Linux Analysis Report
kkkmpsl.elf

Overview

General Information

Sample name: kkkmpsl.elf
Analysis ID: 1542906
MD5: 681bec148d8b0feaa66b1802e79c1073
SHA1: 23b3c427e3c39b9e9ae781103b2c0134bfdc5bb9
SHA256: 09f162a52a9fb58e5e22e8b1a33ec2429c93d190b78ef2c80e99d1cedad48afc
Tags: elfkkkMiraiuser-NDA0E
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: kkkmpsl.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: kkkmpsl.elf ReversingLabs: Detection: 68%
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.14:56438 -> 5.59.249.232:1337
Source: unknown TCP traffic detected without corresponding DNS query: 5.59.249.232
Source: unknown TCP traffic detected without corresponding DNS query: 5.59.249.232
Source: unknown TCP traffic detected without corresponding DNS query: 46.102.90.166
Source: unknown TCP traffic detected without corresponding DNS query: 90.223.244.142
Source: unknown TCP traffic detected without corresponding DNS query: 250.162.36.160
Source: unknown TCP traffic detected without corresponding DNS query: 68.130.219.38
Source: unknown TCP traffic detected without corresponding DNS query: 147.59.220.134
Source: unknown TCP traffic detected without corresponding DNS query: 4.201.67.214
Source: unknown TCP traffic detected without corresponding DNS query: 149.19.205.225
Source: unknown TCP traffic detected without corresponding DNS query: 36.3.85.183
Source: unknown TCP traffic detected without corresponding DNS query: 111.203.192.237
Source: unknown TCP traffic detected without corresponding DNS query: 176.99.57.163
Source: unknown TCP traffic detected without corresponding DNS query: 249.27.31.116
Source: unknown TCP traffic detected without corresponding DNS query: 208.185.12.240
Source: unknown TCP traffic detected without corresponding DNS query: 100.181.120.1
Source: unknown TCP traffic detected without corresponding DNS query: 40.102.83.141
Source: unknown TCP traffic detected without corresponding DNS query: 113.35.1.169
Source: unknown TCP traffic detected without corresponding DNS query: 133.8.123.248
Source: unknown TCP traffic detected without corresponding DNS query: 169.139.47.2
Source: unknown TCP traffic detected without corresponding DNS query: 63.239.235.216
Source: unknown TCP traffic detected without corresponding DNS query: 201.189.163.63
Source: unknown TCP traffic detected without corresponding DNS query: 200.54.84.107
Source: unknown TCP traffic detected without corresponding DNS query: 2.131.220.18
Source: unknown TCP traffic detected without corresponding DNS query: 174.227.150.194
Source: unknown TCP traffic detected without corresponding DNS query: 126.200.82.112
Source: unknown TCP traffic detected without corresponding DNS query: 221.94.196.26
Source: unknown TCP traffic detected without corresponding DNS query: 243.112.168.129
Source: unknown TCP traffic detected without corresponding DNS query: 212.47.32.23
Source: unknown TCP traffic detected without corresponding DNS query: 105.23.163.82
Source: unknown TCP traffic detected without corresponding DNS query: 154.3.79.42
Source: unknown TCP traffic detected without corresponding DNS query: 87.171.7.227
Source: unknown TCP traffic detected without corresponding DNS query: 204.206.245.85
Source: unknown TCP traffic detected without corresponding DNS query: 77.77.170.135
Source: unknown TCP traffic detected without corresponding DNS query: 164.145.82.247
Source: unknown TCP traffic detected without corresponding DNS query: 83.191.157.18
Source: unknown TCP traffic detected without corresponding DNS query: 69.157.231.147
Source: unknown TCP traffic detected without corresponding DNS query: 39.67.195.56
Source: unknown TCP traffic detected without corresponding DNS query: 75.116.233.170
Source: unknown TCP traffic detected without corresponding DNS query: 119.212.63.217
Source: unknown TCP traffic detected without corresponding DNS query: 54.47.140.204
Source: unknown TCP traffic detected without corresponding DNS query: 2.16.249.15
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.97.12
Source: unknown TCP traffic detected without corresponding DNS query: 169.42.186.58
Source: unknown TCP traffic detected without corresponding DNS query: 208.66.163.243
