Linux Analysis Report
res.spc.elf

Overview

General Information

Sample name: res.spc.elf
Analysis ID: 1592288
MD5: 3c396286c444527f3d0cb672ad4e4ef5
SHA1: b0f034146681002b635bfdf31af6bf2a0a2347e5
SHA256: 808cc1d124070957bdb69f7de6207f3ac131a76c2ecd7dc9b35afb006b1ac968
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: res.spc.elf ReversingLabs: Detection: 39%
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.13:53836 -> 79.124.40.48:3277
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 168.166.66.37:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 176.72.127.122:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 117.126.129.67:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 54.150.118.7:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 45.124.147.75:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 168.216.192.81:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 46.121.166.56:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 99.13.27.16:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 122.53.6.25:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 255.236.56.92:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 31.37.116.168:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 56.43.255.111:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 68.164.64.94:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 68.166.23.203:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 46.212.21.122:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 61.164.21.124:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 148.224.48.111:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 25.217.87.190:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 143.36.66.217:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 50.221.242.217:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 82.139.42.106:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 199.250.209.243:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 253.2.212.79:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 142.126.171.241:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 29.101.31.42:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 58.109.76.135:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 150.170.118.91:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 28.186.102.83:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 33.255.162.172:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 140.80.59.26:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 151.109.192.139:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 249.47.118.199:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 84.205.200.89:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 99.46.60.134:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 123.147.84.3:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 28.59.141.230:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 36.69.237.146:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 166.95.134.3:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 147.195.209.138:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 210.35.24.206:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 143.42.87.187:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 153.137.233.164:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 39.83.181.43:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 85.93.149.28:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 61.176.218.188:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 204.22.16.90:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 180.7.128.131:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 255.93.184.114:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 65.251.113.48:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 161.55.217.56:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 115.66.171.134:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 242.26.122.187:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 193.18.26.117:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 207.28.141.252:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 137.41.160.6:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 124.112.237.100:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 187.0.122.252:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 55.224.11.71:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 44.78.137.90:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 29.103.157.249:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 105.127.45.217:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 211.67.125.196:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 107.186.120.90:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 209.152.135.2:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 28.64.31.141:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 179.51.231.231:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 182.199.109.17:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 133.204.80.77:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 171.206.229.0:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 116.169.142.34:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 161.75.42.108:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 7.149.155.190:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 251.95.114.235:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 32.61.201.19:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 11.25.16.125:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 79.216.105.97:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 164.216.4.180:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 218.196.250.2:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 173.149.145.60:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 63.131.76.156:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 189.21.136.0:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 76.131.216.65:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 68.153.69.108:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 37.77.174.204:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 9.249.144.244:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 29.116.98.125:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 170.139.129.69:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 14.120.213.50:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 94.145.115.161:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 113.108.198.158:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 35.208.78.164:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 216.175.220.28:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 121.186.80.99:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 84.233.114.164:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 88.21.79.85:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 202.63.217.55:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 120.80.187.14:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 214.119.87.252:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 27.20.158.143:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 