Linux Analysis Report na.elf

Suricata IDS alerts for network traffic

Networking

Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39762 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39816 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39820 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39810 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39818 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39764 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39808 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39834 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39836 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39780 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39842 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39760 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39848 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39774 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39756 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39828 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39822 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39766 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39778 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39872 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39878 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39844 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39868 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39832 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39788 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39802 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39806 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39776 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39910 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39890 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39912 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39908 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39794 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39918 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39758 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39866 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39926 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39852 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39752 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39804 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39784 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39814 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39768 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39854 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39904 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39824 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39800 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39826 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39938 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39942 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39876 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39856 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39928 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39892 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39946 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39862 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39950 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39956 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39960 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39954 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39894 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39932 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39838 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39978 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39900 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39858 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39888 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39924 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39812 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39962 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40006 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39968 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39996 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40016 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40020 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39930 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39850 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39958 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39882 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40004 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39952 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39770 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39966 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39964 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40018 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39940 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39914 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39976 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39916 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39860 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39772 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39980 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39990 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39986 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40050 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39790 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39998 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39864 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40002 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39880 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40088 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40022 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39754 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40036 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39846 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39830 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39792 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40090 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40032 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39896 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40008 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40040 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40038 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39972 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39798 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40042 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39886 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40062 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39782 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39992 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40010 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40080 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40094 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40102 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40070 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40100 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39984 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40030 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39870 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40066 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39922 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39994 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40074 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39906 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39920 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39988 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40072 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39786 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40052 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40108 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39796 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39874 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39840 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39898 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39902 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40056 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40024 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40048 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40058 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39936 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39884 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40064 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40084 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40082 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40000 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39944 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40096 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39974 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39934 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40106 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39948 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40028 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40046 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40044 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40076 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40054 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40068 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39970 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39982 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40026 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40060 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40014 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40092 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40086 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40034 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40012 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40098 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40078 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40104 -> 93.123.85.205:7777

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.13:39752 -> 93.123.85.205:7777

Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Malicious sample detected (through community Yara rule)

Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5436.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5434.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: na.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: na.elf PID: 5436, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample

Name: vseattack

Yara signature match

Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5436.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5434.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: na.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: na.elf PID: 5436, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal100.spre.troj.linELF@0/0@2/0

Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/_memcpy.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/bcopy.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/memcpy.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/memmove.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/memset.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/strcmp.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/strlen.S
Source: na.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crt1.S
Source: na.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crti.S
Source: na.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crtn.S
Source: na.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/sigrestorer.S

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5434)

Queries kernel information via 'uname':

Source: na.elf, 5434.1.00007ffc09263000.00007ffc09284000.rw-.sdmp, na.elf, 5436.1.00007ffc09263000.00007ffc09284000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5434.1.000055599068b000.00005559907b9000.rw-.sdmp, na.elf, 5436.1.000055599068b000.00005559907b9000.rw-.sdmp	Binary or memory string: YU!/etc/qemu-binfmt/arm
Source: na.elf, 5434.1.000055599068b000.00005559907b9000.rw-.sdmp, na.elf, 5436.1.000055599068b000.00005559907b9000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: na.elf, 5434.1.00007ffc09263000.00007ffc09284000.rw-.sdmp, na.elf, 5436.1.00007ffc09263000.00007ffc09284000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information

Source: Yara match

File source: na.elf, type: SAMPLE

Sample contains strings that are user agent strings indicative of HTTP manipulation

Source: Yara match	File source: na.elf, type: SAMPLE
Source: Yara match	File source: 5436.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5434.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: na.elf PID: 5436, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36

Remote Access Functionality

Source: Yara match

File source: na.elf, type: SAMPLE

Antivirus / Scanner detection for submitted sample

Source: Yara match	File source: na.elf, type: SAMPLE
Source: Yara match	File source: 5436.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5434.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: na.elf PID: 5436, type: MEMORYSTR

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
93.123.85.205	unknown	Bulgaria		43561	NET1-ASBG	true

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.25	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
93.123.85.205:7777	true		unknown

AV Detection

Source: na.elf

Avira: detected

Found malware configuration

Source: na.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "93.123.85.205:7777"}

