78%
File name:	flow.elf
File size:	9'325'680 bytes
MD5:	3f110a26621193c8e1a7c8f58231ad3f
SHA1:	39c767af6e1da1bd504e986107526c72a566c87e
SHA256:	d7bece4b8b7eab33488a5ade41981d63f5217f5451d381daabc98758970a8282
SHA512:	61fb078f4e0051c7b6642386a3cacedc332c0127bb598c8b71ef3488a471cda26585efdecbdcde4298ee061384101bd9c95d9177bcea15102cf4b2043ba9c22b
SSDEEP:	196608:5UWaf1Ko6sGqRd2ivzaBt1aXEaLpodb9WMPJwXfqNeVWtlPrQBs:5aQEGhiOBfaX/L6db9WMeXdI
TLSH:	B79633EFDDB24177C0C0703517A9D8292A6562EFE7465B6C16A483302DD31AB6CAB73C
File Content Preview:	.ELF..............>......$@.....@.......pE..........@.8...@.............@.......@.@.....@.@.....h.......h.................................@.......@...............................................@.......@...................................... ....... @....

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4024e6
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	11
Section Header Offset:	9323888
Section Header Size:	64
Number of Section Headers:	28
Header String Table Index:	27

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.interp	PROGBITS	0x4002a8	0x2a8	0x1c	0x0	0x2	A	0	0	1
.note.gnu.build-id	NOTE	0x4002c4	0x2c4	0x24	0x0	0x2	A	0	0	4
.note.ABI-tag	NOTE	0x4002e8	0x2e8	0x20	0x0	0x2	A	0	0	4
.gnu.hash	GNU_HASH	0x400308	0x308	0x28	0x0	0x2	A	5	0	8
.dynsym	DYNSYM	0x400330	0x330	0x738	0x18	0x2	A	6	1	8
.dynstr	STRTAB	0x400a68	0xa68	0x2e5	0x0	0x2	A	0	0	1
.gnu.version	VERSYM	0x400d4e	0xd4e	0x9a	0x2	0x2	A	5	0	2
.gnu.version_r	VERNEED	0x400de8	0xde8	0xb0	0x0	0x2	A	6	3	8
.rela.dyn	RELA	0x400e98	0xe98	0x48	0x18	0x2	A	5	0	8
.rela.plt	RELA	0x400ee0	0xee0	0x6f0	0x18	0x42	AI	5	22	8
.init	PROGBITS	0x402000	0x2000	0x1a	0x0	0x6	AX	0	0	4
.plt	PROGBITS	0x402020	0x2020	0x4b0	0x10	0x6	AX	0	0	16
.text	PROGBITS	0x4024d0	0x24d0	0x61e2	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x4086b4	0x86b4	0x9	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x409000	0x9000	0x2bd8	0x0	0x2	A	0	0	16
.eh_frame_hdr	PROGBITS	0x40bbd8	0xbbd8	0x2d4	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x40beb0	0xbeb0	0x1368	0x0	0x2	A	0	0	8
.init_array	INIT_ARRAY	0x40ede8	0xdde8	0x8	0x8	0x3	WA	0	0	8
.fini_array	FINI_ARRAY	0x40edf0	0xddf0	0x8	0x8	0x3	WA	0	0	8
.dynamic	DYNAMIC	0x40edf8	0xddf8	0x200	0x10	0x3	WA	6	0	8
.got	PROGBITS	0x40eff8	0xdff8	0x8	0x8	0x3	WA	0	0	8
.got.plt	PROGBITS	0x40f000	0xe000	0x268	0x8	0x3	WA	0	0	8
.data	PROGBITS	0x40f268	0xe268	0x10	0x0	0x3	WA	0	0	8
.bss	NOBITS	0x40f280	0xe278	0x42e8	0x0	0x3	WA	0	0	32
.comment	PROGBITS	0x0	0xe278	0x5c	0x1	0x30	MS	0	0	1
pydata	PROGBITS	0x0	0xe2d4	0x8d619f	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x8e4473	0xfa	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
PHDR	0x40	0x400040	0x400040	0x268	0x268	1.8415	0x4	R	0x8
INTERP	0x2a8	0x4002a8	0x4002a8	0x1c	0x1c	3.9408	0x4	R	0x1	/lib64/ld-linux-x86-64.so.2	.interp
LOAD	0x0	0x400000	0x400000	0x15d0	0x15d0	2.6681	0x4	R	0x1000		.interp .note.gnu.build-id .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt
LOAD	0x2000	0x402000	0x402000	0x66bd	0x66bd	6.0321	0x5	R E	0x1000		.init .plt .text .fini
LOAD	0x9000	0x409000	0x409000	0x4218	0x4218	5.6547	0x4	R	0x1000		.rodata .eh_frame_hdr .eh_frame
LOAD	0xdde8	0x40ede8	0x40ede8	0x490	0x4780	2.1833	0x6	RW	0x1000		.init_array .fini_array .dynamic .got .got.plt .data .bss
DYNAMIC	0xddf8	0x40edf8	0x40edf8	0x200	0x200	1.5519	0x6	RW	0x8		.dynamic
NOTE	0x2c4	0x4002c4	0x4002c4	0x44	0x44	3.4225	0x4	R	0x4		.note.gnu.build-id .note.ABI-tag
GNU_EH_FRAME	0xbbd8	0x40bbd8	0x40bbd8	0x2d4	0x2d4	4.7150	0x4	R	0x4		.eh_frame_hdr
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x10
GNU_RELRO	0xdde8	0x40ede8	0x40ede8	0x218	0x218	1.5826	0x4	R	0x1		.init_array .fini_array .dynamic .got