57.4.252.43:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 54.152.121.90:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 70.2.47.39:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 130.164.228.48:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 218.126.103.114:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 57.124.32.2:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 64.23.60.52:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 44.137.60.43:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 39.132.248.164:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 24.119.102.233:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 209.217.80.52:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 79.66.150.180:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 194.47.165.162:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 68.117.236.19:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 175.11.61.143:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 249.56.200.27:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 244.88.126.107:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 92.119.113.125:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 251.55.175.27:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 199.83.84.217:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 52.23.38.154:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 91.240.168.101:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 14.22.68.44:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 21.100.32.236:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 57.221.128.24:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 65.7.246.106:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 126.64.163.145:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 117.207.161.142:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 190.102.230.178:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 171.248.40.78:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 162.247.129.86:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 181.29.165.96:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 195.86.32.87:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 61.133.241.17:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 122.69.143.57:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 211.47.166.81:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 20.53.108.223:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 148.174.230.57:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 149.47.109.119:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 35.52.43.60:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 177.141.108.2:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 168.143.105.195:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 133.106.174.218:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 15.144.36.224:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 137.233.136.195:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 51.229.83.50:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 20.116.190.90:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 57.252.243.122:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 49.204.239.229:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 77.116.147.100:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 26.163.218.197:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 208.207.178.245:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 150.90.134.173:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 61.170.124.136:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 71.135.174.20:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 89.17.175.113:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 136.251.38.232:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 148.195.69.204:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 205.139.197.5:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 156.77.165.202:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 221.201.177.9:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 56.122.15.114:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 152.212.218.57:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 116.43.57.122:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 4.168.187.212:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 187.158.72.214:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 146.189.19.73:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 248.146.255.90:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 73.172.181.60:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 12.136.112.14:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 129.138.9.233:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 102.112.156.104:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 223.83.68.194:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 142.74.163.219:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 74.248.12.91:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 48.127.172.137:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 8.230.101.116:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 86.27.213.82:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 59.250.9.244:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 255.186.194.29:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 31.37.134.49:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 60.24.20.149:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 77.59.3.60:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 221.54.238.229:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 255.10.176.68:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 110.76.66.87:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 57.24.3.140:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 23.37.109.213:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 109.3.231.247:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 114.111.41.112:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 146.114.241.33:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 139.115.72.25:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 200.209.179.202:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 160.196.189.89:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 34.71.126.117:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 83.73.42.80:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 17.164.219.29:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 208.72.237.137:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 66.225.180.85:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 119.164.189.87:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 39.83.208.93:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 46.19.142.174:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 193.24.53.222:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 70.170.35.167:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 74.221.245.227:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 168.57.220.98:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 59.77.53.210:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 