Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1541007
MD5:	1de15e8941d7be6669ec6f38ad062821
SHA1:	c856225ea854cf8de85a6592ce22f0b563a5b36a
SHA256:	ab30554ffc407898d5dc5ef34ee30f75815520f62dd0e8a9596d889add4ba0e0
Tags:	elfMiraiuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541007
Start date and time:	2024-10-24 11:26:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	na.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@0/0

Warnings

VT rate limit hit for: na.elf

Runtime Messages

Command:	/tmp/na.elf
PID:	5432
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	DaddyL33T Infected Your Shit
Standard Error:

Process Tree

system is lnxubuntu20

na.elf (PID: 5432, Parent: 5354, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/na.elf

na.elf New Fork (PID: 5434, Parent: 5432)

na.elf New Fork (PID: 5435, Parent: 5432)

na.elf New Fork (PID: 5438, Parent: 5435)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: na.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: na.elf

ReversingLabs: Detection: 71%

Source: global traffic

TCP traffic: 192.168.2.13:54668 -> 194.110.247.19:666

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Source: /tmp/na.elf (PID: 5432)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5432.1.00007ffe589b6000.00007ffe589d7000.rw-.sdmp, na.elf, 5434.1.00007ffe589b6000.00007ffe589d7000.rw-.sdmp, na.elf, 5438.1.00007ffe589b6000.00007ffe589d7000.rw-.sdmp	Binary or memory string: _3rrx86_64/usr/bin/qemu-m68k/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5432.1.0000559835f89000.000055983600e000.rw-.sdmp, na.elf, 5434.1.0000559835f89000.000055983600e000.rw-.sdmp, na.elf, 5438.1.0000559835f89000.000055983600e000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: na.elf, 5432.1.00007ffe589b6000.00007ffe589d7000.rw-.sdmp, na.elf, 5434.1.00007ffe589b6000.00007ffe589d7000.rw-.sdmp, na.elf, 5438.1.00007ffe589b6000.00007ffe589d7000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: na.elf, 5432.1.0000559835f89000.000055983600e000.rw-.sdmp, na.elf, 5434.1.0000559835f89000.000055983600e000.rw-.sdmp, na.elf, 5438.1.0000559835f89000.000055983600e000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
na.elf	71%	ReversingLabs	Linux.Trojan.Mirai
na.elf	100%	Avira	EXP/ELF.Mirai.T

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.110.247.19	unknown	unknown		41108	FIRSTROOT-ASDE	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
194.110.247.19	na.elf	Get hash	malicious	Unknown	Browse
	3kloOVp5iW.elf	Get hash	malicious	Unknown	Browse
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FIRSTROOT-ASDE	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	3kloOVp5iW.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Mirai	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	yakuza.arm4.elf	Get hash	malicious	Unknown	Browse	194.110.247.46
	yakuza.arm7.elf	Get hash	malicious	Unknown	Browse	194.110.247.46

