Source: Mozi.m.elf |
ReversingLabs: Detection: 47% |
Source: global traffic |
TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443 |
Source: global traffic |
TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443 |
Source: global traffic |
TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
Network traffic detected: HTTP traffic on port 43928 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 42836 -> 443 |
Source: Mozi.m.elf, type: SAMPLE |
Matched rule: Linux_Packer_Patched_UPX_62e11c64 Author: unknown |
Source: 6239.1.00007fa998400000.00007fa998422000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Packer_Patched_UPX_62e11c64 Author: unknown |
Source: LOAD without section mappings |
Program segment: 0x400000 |
Source: Mozi.m.elf, type: SAMPLE |
Matched rule: Linux_Packer_Patched_UPX_62e11c64 reference_sample = 02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669, os = linux, severity = x86, creation_date = 2021-06-08, scan_context = file, reference = https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/, license = Elastic License v2, threat_name = Linux.Packer.Patched_UPX, fingerprint = 3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d, id = 62e11c64-fc7d-4a0a-9d72-ad53ec3987ff, last_modified = 2021-07-28 |
Source: 6239.1.00007fa998400000.00007fa998422000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Packer_Patched_UPX_62e11c64 reference_sample = 02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669, os = linux, severity = x86, creation_date = 2021-06-08, scan_context = file, reference = https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/, license = Elastic License v2, threat_name = Linux.Packer.Patched_UPX, fingerprint = 3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d, id = 62e11c64-fc7d-4a0a-9d72-ad53ec3987ff, last_modified = 2021-07-28 |
Source: classification engine |
Classification label: mal64.linELF@0/0@0/0 |
Source: Mozi.m.elf |
Submission file: segment LOAD with 7.8066 entropy (max. 8.0) |
Source: /tmp/Mozi.m.elf (PID: 6239) |
Queries kernel information via 'uname': |
Jump to behavior |
Source: Mozi.m.elf, 6239.1.000055c839619000.000055c8396a0000.rw-.sdmp |
Binary or memory string: U!/etc/qemu-binfmt/mips |
Source: Mozi.m.elf, 6239.1.000055c839619000.000055c8396a0000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/mips |
Source: Mozi.m.elf, 6239.1.00007ffe002dc000.00007ffe002fd000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-mips |
Source: Mozi.m.elf, 6239.1.00007ffe002dc000.00007ffe002fd000.rw-.sdmp |
Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/Mozi.m.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Mozi.m.elf |
Source: Mozi.m.elf, 6239.1.00007ffe002dc000.00007ffe002fd000.rw-.sdmp |
Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped |