ID: 453919 Sample Name: 8v1QKqvK9c Cookbook: defaultlinuxfilecookbook.jbs Time: 16:59:24 Date: 25/07/2021 Version: 33.0.0 White Diamond Table of Contents

Table of Contents 2 Linux Analysis Report 8v1QKqvK9c 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Analysis Advice 3 General Information 3 Process Tree 3 Yara Overview 4 Initial Sample 4 PCAP (Network Traffic) 4 Jbx Signature Overview 4 AV Detection: 4 Networking: 4 Mitre Att&ck Matrix 4 Malware Configuration 4 Behavior Graph 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Domains 5 URLs 5 Domains and IPs 5 Contacted Domains 5 Contacted IPs 6 Public 6 Runtime Messages 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 8 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 10 General 10 Static ELF Info 10 ELF header 10 Sections 10 Program Segments 10 Network Behavior 11 Network Port Distribution 11 TCP Packets 11 System Behavior 11 Analysis Process: 8v1QKqvK9c PID: 4596 Parent PID: 4518 11 General 11 File Activities 11 File Read 11 Analysis Process: 8v1QKqvK9c PID: 4603 Parent PID: 4596 11 General 11 Analysis Process: 8v1QKqvK9c PID: 4607 Parent PID: 4603 12 General 12

Copyright Joe Security LLC 2021 Page 2 of 12 Linux Analysis Report 8v1QKqvK9c

Overview

General Information Detection Signatures Classification

Sample 8v1QKqvK9c Name: Muullltttiii AAVV SSccaannnneerrr ddeettteecctttiiioonn fffoorrr ssuubbm…

Analysis ID: 453919 SMSnnuooltrrrit tt A IIIDDVS SS acalalleenrrrtntt feffoorrr r d nneeettettwwcotoirorrkkn t ttrfrraoafrfff ffisiiccu ((b(eem...… MD5: ce09b4798df15ac… YSYanarroraar t d dIeDetttSeec cattteleeddr t M foiiirrraa niiietwork traffic (e. YYaarraa ddeetteecctteedd Miirraaii Ransomware

SHA1: 152d07b9de51bfe… Miner Spreading YYaarrraa ddeettteeccttteedd Miiirrraaiii

SHA256: mmaallliiiccciiioouusss 3f807fcbb5e0d62… malicious Yara detected Mirai DYDeaetrtteaec cdttteedtde TcTCtCePdP oMorrri rUUaDiDPP tttrrraaffffffiiicc oonn nnoonn… Evader Phishing sssuusssppiiiccciiioouusss Tags: 32 elf mirai powerpc suspicious

SDSaeamtepcplltlee d cc ooTnnCtttaPaiiin nossr sUstttrDrriiinnPgg stsr aiiinnffddiciiicc oaantttiiiv vneeo ono… cccllleeaann SSaamppllee ccoonnttaaiinnss ssttrriinnggss iinnddiiccaattiivvee oo… clean Infos: SSaampplllee ccoonntttaaiiinnss sstttrrriiinnggss iiinnddiiiccaatttiiivvee oo… Exploiter Banker

SSaampplllee hchaoasns t sasttitrnrriiipspp pseetrddin ssgyysm inbbdooilllc tttaatbbivlllee o Spyware Trojan / Bot

Adware Mirai SSaampplllee llhliiissatttsee nnsstsr ioopnnp eaad ss sooyccmkkeebtttol table

Score: 72 USUsasemessp ttlthehe el i s"""utuennnaasm oeen""" assy ysssotttecemke tccaallllll tttoo qquu… Range: 0 - 100 Uses the "uname" system call to qu Whitelisted: false

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version: 33.0.0 White Diamond Analysis ID: 453919 Start date: 25.07.2021 Start time: 16:59:24 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 4m 24s Hypervisor based Inspection enabled: false Report type: light Sample file name: 8v1QKqvK9c Cookbook file name: defaultlinuxfilecookbook.jbs Analysis system description: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171) Analysis Mode: default Detection: MAL Classification: mal72.troj.lin@0/0@0/0 Warnings: Show All

Process Tree

system is lnxubuntu1 8v1QKqvK9c (PID: 4596, Parent: 4518, MD5: ce09b4798df15ac3dee04303a71a5f6f) Arguments: /usr/bin/qemu-ppc /tmp/8v1QKqvK9c 8v1QKqvK9c New Fork (PID: 4603, Parent: 4596) 8v1QKqvK9c New Fork (PID: 4607, Parent: 4603) cleanup