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.194332852496206
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	na.elf
File size:	52'104 bytes
MD5:	1de15e8941d7be6669ec6f38ad062821
SHA1:	c856225ea854cf8de85a6592ce22f0b563a5b36a
SHA256:	ab30554ffc407898d5dc5ef34ee30f75815520f62dd0e8a9596d889add4ba0e0
SHA512:	4069ace3f78671130a1339ad47f38e60fae00f911c5500888531e56817e6fc8f54756e6426954603084c2133fe128f2b6d88be4c22404a10a3957c51edb81fe4
SSDEEP:	768:yXeSPIm8y065SZ5I/NtUk1bRnkn8xK8XATBPBRk2FWK0suIe:iX856525I/LUSk8xK8XOPBR/FWse
TLSH:	4B333CAAF4121E2EF98FF5BF5C254E08EE61231161430F1A57ABFDD35C322685E42D62
File Content Preview:	.ELF.......................D...4.........4. ...(.................................. ....................$.......... .dt.Q............................NV..a....da....tN^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	51704
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0xb79e	0x0	0x6	AX	4
.fini	PROGBITS	0x8000b846	0xb846	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x8000b854	0xb854	0xf3c	0x0	0x2	A	2
.ctors	PROGBITS	0x8000e794	0xc794	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x8000e79c	0xc79c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x8000e7a8	0xc7a8	0x210	0x0	0x3	WA	4
.bss	NOBITS	0x8000e9b8	0xc9b8	0x1ec	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xc9b8	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0xc790	0xc790	6.2318	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0xc794	0x8000e794	0x8000e794	0x224	0x410	2.9517	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 11:27:06.225541115 CEST	54668	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:06.230998993 CEST	666	54668	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:06.231062889 CEST	54668	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:06.258374929 CEST	54668	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:06.264213085 CEST	666	54668	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:06.264257908 CEST	54668	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:06.270478010 CEST	666	54668	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:14.716264009 CEST	666	54668	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:14.716886044 CEST	54668	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:14.722240925 CEST	666	54668	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:15.720309973 CEST	54670	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:15.725790024 CEST	666	54670	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:15.725887060 CEST	54670	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:15.726955891 CEST	54670	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:15.732284069 CEST	666	54670	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:15.732352018 CEST	54670	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:15.737715960 CEST	666	54670	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:24.207530975 CEST	666	54670	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:24.207868099 CEST	54670	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:24.213320971 CEST	666	54670	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:25.211962938 CEST	54672	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:25.217294931 CEST	666	54672	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:25.217416048 CEST	54672	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:25.218899012 CEST	54672	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:25.224293947 CEST	666	54672	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:25.224353075 CEST	54672	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:25.229710102 CEST	666	54672	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:33.708682060 CEST	666	54672	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:33.709053040 CEST	54672	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:33.714565992 CEST	666	54672	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:34.711803913 CEST	54674	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:34.717417002 CEST	666	54674	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:34.717541933 CEST	54674	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:34.718534946 CEST	54674	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:34.724042892 CEST	666	54674	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:34.724107981 CEST	54674	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:34.729532003 CEST	666	54674	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:43.202554941 CEST	666	54674	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:43.202780962 CEST	54674	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:43.208230019 CEST	666	54674	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:44.205162048 CEST	54676	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:44.210689068 CEST	666	54676	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:44.210760117 CEST	54676	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:44.211944103 CEST	54676	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:44.217255116 CEST	666	54676	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:44.217324972 CEST	54676	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:44.223119020 CEST	666	54676	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:52.687954903 CEST	666	54676	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:52.688152075 CEST	54676	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:52.694333076 CEST	666	54676	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:53.689621925 CEST	54678	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:53.695152044 CEST	666	54678	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:53.695239067 CEST	54678	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:53.695939064 CEST	54678	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:53.701351881 CEST	666	54678	194.110.247.19	192.168.2.13
