sign in sign up
<<
Home , LibreOffice

ID: 465335 Sample Name: 0LFrkc2HnH.bin Cookbook: defaultlinuxfilecookbook.jbs Time: 15:59:15 Date: 14/08/2021 Version: 33.0.0 White Diamond Table of Contents

Table of Contents 2 Analysis Report 0LFrkc2HnH.bin 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Analysis Advice 3 General Information 3 Process Tree 3 Yara Overview 3 Initial Sample 4 Memory Dumps 4 Jbx Signature Overview 4 AV Detection: 4 Networking: 4 Spam, unwanted Advertisements and Ransom Demands: 4 Mitre Att&ck Matrix 4 Malware Configuration 5 Behavior Graph 5 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Domains 5 URLs 5 Domains and IPs 6 Contacted Domains 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 Runtime Messages 6 Joe Sandbox View / Context 6 IPs 6 Domains 6 ASN 6 JA3 Fingerprints 6 Dropped Files 6 Created / dropped Files 7 Static File Info 7 General 7 Static ELF Info 7 ELF header 7 Sections 7 Program Segments 8 Dynamic Tags 8 Symbols 9 Network Behavior 10 TCP Packets 10 System Behavior 10 Analysis Process: 0LFrkc2HnH.bin PID: 4574 Parent PID: 4497 10 General 10 File Activities 11 File Read 11

Copyright Joe Security LLC 2021 Page 2 of 11 Linux Analysis Report 0LFrkc2HnH.bin

Overview

General Information Detection Signatures Classification

Sample 0LFrkc2HnH.bin Name: Muullltttiii AAVV SSccaannnneerrr ddeettteecctttiiioonn fffoorrr ssuubbm…

Analysis ID: 465335 YMYaaurrrlatai dAdeeVttte eScccttteaednd n HHeeerl llldllooeKKtieiitttttctyyt i RoRnaa nfnossroo smuwwbamarrree MD5: 9506d2c662e857… FYFoaouruann dd eTTtoeorrcr otoenndiiio oHnne aalldoddKdrrrietetsyss sRansomware FFoouunndd TToorr oonniioonn aaddddrreessss Ransomware

SHA1: 863d17ddb302f94… Miner Spreading SFSaoamunppdllle eT hohara sso nsstittorrriiinpp ppaeeddd rsseyysmsbboolll tttaabblllee

SHA256: mmaallliiiccciiioouusss b4f90cff1e3900a… malicious Sample has stripped symbol table Sample has stripped symbol table Evader Phishing

sssuusssppiiiccciiioouusss Tags: elf HelloKitty ransomware suspicious

cccllleeaann

clean Infos:

Exploiter Banker

Spyware Trojan / Bot

HelloKitty Adware

Score: 60 Range: 0 - 100 Whitelisted: false

Analysis Advice

Non-zero exit code suggests an error during the execution. Lookup the error code for hints.

General Information

Joe Sandbox Version: 33.0.0 White Diamond Analysis ID: 465335 Start date: 14.08.2021 Start time: 15:59:15 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 5m 17s Hypervisor based Inspection enabled: false Report type: light Sample file name: 0LFrkc2HnH.bin Cookbook file name: defaultlinuxfilecookbook.jbs Analysis system description: Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171) Analysis Mode: default Detection: MAL Classification: mal60.rans.evad.linBIN@0/0@0/0

Process Tree

system is lnxubuntu1 0LFrkc2HnH.bin (PID: 4574, Parent: 4497, MD5: 9506d2c662e85730d459ee605c316b7e) Arguments: /tmp/0LFrkc2HnH.bin cleanup

Yara Overview

Copyright Joe Security LLC 2021 Page 3 of 11 Initial Sample

Source Rule Description Author Strings 0LFrkc2HnH.bin JoeSecurity_HelloKitty_1 Yara detected Joe Security HelloKitty Ransomware

Memory Dumps

Source Rule Description Author Strings 4574.1.0000000000400000.0000000000413000.r-x.sdmp JoeSecurity_HelloKitty_1 Yara detected Joe Security HelloKitty Ransomware Process Memory Space: 0LFrkc2HnH.bin PID: 4574 JoeSecurity_HelloKitty_1 Yara detected Joe Security HelloKitty Ransomware

