Sample name: | na.elf |
Analysis ID: | 1532529 |
MD5: | 23f684775cd0ec77dbac5d3b06eaa2a3 |
SHA1: | 1c5dc968afd80b8641c7184a2ff5ab7072de33a7 |
SHA256: | bb7b5ef114c9ab567852caa806c03672cac7aa3ef1c855609cba74c1b5d77957 |
Tags: | elfuser-abuse_ch |
Infos: |
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
AV Detection |
---|
Source: |
ReversingLabs: |
Source: |
String: |
||
Source: |
String: |
Networking |
---|
Source: |
TCP traffic: |
Source: |
TCP traffic: |
Source: |
Socket: |
Jump to behavior |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
Source: |
DNS traffic detected: |
Source: |
.symtab present: |
Source: |
SIGKILL sent: |
Jump to behavior |
Source: |
Classification label: |
Data Obfuscation |
---|
Source: |
File: |
Jump to behavior |
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior | ||
Source: |
Directory: |
Jump to behavior |
Source: |
Systemctl executable: |
Jump to behavior |
Source: |
Reads version info: |
Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: |
Log files deleted: |
Jump to behavior |
Source: |
Queries kernel information via 'uname': |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
No Screenshots
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
116.203.104.203 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
38.60.249.66 | unknown | United States | 174 | COGENT-174US | true |
Name | IP | Active |
---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true |