Oct 24, 2024 11:27:53.701478004 CEST	54678	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:27:53.707560062 CEST	666	54678	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:02.362677097 CEST	666	54678	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:02.363023043 CEST	54678	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:02.368484974 CEST	666	54678	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:03.365370035 CEST	54680	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:03.370842934 CEST	666	54680	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:03.370937109 CEST	54680	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:03.371954918 CEST	54680	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:03.377273083 CEST	666	54680	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:03.377331972 CEST	54680	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:03.382813931 CEST	666	54680	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:11.868180990 CEST	666	54680	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:11.868736982 CEST	54680	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:11.874341965 CEST	666	54680	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:12.872755051 CEST	54682	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:12.878210068 CEST	666	54682	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:12.878345966 CEST	54682	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:12.879826069 CEST	54682	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:12.885659933 CEST	666	54682	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:12.885729074 CEST	54682	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:12.892209053 CEST	666	54682	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:21.355068922 CEST	666	54682	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:21.355478048 CEST	54682	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:21.361561060 CEST	666	54682	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:22.358402967 CEST	54684	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:22.363976002 CEST	666	54684	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:22.364272118 CEST	54684	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:22.365878105 CEST	54684	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:22.371411085 CEST	666	54684	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:22.371756077 CEST	54684	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:22.377655029 CEST	666	54684	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:30.993419886 CEST	666	54684	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:30.993880033 CEST	54684	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:30.999397993 CEST	666	54684	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:31.997241974 CEST	54686	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:32.003552914 CEST	666	54686	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:32.003628969 CEST	54686	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:32.006077051 CEST	54686	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:32.011569023 CEST	666	54686	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:32.011636972 CEST	54686	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:32.017157078 CEST	666	54686	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:40.482758045 CEST	666	54686	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:40.483221054 CEST	54686	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:40.488867998 CEST	666	54686	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:41.488188982 CEST	54688	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:41.493824959 CEST	666	54688	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:41.493904114 CEST	54688	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:41.497935057 CEST	54688	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:41.503285885 CEST	666	54688	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:41.503345966 CEST	54688	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:41.508780003 CEST	666	54688	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:49.984231949 CEST	666	54688	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:49.984608889 CEST	54688	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:49.990232944 CEST	666	54688	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:50.987864971 CEST	54690	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:50.993355989 CEST	666	54690	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:50.993515015 CEST	54690	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:50.994911909 CEST	54690	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:51.001449108 CEST	666	54690	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:51.001545906 CEST	54690	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:51.007049084 CEST	666	54690	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:59.478951931 CEST	666	54690	194.110.247.19	192.168.2.13
Oct 24, 2024 11:28:59.479258060 CEST	54690	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:28:59.484694004 CEST	666	54690	194.110.247.19	192.168.2.13
Oct 24, 2024 11:29:00.481836081 CEST	54692	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:00.487428904 CEST	666	54692	194.110.247.19	192.168.2.13
Oct 24, 2024 11:29:00.487550020 CEST	54692	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:00.489139080 CEST	54692	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:00.494509935 CEST	666	54692	194.110.247.19	192.168.2.13
Oct 24, 2024 11:29:00.494585037 CEST	54692	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:00.499948025 CEST	666	54692	194.110.247.19	192.168.2.13
Oct 24, 2024 11:29:08.969337940 CEST	666	54692	194.110.247.19	192.168.2.13
Oct 24, 2024 11:29:08.969834089 CEST	54692	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:08.975579023 CEST	666	54692	194.110.247.19	192.168.2.13
Oct 24, 2024 11:29:09.975011110 CEST	54694	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:09.980874062 CEST	666	54694	194.110.247.19	192.168.2.13
Oct 24, 2024 11:29:09.980964899 CEST	54694	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:09.983122110 CEST	54694	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:09.989449978 CEST	666	54694	194.110.247.19	192.168.2.13
Oct 24, 2024 11:29:09.989824057 CEST	54694	666	192.168.2.13	194.110.247.19
Oct 24, 2024 11:29:09.996365070 CEST	666	54694	194.110.247.19	192.168.2.13

System Behavior

Analysis Process: na.elf PID: 5432, Parent PID: 5354

General

Start time (UTC):	09:27:04
Start date (UTC):	24/10/2024
Path:	/tmp/na.elf
Arguments:	/tmp/na.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: na.elf PID: 5434, Parent PID: 5432

General

Start time (UTC):	09:27:04
Start date (UTC):	24/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: na.elf PID: 5435, Parent PID: 5432

General

Start time (UTC):	09:27:04
Start date (UTC):	24/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: na.elf PID: 5438, Parent PID: 5435

General

Start time (UTC):	09:27:04
Start date (UTC):	24/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: na.elf PID: 5432, Parent PID: 5354

General

Chronological Activities

Analysis Process: na.elf PID: 5434, Parent PID: 5432

General

Chronological Activities

Analysis Process: na.elf PID: 5435, Parent PID: 5432

General

Chronological Activities

Analysis Process: na.elf PID: 5438, Parent PID: 5435

General

Chronological Activities

Linux Analysis Report
na.elf