Jbx Signature Overview

• AV Detection • Networking • Spam, unwanted Advertisements and Ransom Demands • System Summary

Click to jump to signature section

AV Detection:

Multi AV Scanner detection for submitted file

Networking:

Found Tor onion address

Spam, unwanted Advertisements and Ransom Demands:

Yara detected HelloKitty Ransomware

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Path Direct OS System Remote Data from Exfiltration Proxy 1 Eavesdrop on Remotely Modify Accounts Management Interception Interception Volume Credential Service Services Local Over Other Insecure Track Device System Instrumentation Access Dumping Discovery System Network Network Without Partition Medium Communication Authorization

Copyright Joe Security LLC 2021 Page 4 of 11 Malware Configuration

No configs have been found

Behavior Graph

Hide Legend Legend: Process Signature Created File Behavior Graph DNS/IP Info ID: 465335 Is Dropped Sample: 0LFrkc2HnH.bin Number of created Files Startdate: 14/08/2021 Is malicious Architecture: LINUX Score: 60

199.66.147.225, 23, 46118 68.171.127.202, 23, 59266, 59268 YK-COMMUNICATIONSUS GRM-NETWORKUS United States United States

started

Multi AV Scanner detection Yara detected HelloKitty Found Tor onion address for submitted file Ransomware

0LFrkc2HnH.bin

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link 0LFrkc2HnH.bin 39% Virustotal Browse 0LFrkc2HnH.bin 20% Metadefender Browse 0LFrkc2HnH.bin 71% ReversingLabs Linux.Ransomware.HelloKi tty

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Copyright Joe Security LLC 2021 Page 5 of 11 Source Detection Scanner Label Link 0% Avira URL Cloud safe hmys7nsmx4a5vag4mdlejti4rdb44brarqfm5v4vn3tbqfsu3mobnjqd.onion/54ebf5b9f3b228a204E4590254B 60B hmys7nsmx4a5vag4mdlejti4rdb44brarqfm5v4vn3tbqfsu3mobnjqd.onion/54ebf5b9f3b228a2 0% Virustotal Browse hmys7nsmx4a5vag4mdlejti4rdb44brarqfm5v4vn3tbqfsu3mobnjqd.onion/54ebf5b9f3b228a2 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 68.171.127.202 unknown United States 395582 GRM-NETWORKUS false 199.66.147.225 unknown United States 13943 YK-COMMUNICATIONSUS false

Runtime Messages

Command: /tmp/0LFrkc2HnH.bin Exit Code: 1 Exit Code Info: Killed: False Standard Output: Usage:/tmp/0LFrkc2HnH.bin [-m (5-10-20-25-33-50) -v -d] Start Path Standard Error:

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

Match Associated Sample Name / URL SHA 256 Detection Link Context GRM-NETWORKUS boI88C399w.exe Get hash malicious Browse 216.139.12 3.119 boI88C399w.exe Get hash malicious Browse 216.139.12 3.119 2ojdmC51As.exe Get hash malicious Browse 216.139.12 3.119

JA3 Fingerprints

No context

Dropped Files

Copyright Joe Security LLC 2021 Page 6 of 11 No context

Created / dropped Files

No created / dropped files found

Static File Info

General File type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, /lib64/ld-linux-x86-64.so .2, for GNU/Linux 2.6.24, BuildID[sha1]=a23eddb668 01e324c2ff6da7a7ea4357068ad635, stripped Entropy (8bit): 6.1833808844745 TrID: ELF Executable and Linkable format (Linux) (4029/14) 49.77% ELF Executable and Linkable format (generic) (4004/1) 49.46% Lumena CEL bitmap (63/63) 0.78% File name: 0LFrkc2HnH.bin File size: 86480 MD5: 9506d2c662e85730d459ee605c316b7e SHA1: 863d17ddb302f943a52b087f7c0f9fbf656516f4 SHA256: b4f90cff1e3900a3906c3b74f307498760462d719c31d00 8fc01937f5400fb85 SHA512: 8568385ae880c20d608203f71d865b88748af03008be5da 564b7735a49f922945a137d64b9a1628ef96ea027387e3c de79a3619bcc0e143fd729cac732d3f93b SSDEEP: 1536:6wWwpVfQcYzCpJe1vx+r5V43nFm/bBS77R:6wzl G1vx4a1m/UPR File Content Preview: .ELF...... >...... )@.....@...... PJ...... @.8...@...... @...... @.@.....@[email protected]...... h...... @...... @...... @...... @...... =...... =a....