27.232.142.194:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 144.86.8.172:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 161.137.77.96:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 81.83.134.89:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 143.216.235.184:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 247.30.148.73:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 139.194.57.43:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 208.62.204.69:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 131.236.102.98:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 129.244.54.205:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 48.11.16.28:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 252.46.64.233:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 46.253.26.93:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 53.8.49.223:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 214.121.142.203:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 72.251.204.158:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 72.193.186.75:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 107.55.246.215:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 98.154.225.12:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 240.164.81.46:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 208.255.47.112:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 18.31.221.25:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 27.206.28.225:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 89.43.98.67:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 219.28.4.98:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 33.149.62.204:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 169.36.246.252:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 180.14.177.79:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 18.99.238.94:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 28.32.132.236:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 246.63.186.86:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 213.250.243.115:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 8.99.122.158:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 27.14.91.85:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 36.148.57.63:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 152.212.233.61:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 52.48.210.7:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 5.159.218.242:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 108.111.22.93:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 154.39.198.114:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 6.35.59.130:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 35.99.199.207:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 204.71.3.126:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 187.219.213.191:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 183.139.203.110:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 28.232.98.134:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 114.253.5.118:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 150.237.165.214:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 181.85.96.237:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 148.137.202.237:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 90.26.14.56:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 65.80.21.79:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 223.80.210.233:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 35.103.36.135:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 171.69.136.38:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 63.247.12.7:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 78.118.62.19:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 91.2.0.177:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 3.253.137.59:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 199.194.224.37:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 64.67.21.108:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 216.214.179.10:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 163.199.17.86:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 33.218.9.19:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 203.243.235.34:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 82.5.179.254:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 189.11.146.130:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 156.223.199.96:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 144.54.146.47:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 22.175.59.110:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 85.11.59.4:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 114.17.35.33:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 32.57.65.178:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 123.239.124.1:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 137.252.95.148:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 68.13.95.0:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 221.195.117.245:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 190.31.155.10:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 170.81.31.228:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 242.196.206.82:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 92.103.197.60:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 44.99.103.103:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 118.90.168.77:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 84.26.81.200:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 135.150.68.194:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 152.36.240.160:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 153.37.71.238:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 135.79.198.100:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 220.71.47.75:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 209.5.60.230:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 253.7.251.3:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 35.45.31.187:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 217.209.15.224:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 188.129.168.173:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 11.40.244.106:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 149.102.91.44:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 128.217.192.81:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 165.22.255.158:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 249.162.46.50:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 187.117.129.13:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 85.94.46.88:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 183.114.199.70:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 181.112.236.163:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 186.120.60.178:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 80.22.201.141:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 64.228.35.52:2323
Source: global traffic TCP traffic: 192.168.2.13:43072 -> 91.165.154.115:2323
Sample listens on a socket