Source: unknown TCP traffic detected without corresponding DNS query: 20.137.87.18
Source: unknown TCP traffic detected without corresponding DNS query: 35.99.107.132
Source: unknown TCP traffic detected without corresponding DNS query: 186.241.40.169
Source: unknown TCP traffic detected without corresponding DNS query: 208.234.241.121
Source: unknown TCP traffic detected without corresponding DNS query: 149.18.192.24
Source: unknown TCP traffic detected without corresponding DNS query: 126.177.145.251
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal56.linELF@0/0@0/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/kkkmpsl.elf (PID: 5515) Queries kernel information via 'uname': Jump to behavior
Source: kkkmpsl.elf, 5515.1.00005653381f7000.000056533827e000.rw-.sdmp, kkkmpsl.elf, 5517.1.00005653381f7000.000056533827e000.rw-.sdmp, kkkmpsl.elf, 5523.1.00005653381f7000.000056533827e000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mipsel
Source: kkkmpsl.elf, 5515.1.00005653381f7000.000056533827e000.rw-.sdmp, kkkmpsl.elf, 5517.1.00005653381f7000.000056533827e000.rw-.sdmp, kkkmpsl.elf, 5523.1.00005653381f7000.000056533827e000.rw-.sdmp Binary or memory string: 8SV!/etc/qemu-binfmt/mipsel
Source: kkkmpsl.elf, 5515.1.00007ffcee4b0000.00007ffcee4d1000.rw-.sdmp, kkkmpsl.elf, 5517.1.00007ffcee4b0000.00007ffcee4d1000.rw-.sdmp, kkkmpsl.elf, 5523.1.00007ffcee4b0000.00007ffcee4d1000.rw-.sdmp Binary or memory string: b[,x86_64/usr/bin/qemu-mipsel/tmp/kkkmpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/kkkmpsl.elf
Source: kkkmpsl.elf, 5515.1.00007ffcee4b0000.00007ffcee4d1000.rw-.sdmp, kkkmpsl.elf, 5517.1.00007ffcee4b0000.00007ffcee4d1000.rw-.sdmp, kkkmpsl.elf, 5523.1.00007ffcee4b0000.00007ffcee4d1000.rw-.sdmp Binary or memory string: /usr/bin/qemu-mipsel
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
84.121.248.54
 unknown Spain
12357 COMUNITELSPAINES false
205.250.204.195
 unknown Canada
852 ASN852CA false
126.186.212.38
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
117.42.0.53
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
169.38.176.185
 unknown United States
36351 SOFTLAYERUS false
180.11.192.180
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
106.109.196.93
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
75.16.245.162
 unknown United States
7018 ATT-INTERNET4US false
194.238.87.27
 unknown United Kingdom
5503 RMIFLGB false
149.88.45.57
 unknown United States
188 SAIC-ASUS false
36.145.196.213
 unknown China
56044 CMNET-AS-LIAONINGChinaMobilecommunicationscorporationC false
112.97.125.134
 unknown China
17623 CNCGROUP-SZChinaUnicomShenzennetworkCN false
86.242.75.241
 unknown France
3215 FranceTelecom-OrangeFR false
149.140.136.108
 unknown Turkey
8386 KOCNETTR false
34.73.153.102
 unknown United States
15169 GOOGLEUS false
103.69.11.56
 unknown India
58898 RAINBOWISP-ASRainbowcommunicationsIndiaPvtLtdIN false
87.22.22.80
 unknown Italy
3269 ASN-IBSNAZIT false
88.40.154.154
 unknown Italy
3269 ASN-IBSNAZIT false
102.238.210.229
 unknown unknown
36926 CKL1-ASNKE false
115.25.128.121
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
97.220.107.82
 unknown United States
6167 CELLCO-PARTUS false
249.158.5.55
 unknown Reserved
unknown unknown false
187.167.167.102
 unknown Mexico
6503 AxtelSABdeCVMX false
123.185.37.179
 unknown China
134762 CHINANET-LIAONING-DALIAN-MANCHINANETLiaoningprovinceDali false
155.102.33.140
 unknown United States
17055 UTAHUS false
173.97.246.46
 unknown United States
1239 SPRINTLINKUS false
175.65.182.135
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
152.165.190.214
 unknown Japan 2527 SO-NETSo-netEntertainmentCorporationJP false
221.154.155.186
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
199.19.226.240
 unknown United States
53667 PONYNETUS false
124.216.154.152
 unknown Korea Republic of
45361 JCN-AS-KRUlsanJung-AngBroadcastingNetworkKR false
243.252.238.12
 unknown Reserved
unknown unknown false
146.36.24.21
 unknown United States
197938 TRAVIANGAMESDE false
75.84.101.41
 unknown United States
20001 TWC-20001-PACWESTUS false
148.224.51.246
 unknown Mexico
28414 TOTALPLAYTELECOMUNICACIONESSADECVMX false
160.211.14.137
 unknown Germany