Static ELF Info

ELF header Class: ELF64 Data: 2's complement, little endian Version: 1 (current) Machine: Advanced Micro Devices X86-64 Version Number: 0x1 Type: EXEC (Executable file) OS/ABI: UNIX - System V ABI Version: 0 Entry Point Address: 0x402903 Flags: 0x0 ELF Header Size: 64 Program Header Offset: 64 Program Header Size: 56 Number of Program Headers: 11 Section Header Offset: 84560 Section Header Size: 64 Number of Section Headers: 30 Header String Table Index: 29

Sections

Flags Name Type Address Offset Size EntSize Flags Description Link Info Align NULL 0x0 0x0 0x0 0x0 0x0 0 0 0 .interp PROGBITS 0x4002a8 0x2a8 0x1c 0x0 0x2 A 0 0 1 .note.ABI-tag NOTE 0x4002c4 0x2c4 0x20 0x0 0x2 A 0 0 4

Copyright Joe Security LLC 2021 Page 7 of 11 Flags Name Type Address Offset Size EntSize Flags Description Link Info Align .note.gnu.property NOTE 0x4002e8 0x2e8 0x80 0x0 0x2 A 0 0 8 .note.gnu.build-id NOTE 0x400368 0x368 0x24 0x0 0x2 A 0 0 4 .gnu.hash GNU_HASH 0x400390 0x390 0x34 0x0 0x2 A 6 0 8 .dynsym DYNSYM 0x4003c8 0x3c8 0x7e0 0x18 0x2 A 7 1 8 .dynstr STRTAB 0x400ba8 0xba8 0x3de 0x0 0x2 A 0 0 1 .gnu.version VERSYM 0x400f86 0xf86 0xa8 0x2 0x2 A 6 0 2 .gnu.version_r VERNEED 0x401030 0x1030 0xe0 0x0 0x2 A 7 5 8 .rela.dyn RELA 0x401110 0x1110 0x60 0x18 0x2 A 6 0 8 .rela.plt RELA 0x401170 0x1170 0x738 0x18 0x2 A 6 13 8 .init PROGBITS 0x4018a8 0x18a8 0x1f 0x0 0x6 AX 0 0 4 .plt PROGBITS 0x4018d0 0x18d0 0x4e0 0x10 0x6 AX 0 0 16 .text PROGBITS 0x401dc0 0x1dc0 0xed2f 0x0 0x6 AX 0 0 64 .fini PROGBITS 0x410af0 0x10af0 0x9 0x0 0x6 AX 0 0 4 .rodata PROGBITS 0x410b00 0x10b00 0xe63 0x0 0x2 A 0 0 16 .eh_frame_hdr PROGBITS 0x411964 0x11964 0x394 0x0 0x2 A 0 0 4 .eh_frame PROGBITS 0x411cf8 0x11cf8 0x118c 0x0 0x2 A 0 0 8 .gcc_except_table PROGBITS 0x412e84 0x12e84 0x34 0x0 0x2 A 0 0 4 .init_array INIT_ARRAY 0x613dc8 0x13dc8 0x10 0x0 0x3 WA 0 0 8 .fini_array FINI_ARRAY 0x613dd8 0x13dd8 0x8 0x0 0x3 WA 0 0 8 .jcr PROGBITS 0x613de0 0x13de0 0x8 0x0 0x3 WA 0 0 8 .dynamic DYNAMIC 0x613de8 0x13de8 0x210 0x10 0x3 WA 7 0 8 .got PROGBITS 0x613ff8 0x13ff8 0x8 0x8 0x3 WA 0 0 8 .got.plt PROGBITS 0x614000 0x14000 0x280 0x8 0x3 WA 0 0 8 .data PROGBITS 0x614280 0x14280 0x688 0x0 0x3 WA 0 0 16 .bss NOBITS 0x614920 0x14908 0x1e0 0x0 0x3 WA 0 0 32 .comment PROGBITS 0x0 0x14908 0x2b 0x1 0x30 MS 0 0 1 .shstrtab STRTAB 0x0 0x14933 0x11d 0x0 0x0 0 0 1

