Source: /tmp/na.elf (PID: 5703) |
Opens: /sys/class/net/ |
Jump to behavior |
Source: /tmp/na.elf (PID: 5703) |
Opens: /sys/class/net/lo/address |
Jump to behavior |
Source: /tmp/na.elf (PID: 5703) |
Opens: /sys/class/net/ens160/address |
Jump to behavior |
Source: /tmp/na.elf (PID: 5703) |
Opens: /sys/class/net/ens160/flags |
Jump to behavior |
Source: /tmp/na.elf (PID: 5703) |
Opens: /sys/class/net/ens160/carrier |
Jump to behavior |
Source: global traffic |
TCP traffic: 192.168.2.13:47052 -> 5.230.228.46:554 |
Source: global traffic |
TCP traffic: 192.168.2.13:60912 -> 5.230.122.82:3724 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.228.46 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.228.46 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.228.46 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.228.46 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.122.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.122.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.122.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.122.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.122.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.122.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.228.46 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.230.122.82 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 172.217.192.127 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.252.191.197 |
Source: global traffic |
DNS traffic detected: DNS query: iranistrash.libre |
Source: ELF static info symbol of initial sample |
.symtab present: no |
Source: classification engine |
Classification label: mal52.spyw.evad.linELF@0/0@1/0 |
Source: /usr/lib/snapd/snap-failure (PID: 5753) |
Systemctl executable: /usr/bin/systemctl -> systemctl stop snapd.socket |
Jump to behavior |
Source: /usr/lib/snapd/snap-failure (PID: 5740) |
Reads version info: /proc/version |
Jump to behavior |
Source: /tmp/na.elf (PID: 5698) |
File: /tmp/na.elf |
Jump to behavior |
Source: /tmp/na.elf (PID: 5698) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: /tmp/na.elf (PID: 5703) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: na.elf, 5698.1.00005592e25d5000.00005592e263a000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/sparc |
Source: na.elf, 5698.1.00005592e25d5000.00005592e263a000.rw-.sdmp |
Binary or memory string: U!/etc/qemu-binfmt/sparc |
Source: na.elf, 5698.1.00007ffc62ad4000.00007ffc62af5000.rw-.sdmp |
Binary or memory string: $x86_64/usr/bin/qemu-sparc/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf |
Source: na.elf, 5698.1.00007ffc62ad4000.00007ffc62af5000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-sparc |
Source: Traffic |
DNS traffic detected: queries for: iranistrash.libre |