Copyright Joe Security LLC 2021 Page 3 of 12 Yara Overview

Initial Sample

Source Rule Description Author Strings 8v1QKqvK9c JoeSecurity_Mirai_8 Yara detected Mirai Joe Security

PCAP (Network Traffic)

Source Rule Description Author Strings dump.pcap JoeSecurity_Mirai_12 Yara detected Mirai Joe Security

Jbx Signature Overview

• AV Detection • Networking • System Summary • Malware Analysis System Evasion

Click to jump to signature section

AV Detection:

Multi AV Scanner detection for submitted file

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Path Direct Brute Security Remote Data from Exfiltration Non- Eavesdrop on Remotely Modify Accounts Management Interception Interception Volume Force 1 Software Services Local Over Other Standard Insecure Track Device System Instrumentation Access Discovery 1 System Network Port 1 Network Without Partition Medium Communication Authorization

Malware Configuration

No configs have been found

Behavior Graph Copyright Joe Security LLC 2021 Page 4 of 12 Behavior Graph

Hide Legend Legend: Process

Behavior Graph Signature ID: 453919 Created File Sample: 8v1QKqvK9c Startdate: 25/07/2021 DNS/IP Info Architecture: LINUX Is Dropped Score: 72 Number of created Files

Is malicious 154.83.233.51, 23 84.168.174.107, 23

XIAOZHIYUN1-AS-APICIDCNETWORKUS DTAGInternetserviceprovideroperationsDE 98 other IPs or domains Internet Seychelles Germany

started

Snort IDS alert for network traffic (e.g. Multi AV Scanner detection Yara detected Mirai Yara detected Mirai based on Emerging Threat for submitted file rules)

8v1QKqvK9c

started

8v1QKqvK9c

started

8v1QKqvK9c

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link 8v1QKqvK9c 27% Virustotal Browse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Copyright Joe Security LLC 2021 Page 5 of 12 Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 176.23.157.7 unknown Denmark 3292 TDCTDCASDK false 99.47.140.24 unknown United States 7018 ATT-INTERNET4US false 137.117.248.33 unknown United States 8075 MICROSOFT-CORP-MSN- false AS-BLOCKUS 100.33.237.96 unknown United States 701 UUNETUS false 60.51.9.111 unknown Malaysia 4788 TMNET-AS- false APTMNetInternetServicePro viderMY 38.142.164.72 unknown United States 174 COGENT-174US false 170.255.163.14 unknown Belgium 5400 BTGB false 139.230.250.96 unknown Australia 7575 AARNET-AS- false APAustralianAcademicandR esearchNetworkAARNe 152.11.179.75 unknown United States 81 NCRENUS false 139.90.56.40 unknown Belgium 270 AS270US false 48.124.73.117 unknown United States 2686 ATGS-MMD-ASUS false 199.124.100.88 unknown United States 721 DNIC-ASBLK-00721- false 00726US 208.247.184.31 unknown United States 7029 WINDSTREAMUS false 86.195.155.100 unknown France 3215 FranceTelecom-OrangeFR false 51.137.112.31 unknown United Kingdom 8075 MICROSOFT-CORP-MSN- false AS-BLOCKUS 188.145.179.67 unknown Germany 12389 ROSTELECOM-ASRU false 48.160.15.19 unknown United States 2686 ATGS-MMD-ASUS false 152.244.50.122 unknown Brazil 26599 TELEFONICABRASILSABR false 135.75.72.47 unknown United States 18676 AVAYAUS false 41.3.237.94 unknown South Africa 29975 VODACOM-ZA false 48.240.11.79 unknown United States 2686 ATGS-MMD-ASUS false 25.247.37.26 unknown United Kingdom 199055 UKCLOUD-ASGB false 69.96.118.119 unknown United States 4261 BLUEGRASSNETUS false 82.210.58.16 unknown France 34177 CELESTE-ASCELESTE- false InternetservicesproviderFR 95.180.22.86 unknown Serbia 31042 SERBIA-BROADBAND- false ASSerbiaBroadBand- SrpskeKablovskemreze 85.112.35.31 unknown Russian Federation 12389 ROSTELECOM-ASRU false 160.7.82.76 unknown United States 210 WEST-NET-WESTUS false 105.46.184.68 unknown Egypt 37069 MOBINILEG false 124.154.82.14 unknown Japan 2514 INFOSPHERENTTPCComm false unicationsIncJP 93.196.14.33 unknown Germany 3320 DTAGInternetserviceprovider false operationsDE 153.241.132.65 unknown Japan 4713 OCNNTTCommunicationsCo false rporationJP 19.155.130.96 unknown United States 3 MIT-GATEWAYSUS false 62.175.114.94 unknown Spain 12357 COMUNITELSPAINES false 65.82.81.15 unknown United States 6389 BELLSOUTH-NET-BLKUS false 84.168.174.107 unknown Germany 3320 DTAGInternetserviceprovider true operationsDE 86.22.247.59 unknown United Kingdom 5089 NTLGB false 36.82.35.42 unknown Indonesia 7713 TELKOMNET-AS- false APPTTelekomunikasiIndone siaID 73.161.250.110 unknown United States 7922 COMCAST-7922US false 109.7.7.83 unknown France 15557 LDCOMNETFR false 27.48.182.22 unknown India 23772 ORTELNET- false ASMsOrtelCommunicationsL tdIN 212.74.121.117 unknown United Kingdom 9105 TISCALI- false UKTalkTalkCommunications LimitedGB 172.223.30.14 unknown United States 20115 CHARTER-20115US false 73.203.180.67 unknown United States 7922 COMCAST-7922US false 12.227.98.23 unknown United States 54448 GREENFIELD- false COMMUNICATIONSUS

