Sample name: | eWOLEi2hJg.elfrenamed because original name is a hash value |
Original sample name: | d75994684d5bc04028dca45e93e58f716e06f69f173cf4ab47f9c68d5436a247.elf |
Analysis ID: | 1520719 |
MD5: | 428a5618b90e0d98b96205ce2b40bf14 |
SHA1: | a14953444955b6049d402bb5445d25a9ea794c9a |
SHA256: | d75994684d5bc04028dca45e93e58f716e06f69f173cf4ab47f9c68d5436a247 |
Tags: | 45-124-64-27elfuser-JAMESWT_MHT |
Infos: |
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
ConnectBack | ConnectBack malware is a type of malicious software designed to establish unauthorized connections from an infected system to a remote server. Once a victim's device is compromised, ConnectBack creates a covert channel for communication, allowing the attacker to remotely control and gather sensitive information from the compromised system. | No Attribution |
|
AV Detection |
---|
Source: |
Malware Configuration Extractor: |
Source: |
ReversingLabs: |
Source: |
Joe Sandbox ML: |
Networking |
---|
Source: |
TCP traffic: |
Source: |
TCP traffic: |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
Source: |
DNS traffic detected: |
Source: |
Program segment: |
Source: |
Classification label: |
Stealing of Sensitive Information |
---|
Source: |
File source: |
Remote Access Functionality |
---|
Source: |
File source: |
No Screenshots
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.124.64.27 | unknown | Hong Kong | 36351 | SOFTLAYERUS | true |
Name | IP | Active |
---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true |