Sample name: | na.elf |
Analysis ID: | 1527370 |
MD5: | 01fe3ad934fa66a72120acfb88bad44c |
SHA1: | 93514ae76cc5ac7b2c5fb77ef74f8b9b48ee8724 |
SHA256: | ab20b8c733d2f1a34b837a37800b2bbcd48c80243f3cf1795bda8245c18ad6fb |
Tags: | elfuser-abuse_ch |
Infos: |
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
AV Detection |
---|
Source: |
Joe Sandbox ML: |
Source: |
TCP traffic: |
Source: |
Reads hosts file: |
Jump to behavior |
Source: |
TCP traffic: |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
Source: |
DNS traffic detected: |
||
Source: |
DNS traffic detected: |
Source: |
String found in binary or memory: |
Source: |
Network traffic detected: |
Source: |
Program segment: |
Source: |
Classification label: |
Data Obfuscation |
---|
Source: |
String containing UPX found: |
||
Source: |
String containing UPX found: |
||
Source: |
String containing UPX found: |
Source: |
Stderr: 2024/10/06 16:03:44 Forking2024/10/06 16:03:45 Connecting to ssh.updategoogle.cc:32322024/10/06 16:03:48 Successfully
connnected ssh.updategoogle.cc:32322024/10/06 16:03:48 [client] INFO ??:1 Its_ubl() : Handling channel: jump2024/10/06 16:03:51
[103.212.49.88:3232] INFO ??:1 () : New SSH connection, version SSH-2.0-paramiko_3.0.02024/10/06 16:03:52 [103.212.49.88:3232]
INFO ??:1 Its_ubl() : Handling channel: session2024/10/06 16:03:53 [103.212.49.88:3232] INFO ??:1 Its_ubl() : Handling channel:
session2024/10/06 16:03:53 [103.212.49.88:3232] INFO ??:1 DIEtEm() : Session got request: "exec"2024/10/06 16:03:54 [103.212.49.88:3232]
INFO ??:3 DIEtEm() : Session disconnected2024/10/06 16:03:54 [103.212.49.88:3232] INFO ??:6 DIEtEm() : Session disconnected2024/10/06
16:03:54 [client] ERROR ??:1 () : Channel call back error: connection terminated: |
Source: |
Submission file: |
Source: |
Queries kernel information via 'uname': |
Jump to behavior |
No Screenshots
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
103.212.49.88 | ssh.updategoogle.cc | China | 55933 | CLOUDIE-AS-APCloudieLimitedHK | false |
Name | IP | Active |
---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true |
ssh.updategoogle.cc | 103.212.49.88 | true |