Copyright Joe Security LLC 2021 Page 6 of 12 IP Domain Country Flag ASN ASN Name Malicious 173.117.209.66 unknown United States 10507 SPCSUS false 52.195.213.62 unknown United States 16509 AMAZON-02US false 99.126.83.19 unknown United States 7018 ATT-INTERNET4US false 122.208.27.101 unknown Japan 17506 UCOMARTERIANetworksCo false rporationJP 220.21.127.94 unknown Japan 17676 GIGAINFRASoftbankBBCorp false JP 132.177.94.91 unknown United States 11745 USNHUS false 198.69.194.58 unknown United States 1239 SPRINTLINKUS false 83.49.169.98 unknown Spain 3352 TELEFONICA_DE_ESPANA false ES 222.119.255.75 unknown Korea Republic of 4766 KIXS-AS- false KRKoreaTelecomKR 131.129.170.84 unknown Japan 4685 ASAHI-NETAsahiNetJP false 9.215.94.44 unknown United States 3356 LEVEL3US false 18.182.108.81 unknown United States 16509 AMAZON-02US false 4.247.178.29 unknown United States 3356 LEVEL3US false 66.147.55.43 unknown United States 7029 WINDSTREAMUS false 57.157.49.83 unknown Belgium 2686 ATGS-MMD-ASUS false 204.202.53.38 unknown United States 2914 NTT-COMMUNICATIONS- false 2914US 137.213.234.51 unknown United Kingdom 721 DNIC-ASBLK-00721- false 00726US 220.167.179.124 unknown China 4134 CHINANET- false BACKBONENo31Jin- rongStreetCN 144.124.159.31 unknown United Kingdom 786 JANETJiscServicesLimitedG false B 91.86.87.126 unknown Belgium 47377 ORANGE_BELGIUM_SAKP false NBelgiumBusinessNVhasbe enacquired 180.246.124.124 unknown Indonesia 7713 TELKOMNET-AS- false APPTTelekomunikasiIndone siaID 175.24.9.114 unknown China 45090 CNNIC-TENCENT-NET- false APShenzhenTencentComput erSystemsCompa 170.117.3.87 unknown United States 22347 DORSEY-WHITNEYUS false 82.139.6.114 unknown Poland 29314 VECTRANET- false ASAlZwyciestwa25381- 525GdyniaPolandPL 209.14.158.36 unknown United States 40676 AS40676US false 110.54.239.30 unknown Philippines 132199 GLOBE-MOBILE-5TH-GEN- false ASGlobeTelecomIncPH 99.4.2.18 unknown United States 7018 ATT-INTERNET4US false 124.23.96.19 unknown China 23771 SXBCTV- false APSXBCTVInternetServiceP roviderCN 128.227.84.49 unknown United States 6356 NERDCNETUS false 93.98.207.97 unknown Saudi Arabia 34397 CYBERIA- false RUHCyberiaRiyadhAutonom ousSystemSA 65.228.133.102 unknown United States 6256 CELLCO-PARTUS false 73.162.59.85 unknown United States 7922 COMCAST-7922US false 89.204.52.126 unknown Russian Federation 12389 ROSTELECOM-ASRU false 93.203.96.78 unknown Germany 3320 DTAGInternetserviceprovider false operationsDE 154.83.233.51 unknown Seychelles 136800 XIAOZHIYUN1-AS- true APICIDCNETWORKUS 219.48.154.5 unknown Japan 17676 GIGAINFRASoftbankBBCorp false JP 50.110.196.109 unknown United States 5650 FRONTIER-FRTRUS false 222.167.166.9 unknown Hong Kong 9908 HKCABLE2-HK- false APHKCableTVLtdHK 99.230.183.95 unknown Canada 812 ROGERS- false COMMUNICATIONSCA 128.215.64.91 unknown United States 1741 FUNETASFI false 61.172.6.19 unknown China 4812 CHINANET-SH- false APChinaTelecomGroupCN 131.48.67.85 unknown United States 386 AFCONC-BLOCK1-ASUS false 216.120.130.22 unknown United States 11491 TRIVALENT-GROUP- false NEWUS

Copyright Joe Security LLC 2021 Page 7 of 12 IP Domain Country Flag ASN ASN Name Malicious 147.144.90.73 unknown United States 2152 CSUNET-NWUS false 180.195.247.94 unknown Philippines 45223 WIN-AS-TH- false APWorldInternetworkCoLtdT hailandTH 25.95.102.30 unknown United Kingdom 7922 COMCAST-7922US false 133.248.9.121 unknown Japan 7687 D- false CRUISENETTOYOTADIGIT ALCRUISEINCORPORATE DJP 193.230.67.21 unknown Romania 3233 RNCRomanianNatioanalRDN false etworkRO 13.121.63.8 unknown United States 16509 AMAZON-02US false 126.83.13.94 unknown Japan 17676 GIGAINFRASoftbankBBCorp false JP 83.190.114.127 unknown Sweden 39651 COMHEM-SWEDENSE false 143.198.160.7 unknown United States 15557 LDCOMNETFR false 163.42.70.119 unknown Japan 2907 SINET- false ASResearchOrganizationofIn formationandSystemsN 219.193.71.0 unknown Japan 17676 GIGAINFRASoftbankBBCorp false JP 79.249.185.54 unknown Germany 3320 DTAGInternetserviceprovider false operationsDE 188.215.95.106 unknown Romania 41537 C-SOLUTION- false ASAlCallatisnr7BlA9ScBAp1 9RO

Runtime Messages

Command: /tmp/8v1QKqvK9c Exit Code: 0 Exit Code Info: Killed: False Standard Output: peachy botnet Standard Error:

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

Match Associated Sample Name / URL SHA 256 Detection Link Context TDCTDCASDK jrhmAevdFM Get hash malicious Browse 193.89.62.111 6KYyHNKrGE Get hash malicious Browse 194.192.194.11 sRWaoawyGU Get hash malicious Browse 2.111.26.84 n8yi6Fscsw Get hash malicious Browse 93.164.121.23 F2PYGjcpEU Get hash malicious Browse 83.95.158.170 f6ltkPVpLX Get hash malicious Browse 176.20.217.173 YAWRJ8qbFo Get hash malicious Browse 80.196.49.138 q05RiWoYOi Get hash malicious Browse 87.57.197.247 CDlgGxVaVj Get hash malicious Browse 176.22.221.171 h8MhZOuYnX Get hash malicious Browse 93.160.27.87 28XiT9IuAd Get hash malicious Browse 80.63.211.108 oFcTEZwZeG Get hash malicious Browse 87.56.20.87 gL430xl8lU Get hash malicious Browse 195.41.24.253 Copyright Joe Security LLC 2021 Page 8 of 12 Match Associated Sample Name / URL SHA 256 Detection Link Context zCRkonVpR0 Get hash malicious Browse 188.183.24 7.120 ovLjmo5UoE Get hash malicious Browse 194.192.157.80 XuQRPW44hi Get hash malicious Browse 87.56.81.31 U1R7Ed7940 Get hash malicious Browse 138.62.183.115 kb5IbEJU8c Get hash malicious Browse 83.93.107.170 MD5OxTSc6i Get hash malicious Browse 193.89.106.125 wy2BysBF1U Get hash malicious Browse 93.162.230.233 MICROSOFT-CORP-MSN-AS- 94eegsPxnL Get hash malicious Browse 52.247.38.103 BLOCKUS V3q90psUOb Get hash malicious Browse 20.240.174.116 x9HtTuU5zb Get hash malicious Browse 104.212.30.235 4Fkt5QAGt1 Get hash malicious Browse 51.138.179.50 og3IM7rP72 Get hash malicious Browse 20.12.39.104 Ohzd1zUE85 Get hash malicious Browse 20.178.230.246 7jSFutZmCj Get hash malicious Browse 52.182.174.89 c0k7KpL89r Get hash malicious Browse 52.109.179.208 6KYyHNKrGE Get hash malicious Browse 20.173.193.199 n8yi6Fscsw Get hash malicious Browse 40.75.84.70 SCSCHVbHu0 Get hash malicious Browse 52.249.148.93 MB2j5AghUR Get hash malicious Browse 104.146.10.31 r5z4qBJ8Fc Get hash malicious Browse 104.210.140.90 pO5C4FZ72y Get hash malicious Browse 20.189.217.3 7spunOMzSK Get hash malicious Browse 20.52.94.160 F2PYGjcpEU Get hash malicious Browse 20.52.187.132 GSAKMsGS02 Get hash malicious Browse 52.237.18.54 f6ltkPVpLX Get hash malicious Browse 13.77.187.106 tx3RCyB4M3 Get hash malicious Browse 20.100.94.95 YAWRJ8qbFo Get hash malicious Browse 20.92.29.196 ATT-INTERNET4US 94eegsPxnL Get hash malicious Browse 107.192.108.51 jrhmAevdFM Get hash malicious Browse 23.126.99.117 V3q90psUOb Get hash malicious Browse 13.170.242.16 x9HtTuU5zb Get hash malicious Browse 75.25.249.113 4Fkt5QAGt1 Get hash malicious Browse 99.48.158.30 FyVJgF2nAA Get hash malicious Browse 172.7.46.137 26PoH4fdTq Get hash malicious Browse 13.171.224.48 hH3nPDxZU4 Get hash malicious Browse 99.185.12.86 leY5nwYwDp Get hash malicious Browse 107.142.17 3.234

Ohzd1zUE85 Get hash malicious Browse 76.201.138.136 7jSFutZmCj Get hash malicious Browse 72.151.203.197 c0k7KpL89r Get hash malicious Browse 13.181.255.127 6KYyHNKrGE Get hash malicious Browse 75.28.185.34 DF0kMvVZ9S Get hash malicious Browse 74.167.253.167 ieoZF9F4TX Get hash malicious Browse 69.213.178.85 sRWaoawyGU Get hash malicious Browse 172.179.18 7.100 2JUbB6TvZY Get hash malicious Browse 104.50.246.15 n8yi6Fscsw Get hash malicious Browse 172.179.0.104 2N1tt5eaCn Get hash malicious Browse 32.45.151.99 y4qsvuP9AS Get hash malicious Browse 69.212.111.69

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Copyright Joe Security LLC 2021 Page 9 of 12 Static File Info

General File type: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped Entropy (8bit): 6.006466077185493 TrID: ELF Executable and Linkable format (generic) (4004/1) 100.00% File name: 8v1QKqvK9c File size: 25676 MD5: ce09b4798df15ac3dee04303a71a5f6f SHA1: 152d07b9de51bfe799cd1d6bc4706d8bf561b18b SHA256: 3f807fcbb5e0d62da56300cfeaaf31d2d53510620c6977fd 6b4a07033be51cdf SHA512: 06531438253b8187c000859434ae476958265e82514b2a a547585366d667e834d29ea1bcdd80427582f2c87bf6521 b2f1f1b6afb8ce422416c42351495a15f56 SSDEEP: 384:LSDVA8LD5D9u/yY/sXBiZE2hvWVxuxrsypq5AvFP /hyhJTcZ9EtUhK+6RfZ8c06O:gRk/6RiS2oMwygMHZK OhK9q1qSXFOy File Content Preview: .ELF...... 4..bl.....4. ...(...... _`.._`...... `...`...`...... dt.Q...... !..|...... $H.. .H.X)...$8!. |...N.. .!..|...... ?...... bt..../...@..\?.....`..+../...A ..$8...})....`.N..