15474 RHNETSURISRHnetIS false
153.40.154.193
 unknown United States
14365 ADOBE-NETUS false
96.31.215.229
 unknown United States
12231 CONWAYCORPUS false
32.80.35.87
 unknown United States
2686 ATGS-MMD-ASUS false
89.194.144.181
 unknown United Kingdom
12479 UNI2-ASES false
14.101.240.68
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
155.197.160.95
 unknown United States
37197 SUDRENSD false
179.211.110.179
 unknown Brazil
28573 CLAROSABR false
156.112.197.139
 unknown United States
5961 DNIC-ASBLK-05800-06055US false
2.133.90.54
 unknown Kazakhstan
9198 KAZTELECOM-ASKZ false
112.79.164.111
 unknown India
38266 VODAFONE-INVodafoneIndiaLtdIN false
122.202.167.21
 unknown Korea Republic of
9946 CABLENET-AS-KRKCTVJEJUBROADCASTINGKR false
146.172.225.200
 unknown Norway
2119 TELENOR-NEXTELTelenorNorgeASNO false
102.237.97.210
 unknown unknown
36926 CKL1-ASNKE false
135.86.65.108
 unknown United States
10455 LUCENT-CIOUS false
144.88.174.246
 unknown United States
62989 IUPUS false
185.216.24.39
 unknown France
62000 NETRIX-ASNetrixFR false
164.137.21.74
 unknown United Kingdom
3303 SWISSCOMSwisscomSwitzerlandLtdCH false
4.118.61.97
 unknown United States
3356 LEVEL3US false
164.183.124.94
 unknown United States
37717 EL-KhawarizmiTN false
86.187.165.0
 unknown United Kingdom
2856 BT-UK-ASBTnetUKRegionalnetworkGB false
85.112.59.41
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
67.53.251.169
 unknown United States
10796 TWC-10796-MIDWESTUS false
102.85.238.80
 unknown Uganda
37075 ZAINUGASUG false
2.203.66.78
 unknown Germany
3209 VODANETInternationalIP-BackboneofVodafoneDE false
196.189.116.5
 unknown Ethiopia
24757 EthioNet-ASET false
32.70.203.12
 unknown United States
2686 ATGS-MMD-ASUS false
254.112.91.196
 unknown Reserved
unknown unknown false
71.14.100.214
 unknown United States
20115 CHARTER-20115US false
220.67.89.101
 unknown Korea Republic of
18164 MOKPO-AS-KRMokpoUniversityKR false
175.251.226.242
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
246.244.108.225
 unknown Reserved
unknown unknown false
103.40.112.211
 unknown China
132839 POWERLINE-AS-APPOWERLINEDATACENTERHK false
126.192.21.132
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
41.76.119.116
 unknown South Africa
37172 MITSOLZA false
247.17.3.193
 unknown Reserved
unknown unknown false
53.99.221.122
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
47.70.161.37
 unknown United States
3209 VODANETInternationalIP-BackboneofVodafoneDE false
171.150.73.90
 unknown United States
9874 STARHUB-MOBILEStarHubLtdSG false
24.84.5.146
 unknown Canada
6327 SHAWCA false
151.145.107.117
 unknown United States
15117 ANHEUSER-BUSCHUS false
16.66.175.210
 unknown United States
unknown unknown false
53.0.235.124
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
196.198.65.191
 unknown Seychelles
37518 FIBERGRIDSC false
57.237.235.6
 unknown Belgium
2686 ATGS-MMD-ASUS false
174.74.5.175
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
91.193.68.212
 unknown Ukraine
3326 DATAGROUPDatagroupPJSCUA false
201.26.114.163
 unknown Brazil
27699 TELEFONICABRASILSABR false
133.234.241.242
 unknown Japan 7682 HOTNETHOKKAIDOTELECOMMUNICATIONSNETWORKCoIncJP false
249.125.220.133
 unknown Reserved
unknown unknown false
175.227.28.67
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
92.180.240.187
 unknown France
3215 FranceTelecom-OrangeFR false
44.40.163.28
 unknown United States
20473 AS-CHOOPAUS false
9.26.59.57
 unknown United States
3356 LEVEL3US false
255.29.178.52
 unknown Reserved
unknown unknown false
112.62.22.47
 unknown China
56040 CMNET-GUANGDONG-APChinaMobilecommunicationscorporation false
35.6.69.175
 unknown United States
36375 UMICH-AS-5US false
219.133.88.244
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
115.25.138.93
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
244.194.253.67
 unknown Reserved
unknown unknown false
60.16.171.78
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
136.67.15.246
 unknown United States
60311 ONEFMCH false
181.227.224.126
 unknown Bolivia
28024 NuevatelPCSdeBoliviaSABO false
97.100.36.220
 unknown United States
33363 BHN-33363US false
141.127.181.130
 unknown United States
719 ELISA-ASHelsinkiFinlandEU false