Sample name: | RQG7u9IH4a.elfrenamed because original name is a hash value |
Original sample name: | e09f6bd400ba7ce4232be37e75338cb7086feff5be9d29e40014cff4b2d7e4d4.elf |
Analysis ID: | 1520718 |
MD5: | d06e8b6af389d64a19ffaafe99642500 |
SHA1: | 19738f5b9909c32e02c55aae6f9e45f82707ee81 |
SHA256: | e09f6bd400ba7ce4232be37e75338cb7086feff5be9d29e40014cff4b2d7e4d4 |
Tags: | 45-124-64-27elfuser-JAMESWT_MHT |
Infos: |
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
ConnectBack | ConnectBack malware is a type of malicious software designed to establish unauthorized connections from an infected system to a remote server. Once a victim's device is compromised, ConnectBack creates a covert channel for communication, allowing the attacker to remotely control and gather sensitive information from the compromised system. | No Attribution |
|
AV Detection |
---|
Source: |
Malware Configuration Extractor: |
Source: |
ReversingLabs: |
Source: |
Joe Sandbox ML: |
Networking |
---|
Source: |
TCP traffic: |
Source: |
TCP traffic: |
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
Source: |
.symtab present: |
Source: |
Classification label: |
Source: |
Submission: |
Source: |
File written: |
Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: |
File: |
Jump to behavior |
Source: |
Executable: |
Jump to behavior |
Malware Analysis System Evasion |
---|
Source: |
Executable: |
Jump to behavior |
Stealing of Sensitive Information |
---|
Source: |
File source: |
Remote Access Functionality |
---|
Source: |
File source: |
No Screenshots
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.124.64.27 | unknown | Hong Kong | 36351 | SOFTLAYERUS | true | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |