DigitalSide Threat Intel

tftp

First submission 2023-09-13 16:14:02

File details

File type: ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
Mime type: application/x-executable
File size: 399.96 KB (409564 bytes)
MD5: 5bc98f891d966f3c59c7c92d64248d29
SHA1: 9cae387df7e40826a4903d9bbc041d1997364352
SHA256: 35aced083712a5c9eb9b27e8933a5dcefcfcf71d6cd7d3178a87a80694f04284
Virus Total: 38/61 VT report date: 2023-09-13 14:20:57

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://5.180.183.1/tftp VirusTotal Report 5.180.183.1 VirusTotal Report 2023-09-13 16:14:03

Strings analysis - Possible IPs found 196

2.0.172.39
1.9.2.8
1.8.0.13
1.9.2.3
1.9.2.6
1.9.2.4
4.0.223.4
1.0.154.43
1.0.154.42
1.9.2.16
3.0.4.2
4.0.223.5
1.8.0.14
1.3.8.1
1.8.0.15
1.5.0.8
2.0.172.6
1.9.1.18
0.2.153.1
1.9.1.19
4.0.249.30
2.0.177.1
3.0.196.2
3.0.195.3
3.0.195.1
3.0.195.6
4.0.201.1
3.0.195.4
8.8.8.8
1.9.0.9
1.9.0.8
1.9.0.1
1.9.0.3
1.9.0.2
1.9.0.5
1.9.0.4
1.9.0.7
1.9.0.6
2.0.156.1
4.0.249.25
1.0.154.46
1.8.1.11
1.8.1.10
1.8.1.13
1.8.1.12
1.8.1.15
1.8.1.14
1.8.1.17
1.0.154.48
1.8.1.19
1.8.1.18
3.0.198.1
1.8.1.5
2.0.0.12
1.8.1.7
1.8.1.6
1.8.1.1
2.6.24.2
1.8.1.3
1.8.1.2
2.0.0.19
2.0.0.18
1.8.1.9
1.8.1.8
38.0.0.6
2.0.0.5
4.0.220.1
2.0.0.4
2.0.0.9
2.0.0.8
2.0.0.7
2.0.0.6
3.0.195.20
3.0.195.21
2.0.0.3
2.0.0.2
2.0.0.1
3.0.195.27
4.0.222.1
4.0.222.3
4.0.222.2
4.0.222.5
4.0.222.4
4.0.222.7
4.0.222.6
4.0.222.8
0.3.154.6
2.0.0.24
2.0.0.21
19.77.34.5
4.0.224.2
0.3.154.9
4.0.222.12
1.9.1.8
1.9.1.9
1.9.1.5
1.9.1.6
1.9.1.1
1.9.1.3
1.9.0.15
1.9.0.14
1.8.0.10
1.9.0.16
1.9.0.11
1.9.0.10
1.9.0.13
1.9.0.12
3.0.195.33
1.9.0.19
1.9.0.18
2.0.157.2
1.8.1.21
2.6.17.13
4.0.211.2
4.0.211.7
4.0.211.4
1.8.0.8
1.8.0.9
4.0.221.7
4.0.213.1
1.8.0.1
1.8.0.3
1.8.0.4
1.8.0.5
1.8.0.7
4.0.206.1
4.0.221.8
4.0.221.6
1.0.154.39
4.0.221.3
1.9.1.16
1.5.0.4
1.5.0.7
1.9.1.15
1.5.0.3
1.9.1.11
3.0.197.11
2.0.172.2
1.9.2.14
1.9.2.13
4.0.223.1
4.0.223.2
4.0.223.3
5.0.2.6
5.0.2.4
5.0.2.5
4.1.1.11
4.0.202.2
3.0.195.24
0.2.149.27
0.2.149.29
1.8.4.1
4.0.219.3
5.180.183.1
3.0.195.10
3.0.195.17
4.0.219.6
4.0.219.5
4.0.219.4
1.8.1.16
1.9.2.24
1.9.2.28
1.9.2.29
1.6.3.1
2.6.34.1
0.2.149.30
2.0.172.40
2.0.172.42
2.0.172.43
0.4.154.18
2.0.0.13
2.0.0.15
1.8.1.4
2.0.172.23
2.0.0.11
1.0.154.53
1.0.154.50
2.0.0.10
1.0.154.55
2.0.0.17
1.0.154.59
1.8.1.24
2.0.0.16
1.5.0.5
0.2.149.6
3.0.191.3
4.0.212.1
2.0.173.1
4.0.203.2
1.5.1.1
0.4.154.31
2.0.0.14
1.9.1.14
4.0.203.4
2.0.172.8
3.0.193.2

Strings analysis - Possible URLs found 5

http://www.baidu.com/search/spider.html)
http://www.baidu.com/search/spider.htm)
http://www.billybobbot.com/crawler/)
http://fast.no/support/crawler.asp)
http://feedback.redkolibri.com/