Dynamic Tags

Type	Meta	Value	Tag
DT_NEEDED	sharedlib	libdl.so.2	0x1
DT_NEEDED	sharedlib	libz.so.1	0x1
DT_NEEDED	sharedlib	libpthread.so.0	0x1
DT_NEEDED	sharedlib	libc.so.6	0x1
DT_INIT	value	0x402000	0xc
DT_FINI	value	0x4086b4	0xd
DT_INIT_ARRAY	value	0x40ede8	0x19
DT_INIT_ARRAYSZ	bytes	8	0x1b
DT_FINI_ARRAY	value	0x40edf0	0x1a
DT_FINI_ARRAYSZ	bytes	8	0x1c
DT_GNU_HASH	value	0x400308	0x6ffffef5
DT_STRTAB	value	0x400a68	0x5
DT_SYMTAB	value	0x400330	0x6
DT_STRSZ	bytes	741	0xa
DT_SYMENT	bytes	24	0xb
DT_DEBUG	value	0x0	0x15
DT_PLTGOT	value	0x40f000	0x3
DT_PLTRELSZ	bytes	1776	0x2
DT_PLTREL	pltrel	DT_RELA	0x14
DT_JMPREL	value	0x400ee0	0x17
DT_RELA	value	0x400e98	0x7
DT_RELASZ	bytes	72	0x8
DT_RELAENT	bytes	24	0x9
DT_VERNEED	value	0x400de8	0x6ffffffe
DT_VERNEEDNUM	value	3	0x6fffffff
DT_VERSYM	value	0x400d4e	0x6ffffff0
DT_NULL	value	0x0	0x0