Program Segments

Virtual Physical Memory Flags Prog Type Offset Address Address File Size Size Entropy Flags Description Align Interpreter Section Mappings PHDR 0x40 0x400040 0x400040 0x268 0x268 1.6239 0x5 R E 0x8 INTERP 0x2a8 0x4002a8 0x4002a8 0x1c 0x1c 3.9408 0x4 R 0x1 /lib64/ld-linux- .interp x86-64.so.2 LOAD 0x0 0x400000 0x400000 0x12eb8 0x12eb8 4.0496 0x5 R E 0x200000 .interp .note.ABI-tag .note.gnu.property .note.gnu.build- id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame .gcc_except_table LOAD 0x13dc8 0x613dc8 0x613dc8 0xb40 0xd38 1.5364 0x6 RW 0x200000 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss DYNAMIC 0x13de8 0x613de8 0x613de8 0x210 0x210 1.2256 0x6 RW 0x8 .dynamic NOTE 0x2c4 0x4002c4 0x4002c4 0x20 0x20 1.7487 0x4 R 0x4 .note.ABI-tag NOTE 0x2e8 0x4002e8 0x4002e8 0x80 0x80 1.7154 0x4 R 0x8 .note.gnu.property NOTE 0x368 0x400368 0x400368 0x24 0x24 2.6675 0x4 R 0x4 .note.gnu.build-id GNU_EH_FRAME 0x11964 0x411964 0x411964 0x394 0x394 2.9619 0x4 R 0x4 .eh_frame_hdr GNU_STACK 0x0 0x0 0x0 0x0 0x0 0.0000 0x7 RWE 0x10 GNU_RELRO 0x13dc8 0x613dc8 0x613dc8 0x238 0x238 1.2401 0x4 R 0x1 .init_array .fini_array .jcr .dynamic .got

Dynamic Tags

Type Meta Value Tag DT_NEEDED sharedlib libpthread.so.0 0x1 DT_NEEDED sharedlib libdl.so.2 0x1 DT_NEEDED sharedlib libstdc++.so.6 0x1 DT_NEEDED sharedlib libgcc_s.so.1 0x1 DT_NEEDED sharedlib libc.so.6 0x1 DT_INIT value 0x4018a8 0xc DT_FINI value 0x410af0 0xd DT_INIT_ARRAY value 0x613dc8 0x19 DT_INIT_ARRAYSZ bytes 16 0x1b DT_FINI_ARRAY value 0x613dd8 0x1a DT_FINI_ARRAYSZ bytes 8 0x1c

Copyright Joe Security LLC 2021 Page 8 of 11 Type Meta Value Tag DT_GNU_HASH value 0x400390 0x6ffffef5 DT_STRTAB value 0x400ba8 0x5 DT_SYMTAB value 0x4003c8 0x6 DT_STRSZ bytes 990 0xa DT_SYMENT bytes 24 0xb DT_DEBUG value 0x0 0x15 DT_PLTGOT value 0x614000 0x3 DT_PLTRELSZ bytes 1848 0x2 DT_PLTREL pltrel DT_RELA 0x14 DT_JMPREL value 0x401170 0x17 DT_RELA value 0x401110 0x7 DT_RELASZ bytes 96 0x8 DT_RELAENT bytes 24 0x9 DT_VERNEED value 0x401030 0x6ffffffe DT_VERNEEDNUM value 5 0x6fffffff DT_VERSYM value 0x400f86 0x6ffffff0 DT_NULL value 0x0 0x0