Source: /tmp/res.spc.elf (PID: 5431) Socket: 0.0.0.0:23 Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) Socket: 0.0.0.0:0 Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 79.124.40.48
Source: unknown TCP traffic detected without corresponding DNS query: 168.166.66.37
Source: unknown TCP traffic detected without corresponding DNS query: 136.103.103.37
Source: unknown TCP traffic detected without corresponding DNS query: 33.115.62.38
Source: unknown TCP traffic detected without corresponding DNS query: 218.196.8.115
Source: unknown TCP traffic detected without corresponding DNS query: 198.158.218.42
Source: unknown TCP traffic detected without corresponding DNS query: 45.151.17.48
Source: unknown TCP traffic detected without corresponding DNS query: 6.97.119.31
Source: unknown TCP traffic detected without corresponding DNS query: 176.72.127.122
Source: unknown TCP traffic detected without corresponding DNS query: 128.251.15.150
Source: unknown TCP traffic detected without corresponding DNS query: 102.57.163.21
Source: unknown TCP traffic detected without corresponding DNS query: 191.202.109.25
Source: unknown TCP traffic detected without corresponding DNS query: 12.175.22.153
Source: unknown TCP traffic detected without corresponding DNS query: 99.158.38.53
Source: unknown TCP traffic detected without corresponding DNS query: 211.56.65.98
Source: unknown TCP traffic detected without corresponding DNS query: 241.105.220.90
Source: unknown TCP traffic detected without corresponding DNS query: 24.209.231.99
Source: unknown TCP traffic detected without corresponding DNS query: 183.186.84.192
Source: unknown TCP traffic detected without corresponding DNS query: 143.217.129.202
Source: unknown TCP traffic detected without corresponding DNS query: 204.142.168.32
Source: unknown TCP traffic detected without corresponding DNS query: 216.24.60.26
Source: unknown TCP traffic detected without corresponding DNS query: 252.54.14.237
Source: unknown TCP traffic detected without corresponding DNS query: 95.213.194.145
Source: unknown TCP traffic detected without corresponding DNS query: 109.179.222.231
Source: unknown TCP traffic detected without corresponding DNS query: 141.97.135.36
Source: unknown TCP traffic detected without corresponding DNS query: 71.93.125.184
Source: unknown TCP traffic detected without corresponding DNS query: 58.157.206.175
Source: unknown TCP traffic detected without corresponding DNS query: 8.60.67.100
Source: unknown TCP traffic detected without corresponding DNS query: 172.216.8.145
Source: unknown TCP traffic detected without corresponding DNS query: 117.126.129.67
Source: unknown TCP traffic detected without corresponding DNS query: 28.45.95.188
Source: unknown TCP traffic detected without corresponding DNS query: 247.138.183.159
Source: unknown TCP traffic detected without corresponding DNS query: 61.45.158.92
Source: unknown TCP traffic detected without corresponding DNS query: 49.248.148.211
Source: unknown TCP traffic detected without corresponding DNS query: 82.175.223.97
Source: unknown TCP traffic detected without corresponding DNS query: 135.231.20.136
Source: unknown TCP traffic detected without corresponding DNS query: 89.124.14.160
Source: unknown TCP traffic detected without corresponding DNS query: 51.191.139.176
Source: unknown TCP traffic detected without corresponding DNS query: 116.129.119.161
Source: unknown TCP traffic detected without corresponding DNS query: 246.130.191.156
Source: unknown TCP traffic detected without corresponding DNS query: 188.120.28.181
Source: unknown TCP traffic detected without corresponding DNS query: 178.155.199.139
Source: unknown TCP traffic detected without corresponding DNS query: 212.247.135.181
Source: unknown TCP traffic detected without corresponding DNS query: 54.150.118.7
Source: unknown TCP traffic detected without corresponding DNS query: 27.162.218.156
Source: unknown TCP traffic detected without corresponding DNS query: 8.229.151.216
Source: unknown TCP traffic detected without corresponding DNS query: 79.124.40.48
Source: unknown TCP traffic detected without corresponding DNS query: 132.130.107.148
Source: unknown TCP traffic detected without corresponding DNS query: 223.216.173.176
Source: unknown TCP traffic detected without corresponding DNS query: 61.249.26.31

System Summary
barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 765, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 792, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 800, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 802, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 803, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 855, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 884, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 1410, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 1411, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 1475, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 1881, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 2926, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 2935, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 2936, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 2964, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3069, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3132, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3153, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3181, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3183, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3185, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3246, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3300, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3327, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3413, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3420, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3424, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3429, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3434, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3787, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 5432, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 5436, result: successful Jump to behavior
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 765, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 792, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 800, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 802, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 803, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 855, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 884, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 1410, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 1411, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 1475, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 1881, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 2926, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 2935, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 2936, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 2964, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3069, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3132, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3153, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3181, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3183, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3185, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3246, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3300, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3327, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3413, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3420, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3424, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3429, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3434, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 3787, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 5432, result: successful Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) SIGKILL sent: pid: 5436, result: successful Jump to behavior