Symbols

Name	Version Info Name	Version Info File Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
			.dynsym	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__errno_location	GLIBC_2.2.5	libpthread.so.0	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__fread_chk	GLIBC_2.7	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__gmon_start__			.dynsym	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__isoc99_sscanf	GLIBC_2.7	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__libc_start_main	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__lxstat	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__realpath_chk	GLIBC_2.4	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__snprintf_chk	GLIBC_2.3.4	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__strdup	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__vsnprintf_chk	GLIBC_2.3.4	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__xpg_basename	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__xstat	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
calloc	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
clearerr	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
closedir	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
dirname	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
dlclose	GLIBC_2.2.5	libdl.so.2	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
dlerror	GLIBC_2.2.5	libdl.so.2	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
dlopen	GLIBC_2.2.5	libdl.so.2	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
dlsym	GLIBC_2.2.5	libdl.so.2	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
execvp	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
exit	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fchmod	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fclose	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
feof	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
ferror	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fflush	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fileno	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fopen	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fork	GLIBC_2.2.5	libpthread.so.0	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fputs	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fread	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
free	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fseeko	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
ftello	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
fwrite	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
getenv	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
getpid	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
inflate			.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
inflateEnd			.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
inflateInit_			.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
kill	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
malloc	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
mbstowcs	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
memcmp	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
memcpy	GLIBC_2.14	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
mkdir	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
mkdtemp	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
opendir	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
prctl	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
raise	GLIBC_2.2.5	libpthread.so.0	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
readdir	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
readlink	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
realloc	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
realpath	GLIBC_2.3	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
rmdir	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
setenv	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
signal	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
snprintf	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
stderr	GLIBC_2.2.5	libc.so.6	.dynsym	0x40f288	8	OBJECT	<unknown>	DEFAULT	24
stdout	GLIBC_2.2.5	libc.so.6	.dynsym	0x40f280	8	OBJECT	<unknown>	DEFAULT	24
strchr	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strcmp	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strcpy	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strerror	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strlen	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strncat	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strncmp	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strncpy	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strtok	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
strtoul	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
symlink	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
unlink	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
unsetenv	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
waitpid	GLIBC_2.2.5	libpthread.so.0	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
wcsdup	GLIBC_2.2.5	libc.so.6	.dynsym	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 17:48:53.888273001 CEST	42836	443	192.168.2.23	91.189.91.43
Sep 27, 2024 17:48:55.424067020 CEST	42516	80	192.168.2.23	109.202.202.202
Sep 27, 2024 17:49:09.246304035 CEST	43928	443	192.168.2.23	91.189.91.42
Sep 27, 2024 17:49:19.484709024 CEST	42836	443	192.168.2.23	91.189.91.43
Sep 27, 2024 17:49:25.628014088 CEST	42516	80	192.168.2.23	109.202.202.202
Sep 27, 2024 17:49:50.200467110 CEST	43928	443	192.168.2.23	91.189.91.42
Sep 27, 2024 17:50:10.681525946 CEST	42836	443	192.168.2.23	91.189.91.43

System Behavior

Analysis Process: dash PID: 6199, Parent PID: 4333

General

Start time (UTC):	15:48:39
Start date (UTC):	27/09/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6199, Parent PID: 4333

General

Start time (UTC):	15:48:39
Start date (UTC):	27/09/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.9Q77JLay1z /tmp/tmp.M1BKrdKBH5 /tmp/tmp.qgT6A2WxQj
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6200, Parent PID: 4333

General

Start time (UTC):	15:48:39
Start date (UTC):	27/09/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6200, Parent PID: 4333

General

Start time (UTC):	15:48:39
Start date (UTC):	27/09/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.9Q77JLay1z /tmp/tmp.M1BKrdKBH5 /tmp/tmp.qgT6A2WxQj
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: flow.elf PID: 6229, Parent PID: 6124

General

Start time (UTC):	15:48:49
Start date (UTC):	27/09/2024
Path:	/tmp/flow.elf
Arguments:	/tmp/flow.elf
File size:	9325680 bytes
MD5 hash:	3f110a26621193c8e1a7c8f58231ad3f

Chronological Activities

Analysis Process: flow.elf PID: 6234, Parent PID: 6229

General

Start time (UTC):	15:48:55
Start date (UTC):	27/09/2024
Path:	/tmp/flow.elf
Arguments:	-
File size:	9325680 bytes
MD5 hash:	3f110a26621193c8e1a7c8f58231ad3f

Chronological Activities

Analysis Process: flow.elf PID: 6234, Parent PID: 6229

General

Start time (UTC):	15:48:55
Start date (UTC):	27/09/2024
Path:	/tmp/flow.elf
Arguments:	/tmp/flow.elf
File size:	9325680 bytes
MD5 hash:	3f110a26621193c8e1a7c8f58231ad3f

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report flow.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/_MEIx67uLe/_cffi_backend.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/bcrypt/_bcrypt.abi3.so

/tmp/_MEIx67uLe/cryptography/hazmat/bindings/_openssl.abi3.so

/tmp/_MEIx67uLe/lib-dynload/_bz2.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_codecs_cn.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_codecs_hk.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_codecs_iso2022.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_codecs_jp.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_codecs_kr.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_codecs_tw.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_contextvars.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_ctypes.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_decimal.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_hashlib.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_json.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_lzma.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_multibytecodec.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_multiprocessing.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_opcode.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_posixshmem.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_queue.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_ssl.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/_uuid.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/mmap.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/readline.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/resource.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/lib-dynload/termios.cpython-310-x86_64-linux-gnu.so

/tmp/_MEIx67uLe/libbz2.so.1.0

/tmp/_MEIx67uLe/libcrypto.so.3

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Linux Analysis Report
flow.elf