Multi AV Scanner detection for submitted file

Source: na.elf

ReversingLabs: Detection: 65%

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/na.elf (PID: 5434)

Opens: /proc/net/route

Suricata IDS alerts for network traffic

Networking

Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39762 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39816 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39820 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39810 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39818 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39764 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39808 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39834 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39836 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39780 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39842 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39760 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39848 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39774 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39756 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39828 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39822 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39766 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39778 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39872 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39878 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39844 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39868 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39832 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39788 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39802 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39806 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39776 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39910 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39890 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39912 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39908 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39794 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39918 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39758 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39866 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39926 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39852 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39752 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39804 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39784 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39814 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39768 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39854 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39904 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39824 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39800 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39826 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39938 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39942 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39876 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39856 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39928 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39892 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39946 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39862 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39950 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39956 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39960 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39954 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39894 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39932 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39838 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39978 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39900 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39858 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39888 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39924 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39812 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39962 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40006 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39968 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39996 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40016 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40020 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39930 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39850 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39958 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39882 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40004 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39952 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39770 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39966 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39964 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40018 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39940 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39914 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39976 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39916 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39860 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39772 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39980 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39990 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39986 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40050 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39790 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39998 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39864 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40002 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39880 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40088 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40022 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39754 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40036 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39846 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39830 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39792 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40090 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40032 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39896 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40008 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40040 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40038 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39972 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39798 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40042 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39886 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40062 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39782 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39992 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40010 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40080 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40094 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40102 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40070 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40100 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39984 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40030 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39870 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40066 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39922 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39994 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40074 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39906 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39920 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39988 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40072 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39786 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40052 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40108 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39796 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39874 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39840 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39898 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39902 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40056 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40024 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40048 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40058 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39936 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39884 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40064 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40084 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40082 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40000 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39944 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40096 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39974 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39934 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40106 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39948 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40028 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40046 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40044 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40076 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40054 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40068 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39970 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:39982 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40026 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40060 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40014 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40092 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40086 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40034 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40012 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40098 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40078 -> 93.123.85.205:7777
Source: Network traffic	Suricata IDS: 2846526 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.13:40104 -> 93.123.85.205:7777

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.13:39752 -> 93.123.85.205:7777

Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.85.205

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Malicious sample detected (through community Yara rule)

Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5436.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5434.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: na.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: na.elf PID: 5436, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample

Name: vseattack

Yara signature match

Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5436.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5434.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: na.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: na.elf PID: 5436, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal100.spre.troj.linELF@0/0@2/0

Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/_memcpy.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/bcopy.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/memcpy.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/memmove.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/memset.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/strcmp.S
Source: na.elf	ELF static info symbol of initial sample: libc/string/arm/strlen.S
Source: na.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crt1.S
Source: na.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crti.S
Source: na.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crtn.S
Source: na.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/sigrestorer.S

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5434)

Queries kernel information via 'uname':

Source: na.elf, 5434.1.00007ffc09263000.00007ffc09284000.rw-.sdmp, na.elf, 5436.1.00007ffc09263000.00007ffc09284000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5434.1.000055599068b000.00005559907b9000.rw-.sdmp, na.elf, 5436.1.000055599068b000.00005559907b9000.rw-.sdmp	Binary or memory string: YU!/etc/qemu-binfmt/arm
Source: na.elf, 5434.1.000055599068b000.00005559907b9000.rw-.sdmp, na.elf, 5436.1.000055599068b000.00005559907b9000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: na.elf, 5434.1.00007ffc09263000.00007ffc09284000.rw-.sdmp, na.elf, 5436.1.00007ffc09263000.00007ffc09284000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information

Source: Yara match

File source: na.elf, type: SAMPLE

Sample contains strings that are user agent strings indicative of HTTP manipulation

Source: Yara match	File source: na.elf, type: SAMPLE
Source: Yara match	File source: 5436.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5434.1.00007fa844017000.00007fa844028000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: na.elf PID: 5436, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36

Remote Access Functionality

Source: Yara match

File source: na.elf, type: SAMPLE