Source: classification engine Classification label: mal52.spre.linELF@0/0@0/0
Enumerates processes within the "proc" file system
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5266/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3122/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3117/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3114/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5412/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/914/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/914/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/518/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/519/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/917/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/917/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5432/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3134/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3375/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3132/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3095/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1745/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1866/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1588/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/884/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/884/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1982/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/765/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/765/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3246/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/800/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/800/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/767/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/767/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1906/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/802/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/802/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/803/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/803/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3644/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1748/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3420/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1482/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/490/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/490/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1480/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1755/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1238/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1875/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/2964/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3413/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1751/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1872/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/2961/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1475/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/656/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/657/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/778/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/778/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/658/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5435/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/659/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5436/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/418/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/936/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/936/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/419/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/816/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/816/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5439/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1879/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5450/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5451/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5452/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5453/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5454/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5455/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1891/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3310/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3153/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/780/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/780/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/660/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/660/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1921/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/783/fd Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/783/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1765/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/2974/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1400/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1884/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3424/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/2972/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3147/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/2970/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1881/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3146/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3300/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5445/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5446/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5447/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1805/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/3787/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5448/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1925/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1804/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/5449/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1648/exe Jump to behavior
Source: /tmp/res.spc.elf (PID: 5431) File opened: /proc/1922/exe Jump to behavior
Executes the "rm" command used to delete files or directories
Source: /usr/bin/xfce4-session (PID: 5439) Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4 Jump to behavior
