| Source: na.elf |
Virustotal: Detection: 21% |
Perma Link |
| Source: global traffic |
TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443 |
| Source: global traffic |
TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443 |
| Source: global traffic |
TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
| Source: unknown |
Network traffic detected: HTTP traffic on port 43928 -> 443 |
| Source: unknown |
Network traffic detected: HTTP traffic on port 42836 -> 443 |
| Source: Initial sample |
Potential command found: ssh server is locked, please try again %dmin after !!! |
| Source: Initial sample |
Potential command found: X11 forwarding |
| Source: Initial sample |
Potential command found: X11 forwarding disabled in user configuration file. |
| Source: Initial sample |
Potential command found: X11 forwarding disabled in server configuration file. |
| Source: Initial sample |
Potential command found: X11 display already set. |
| Source: Initial sample |
Potential command found: X11 connection requested. |
| Source: Initial sample |
Potential command found: X11 connection from %.200s port %d |
| Source: Initial sample |
Potential command found: X11 connection rejected because of wrong authentication. |
| Source: Initial sample |
Potential command found: X11 rejected %d i%d/o%d |
| Source: Initial sample |
Potential command found: X11 closed %d i%d/o%d |
| Source: Initial sample |
Potential command found: X11 inet listener |
| Source: Initial sample |
Potential command found: X11 connection uses different authentication protocol. |
| Source: Initial sample |
Potential command found: X11 auth data does not match fake data. |
| Source: Initial sample |
Potential command found: X11 fake_data_len %d != saved_data_len %d |
| Source: classification engine |
Classification label: mal48.linELF@0/0@0/0 |
| Source: /usr/bin/dash (PID: 6223) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.woJkVAa1Z6 /tmp/tmp.PjOycGhfr2 /tmp/tmp.tNpryRPH7p |
Jump to behavior |
| Source: /usr/bin/dash (PID: 6224) |
Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.woJkVAa1Z6 /tmp/tmp.PjOycGhfr2 /tmp/tmp.tNpryRPH7p |
Jump to behavior |
| Source: /tmp/na.elf (PID: 6252) |
Queries kernel information via 'uname': |
Jump to behavior |
| Source: na.elf, 6252.1.00007ffe1cb02000.00007ffe1cb23000.rw-.sdmp |
Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf |
| Source: na.elf, 6252.1.0000556efe720000.0000556efe82c000.rw-.sdmp |
Binary or memory string: nU!/etc/qemu-binfmt/arm |
| Source: na.elf, 6252.1.0000556efe720000.0000556efe82c000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/arm |
| Source: na.elf, 6252.1.00007ffe1cb02000.00007ffe1cb23000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-arm |
| Source: na.elf, 6252.1.0000556efe720000.0000556efe82c000.rw-.sdmp |
Binary or memory string: rg.qemu.gdb.arm.sys.regs"> |
| Source: na.elf, 6252.1.0000556efe720000.0000556efe82c000.rw-.sdmp |
Binary or memory string: nUrg.qemu.gdb.arm.sys.regs"> |