Static ELF Info

ELF header Class: ELF32 Data: 2's complement, big endian Version: 1 (current) Machine: PowerPC Version Number: 0x1 Type: EXEC (Executable file) OS/ABI: UNIX - System V ABI Version: 0 Entry Point Address: 0x100001f0 Flags: 0x0 ELF Header Size: 52 Program Header Offset: 52 Program Header Size: 32 Number of Program Headers: 3 Section Header Offset: 25196 Section Header Size: 40 Number of Section Headers: 12 Header String Table Index: 11

Sections

Flags Name Type Address Offset Size EntSize Flags Description Link Info Align NULL 0x0 0x0 0x0 0x0 0x0 0 0 0 .init PROGBITS 0x10000094 0x94 0x24 0x0 0x6 AX 0 0 4 .text PROGBITS 0x100000b8 0xb8 0x5880 0x0 0x6 AX 0 0 4 .fini PROGBITS 0x10005938 0x5938 0x20 0x0 0x6 AX 0 0 4 .rodata PROGBITS 0x10005958 0x5958 0x608 0x0 0x2 A 0 0 4 .ctors PROGBITS 0x10016000 0x6000 0x8 0x0 0x3 WA 0 0 4 .dtors PROGBITS 0x10016008 0x6008 0x8 0x0 0x3 WA 0 0 4 .data PROGBITS 0x10016018 0x6018 0x1f8 0x0 0x3 WA 0 0 8 .sdata PROGBITS 0x10016210 0x6210 0x10 0x0 0x3 WA 0 0 4 .sbss NOBITS 0x10016220 0x6220 0x54 0x0 0x3 WA 0 0 4 .bss NOBITS 0x10016274 0x6220 0x84 0x0 0x3 WA 0 0 4 .shstrtab STRTAB 0x0 0x6220 0x4b 0x0 0x0 0 0 1

Program Segments

Copyright Joe Security LLC 2021 Page 10 of 12 Physical Memory Flags Type Offset Virtual Address Address File Size Size Entropy Flags Description Align Prog Interpreter Section Mappings LOAD 0x0 0x10000000 0x10000000 0x5f60 0x5f60 4.1055 0x5 R E 0x10000 .init .text .fini .rodata LOAD 0x6000 0x10016000 0x10016000 0x220 0x2f8 1.7680 0x6 RW 0x10000 .ctors .dtors .data .sdata .sbss .bss GNU_STACK 0x0 0x0 0x0 0x0 0x0 0.0000 0x6 RW 0x4

Network Behavior

Network Port Distribution

Total Packets: 99 • 2323 undefined • 23 (Telnet)

TCP Packets

System Behavior

Analysis Process: 8v1QKqvK9c PID: 4596 Parent PID: 4518

General

Start time: 16:59:59 Start date: 25/07/2021 Path: /tmp/8v1QKqvK9c Arguments: /usr/bin/qemu-ppc /tmp/8v1QKqvK9c File size: 25676 bytes MD5 hash: ce09b4798df15ac3dee04303a71a5f6f

File Activities

File Read

Analysis Process: 8v1QKqvK9c PID: 4603 Parent PID: 4596

General

Start time: 16:59:59 Start date: 25/07/2021 Path: /tmp/8v1QKqvK9c Arguments: n/a

Copyright Joe Security LLC 2021 Page 11 of 12 File size: 25676 bytes MD5 hash: ce09b4798df15ac3dee04303a71a5f6f

Analysis Process: 8v1QKqvK9c PID: 4607 Parent PID: 4603

General

Start time: 16:59:59 Start date: 25/07/2021 Path: /tmp/8v1QKqvK9c Arguments: n/a File size: 25676 bytes MD5 hash: ce09b4798df15ac3dee04303a71a5f6f

Copyright Joe Security LLC 2021

Copyright Joe Security LLC 2021 Page 12 of 12