Symbols

Version Info Version Info File Symbol Name Name Name Section Name Value Size Symbol Type Symbol Bind Visibility Ndx .dynsym 0x0 0 NOTYPE DEFAULT SHN_UNDEF _ITM_deregisterTMCloneTable .dynsym 0x0 0 NOTYPE DEFAULT SHN_UNDEF _ITM_registerTMCloneTable .dynsym 0x0 0 NOTYPE DEFAULT SHN_UNDEF _Jv_RegisterClasses .dynsym 0x0 0 NOTYPE DEFAULT SHN_UNDEF _Unwind_Resume GCC_3.0 libgcc_s.so.1 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF _ZdlPv GLIBCXX_3.4 libstdc++.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF _Znwm GLIBCXX_3.4 libstdc++.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __cxa_atexit GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __cxa_begin_catch CXXABI_1.3 libstdc++.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __cxa_end_catch CXXABI_1.3 libstdc++.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __errno_location GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __fprintf_chk GLIBC_2.3.4 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __fxstat64 GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __gmon_start__ .dynsym 0x0 0 NOTYPE DEFAULT SHN_UNDEF __gxx_personality_v0 CXXABI_1.3 libstdc++.so.6 .dynsym 0x401cd0 0 FUNC DEFAULT SHN_UNDEF __libc_start_main GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __printf_chk GLIBC_2.3.4 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __snprintf_chk GLIBC_2.3.4 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __sprintf_chk GLIBC_2.3.4 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __stack_chk_fail GLIBC_2.4 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __strcat_chk GLIBC_2.3.4 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __strncat_chk GLIBC_2.3.4 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF __xstat64 GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF atoi GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF clock GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF close GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF closedir GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF daemon GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF dlclose GLIBC_2.2.5 libdl.so.2 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF dlopen GLIBC_2.2.5 libdl.so.2 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF dlsym GLIBC_2.2.5 libdl.so.2 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF exit GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF fclose GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF fcntl GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF feof GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF fflush GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF fgets GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF fopen64 GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF fputs GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF free GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF fseek GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF fwrite GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF getopt GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF Copyright Joe Security LLC 2021 Page 9 of 11 Version Info Version Info File Symbol Name Name Name Section Name Value Size Symbol Type Symbol Bind Visibility Ndx localtime GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF lseek64 GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF malloc GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF memcmp GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF memmove GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF opendir GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF optarg GLIBC_2.2.5 libc.so.6 .dynsym 0x614940 8 OBJECT DEFAULT 27 optind GLIBC_2.2.5 libc.so.6 .dynsym 0x614920 4 OBJECT DEFAULT 27 pclose GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF popen GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_attr_destroy GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_attr_init GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_cond_init GLIBC_2.3.2 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_cond_signal GLIBC_2.3.2 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_cond_wait GLIBC_2.3.2 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_create GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_join GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_mutex_init GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_mutex_lock GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF pthread_mutex_unlock GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF puts GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF read GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF readdir64 GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF rename GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF sem_init GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF sem_post GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF sem_timedwait GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF signal GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF statvfs64 GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF stderr GLIBC_2.2.5 libc.so.6 .dynsym 0x614948 8 OBJECT DEFAULT 27 strchr GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF strcmp GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF strcpy GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF strdup GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF strftime GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF strncpy GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF strstr GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF time GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF usleep GLIBC_2.2.5 libc.so.6 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF write GLIBC_2.2.5 libpthread.so.0 .dynsym 0x0 0 FUNC DEFAULT SHN_UNDEF

Network Behavior

TCP Packets

System Behavior

Analysis Process: 0LFrkc2HnH.bin PID: 4574 Parent PID: 4497

General

Start time: 15:59:49 Start date: 14/08/2021 Path: /tmp/0LFrkc2HnH.bin

Copyright Joe Security LLC 2021 Page 10 of 11 Arguments: /tmp/0LFrkc2HnH.bin File size: 86480 bytes MD5 hash: 9506d2c662e85730d459ee605c316b7e

File Activities

File Read

Copyright Joe Security LLC 2021

Copyright Joe Security LLC 2021 Page 11 of 11