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/res.spc.elf (PID: 5427) Queries kernel information via 'uname': Jump to behavior
Source: res.spc.elf, 5427.1.000056480e051000.000056480e0d6000.rw-.sdmp, res.spc.elf, 5432.1.000056480e051000.000056480e0b6000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/sparc
Source: res.spc.elf, 5427.1.00007ffd3db25000.00007ffd3db46000.rw-.sdmp, res.spc.elf, 5432.1.00007ffd3db25000.00007ffd3db46000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-sparc/tmp/res.spc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/res.spc.elf
Source: res.spc.elf, 5427.1.000056480e051000.000056480e0d6000.rw-.sdmp, res.spc.elf, 5432.1.000056480e051000.000056480e0b6000.rw-.sdmp Binary or memory string: HV!/etc/qemu-binfmt/sparc
Source: res.spc.elf, 5427.1.00007ffd3db25000.00007ffd3db46000.rw-.sdmp, res.spc.elf, 5432.1.00007ffd3db25000.00007ffd3db46000.rw-.sdmp Binary or memory string: /usr/bin/qemu-sparc
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
244.88.126.107
 unknown Reserved
unknown unknown false
178.106.130.120
 unknown United Kingdom
12576 EELtdGB false
255.29.62.234
 unknown Reserved
unknown unknown false
35.125.242.97
 unknown United States
237 MERIT-AS-14US false
161.55.217.56
 unknown United States
3477 N-WAVEUS false
94.190.224.204
 unknown Hong Kong
12796 TCV-ASBG false
70.170.35.167
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
190.117.104.111
 unknown Peru
12252 AmericaMovilPeruSACPE false
172.86.48.44
 unknown United States
63394 EIDG-AS1US false
83.91.48.246
 unknown Denmark
3292 TDCTDCASDK false
5.232.36.156
 unknown Iran (ISLAMIC Republic Of)
58224 TCIIR false
148.185.194.254
 unknown European Union
3423 ATTIS-ASN3423US false
13.110.94.25
 unknown United States
14340 SALESFORCEUS false
115.238.69.229
 unknown China
58461 CT-HANGZHOU-IDCNo288Fu-chunRoadCN false
196.142.7.209
 unknown Egypt
36935 Vodafone-EG false
72.134.27.250
 unknown United States
20001 TWC-20001-PACWESTUS false
240.238.27.55
 unknown Reserved
unknown unknown false
91.229.46.164
 unknown Iran (ISLAMIC Republic Of)
44932 SABAIDEAIR false
35.208.78.164
 unknown United States
19527 GOOGLE-2US false
190.25.0.185
 unknown Colombia
19429 ETB-ColombiaCO false
23.37.109.213
 unknown United States
719 ELISA-ASHelsinkiFinlandEU false
122.159.16.106
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
248.210.23.18
 unknown Reserved
unknown unknown false
216.151.146.142
 unknown United States
13445 13445US false
34.80.115.33
 unknown United States
15169 GOOGLEUS false
181.95.111.156
 unknown Argentina
7303 TelecomArgentinaSAAR false
63.133.174.216
 unknown United States
20077 IPNETZONE-ASNUS false
219.188.142.235
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
211.21.90.239
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
244.199.59.139
 unknown Reserved
unknown unknown false
105.127.45.217
 unknown Nigeria
36873 VNL1-ASNG false
33.46.218.241
 unknown United States
2686 ATGS-MMD-ASUS false
67.16.37.2
 unknown United States
3549 LVLT-3549US false
114.111.41.112
 unknown Korea Republic of
23576 NHN-AS-KRNBPKR false
250.201.146.215
 unknown Reserved
unknown unknown false
83.161.40.237
 unknown Netherlands
3265 XS4ALL-NLAmsterdamNL false
34.81.9.8
 unknown United States
15169 GOOGLEUS false
213.203.35.34
 unknown Norway
702 UUNETUS false
61.249.26.31
 unknown Korea Republic of
3786 LGDACOMLGDACOMCorporationKR false
29.116.98.125
 unknown United States
7922 COMCAST-7922US false
25.193.93.58
 unknown United Kingdom
7922 COMCAST-7922US false
122.160.6.68
 unknown India
24560 AIRTELBROADBAND-AS-APBhartiAirtelLtdTelemediaServices false
41.96.238.17
 unknown Algeria
36947 ALGTEL-ASDZ false
48.175.71.54
 unknown United States
2686 ATGS-MMD-ASUS false
41.234.182.9
 unknown Egypt
8452 TE-ASTE-ASEG false
59.186.7.46
 unknown Korea Republic of
3786 LGDACOMLGDACOMCorporationKR false
150.72.1.45
 unknown Japan 6400 CompaniaDominicanadeTelefonosSADO false
22.199.155.238
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
186.95.209.142
 unknown Venezuela
8048 CANTVServiciosVenezuelaVE false
204.22.16.90
 unknown United States
13325 STOMIUS false
187.211.169.244
 unknown Mexico
8151 UninetSAdeCVMX false
111.117.222.124
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
246.130.191.156
 unknown Reserved
unknown unknown false
215.102.175.100
 unknown United States
721 DNIC-ASBLK-00721-00726US false
48.236.189.149
 unknown United States
2686 ATGS-MMD-ASUS false
30.82.194.162
 unknown United States
7922 COMCAST-7922US false
81.60.121.184
 unknown Spain
12430 VODAFONE_ESES false
124.90.27.13
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
211.98.54.204
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
215.35.158.22
 unknown United States
721 DNIC-ASBLK-00721-00726US false
245.108.13.115
 unknown Reserved
unknown unknown false
206.137.137.135
 unknown United States
701 UUNETUS false
25.60.8.144
 unknown United Kingdom
7922 COMCAST-7922US false
222.253.216.239
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
137.126.231.136
 unknown United States
11351 TWC-11351-NORTHEASTUS false
137.150.107.61
 unknown United States
2152 CSUNET-NWUS false
96.87.199.230
 unknown United States
7922 COMCAST-7922US false
249.37.103.19
 unknown Reserved
unknown unknown false
125.216.90.48
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
51.120.18.179
 unknown United Kingdom
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
102.3.9.108
 unknown unknown
36926 CKL1-ASNKE false
147.206.127.204
 unknown United States
55542 RMSNET-AS-APRoadsandMaritimeServicesAU false
247.47.138.6
 unknown Reserved
unknown unknown false
29.94.89.141
 unknown United States
7922 COMCAST-7922US false
78.172.34.193
 unknown Turkey
9121 TTNETTR false
99.18.178.106
 unknown United States
7018 ATT-INTERNET4US false
31.140.200.95
 unknown Turkey
16135 TURKCELL-ASTurkcellASTR false
191.18.161.25
 unknown Brazil
26599 TELEFONICABRASILSABR false
97.101.157.155
 unknown United States
33363 BHN-33363US false
36.90.163.250
 unknown Indonesia
7713 TELKOMNET-AS-APPTTelekomunikasiIndonesiaID false
154.253.50.77
 unknown Algeria
36947 ALGTEL-ASDZ false
246.60.198.243
 unknown Reserved
unknown unknown false
72.80.146.109
 unknown United States
701 UUNETUS false
106.41.184.112
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
219.109.72.27
 unknown Japan 10000 NCMNagasakiCableMediaIncJP false
116.180.248.146
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
120.64.225.213
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
95.111.13.50
 unknown Bulgaria
35141 MEGALANBG false
56.120.255.8
 unknown United States
2686 ATGS-MMD-ASUS false
130.250.10.148
 unknown United States
394901 VXCHNGE-TX01US false
44.50.94.43
 unknown United States
7377 UCSDUS false
54.249.232.30
 unknown United States
16509 AMAZON-02US false
44.99.103.103
 unknown United States
7377 UCSDUS false
120.250.232.2
 unknown China
56040 CMNET-GUANGDONG-APChinaMobilecommunicationscorporation false
189.16.97.5
 unknown Brazil
4230 CLAROSABR false
253.56.137.215
 unknown Reserved
unknown unknown false
40.142.180.113
 unknown United States
7029 WINDSTREAMUS false
68.63.202.176
 unknown United States
7922 COMCAST-7922US false
2.4.171.124
 unknown France
3215 FranceTelecom-OrangeFR false
7.234.183.27
 unknown United States
3356 LEVEL3US false