Linux Analysis Report
arm7.elf

Overview

General Information

Sample name:	arm7.elf
Analysis ID:	1529366
MD5:	d7be90ea6766445e051346593f8bf10e
SHA1:	c8ffc5f57eb1b5ef39c5d4cb27520765edbcffba
SHA256:	c34d78534c9998ef1b6fce23ee18032de5ec38b9e647ae2ac604a98d6d00f579
Tags:	botnetelfMioriuser-NDA0E
Infos:

Detection

Miori

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Miori

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: arm7.elf

ReversingLabs: Detection: 36%

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33116 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33114 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33146 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33142 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33128 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33124 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33110 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33136 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33122 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33126 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33148 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33138 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33202 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33196 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33134 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33216 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33232 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33318 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33324 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33346 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33358 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33378 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33156 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33176 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33212 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33252 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33278 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33300 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33376 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33158 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33150 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33118 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33160 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33130 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33186 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33166 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33184 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33204 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33188 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33226 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33132 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33222 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33190 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33234 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33172 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33286 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33182 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33284 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33294 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33180 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33328 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33220 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33302 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33108 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33140 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33144 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33152 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33312 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33372 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33112 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33228 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33334 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33164 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33236 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33218 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33264 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33266 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33276 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33280 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33244 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33254 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33272 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33310 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33120 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33368 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33352 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33290 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33316 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33262 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33170 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33174 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33360 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33288 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33200 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33364 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33178 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33274 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33154 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33210 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33340 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33194 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33162 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33214 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33354 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33248 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33224 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33298 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33250 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33296 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33192 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33246 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33348 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33338 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33342 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33260 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33198 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33374 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33256 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33332 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33258 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33384 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33306 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33270 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33268 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33370 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33330 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33308 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33322 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33314 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33208 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33320 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33282 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33336 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33238 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33344 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33242 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33350 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33326 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33304 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33382 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33356 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33362 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33380 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33168 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33206 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33230 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33240 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33292 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33366 -> 209.200.246.150:10019

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.13:33108 -> 209.200.246.150:10019

Sample listens on a socket

Source: /tmp/arm7.elf (PID: 5436)

Socket: 127.0.0.1:12121

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: arm7.elf	String found in binary or memory: https://bugs.launchpad.net/ubuntu/
Source: arm7.elf	String found in binary or memory: https://root_senpai.selly.store/

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.linELF@0/0@2/0

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/arm7.elf (PID: 5436)

Queries kernel information via 'uname':

Jump to behavior

Source: arm7.elf, 5436.1.000055c101a21000.000055c101b70000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: arm7.elf, 5436.1.000055c101a21000.000055c101b70000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm7.elf, 5436.1.00007fff49ca4000.00007fff49cc5000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: arm7.elf, 5436.1.00007fff49ca4000.00007fff49cc5000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7.elf

Stealing of Sensitive Information

Yara detected Miori

Source: Yara match	File source: arm7.elf, type: SAMPLE
Source: Yara match	File source: 5436.1.00007f5c2401f000.00007f5c2408e000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Miori

Source: Yara match	File source: arm7.elf, type: SAMPLE
Source: Yara match	File source: 5436.1.00007f5c2401f000.00007f5c2408e000.r-x.sdmp, type: MEMORY

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
209.200.246.150	unknown	United States		15244	ADDD2NET-INCUS	true

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.25	true

AV Detection

Multi AV Scanner detection for submitted file

Source: arm7.elf

ReversingLabs: Detection: 36%

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33116 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33114 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33146 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33142 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33128 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33124 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33110 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33136 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33122 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33126 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33148 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33138 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33202 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33196 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33134 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33216 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33232 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33318 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33324 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33346 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33358 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33378 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33156 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33176 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33212 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33252 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33278 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33300 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33376 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33158 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33150 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33118 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33160 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33130 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33186 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33166 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33184 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33204 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33188 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33226 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33132 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33222 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33190 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33234 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33172 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33286 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33182 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33284 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33294 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33180 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33328 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33220 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33302 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33108 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33140 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33144 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33152 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33312 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33372 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33112 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33228 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33334 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33164 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33236 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33218 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33264 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33266 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33276 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33280 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33244 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33254 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33272 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33310 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33120 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33368 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33352 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33290 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33316 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33262 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33170 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33174 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33360 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33288 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33200 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33364 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33178 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33274 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33154 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33210 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33340 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33194 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33162 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33214 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33354 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33248 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33224 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33298 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33250 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33296 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33192 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33246 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33348 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33338 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33342 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33260 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33198 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33374 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33256 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33332 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33258 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33384 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33306 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33270 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33268 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33370 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33330 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33308 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33322 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33314 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33208 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33320 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33282 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33336 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33238 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33344 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33242 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33350 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33326 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33304 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33382 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33356 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33362 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33380 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33168 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33206 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33230 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33240 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33292 -> 209.200.246.150:10019
Source: Network traffic	Suricata IDS: 2836615 - Severity 1 - ETPRO MALWARE ELF/Miori Variant CnC Activity : 192.168.2.13:33366 -> 209.200.246.150:10019

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.13:33108 -> 209.200.246.150:10019

Sample listens on a socket

Source: /tmp/arm7.elf (PID: 5436)

Socket: 127.0.0.1:12121

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150
Source: unknown	TCP traffic detected without corresponding DNS query: 209.200.246.150

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: arm7.elf	String found in binary or memory: https://bugs.launchpad.net/ubuntu/
Source: arm7.elf	String found in binary or memory: https://root_senpai.selly.store/

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.linELF@0/0@2/0

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/arm7.elf (PID: 5436)

Queries kernel information via 'uname':

Jump to behavior

Source: arm7.elf, 5436.1.000055c101a21000.000055c101b70000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: arm7.elf, 5436.1.000055c101a21000.000055c101b70000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm7.elf, 5436.1.00007fff49ca4000.00007fff49cc5000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: arm7.elf, 5436.1.00007fff49ca4000.00007fff49cc5000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7.elf

Stealing of Sensitive Information

Yara detected Miori

Source: Yara match	File source: arm7.elf, type: SAMPLE
Source: Yara match	File source: 5436.1.00007f5c2401f000.00007f5c2408e000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Miori

Source: Yara match	File source: arm7.elf, type: SAMPLE
Source: Yara match	File source: 5436.1.00007f5c2401f000.00007f5c2408e000.r-x.sdmp, type: MEMORY

ID:	1529366
Product:	CloudBasic
Start time:	22:43:09
Start date:	08.10.2024
Sample:	arm7.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	d7be90ea6766445e051346593f8bf10e
SHA1:	c8ffc5f57eb1b5ef39c5d4cb27520765edbcffba
SHA256:	c34d78534c9998ef1b6fce23ee18032de5ec38b9e647ae2ac604a98d6d00f579
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
arm7.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report arm7.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
arm7.elf