DigitalSide Threat Intel

ntpd

First submission 2023-09-13 16:13:03

File details

File type: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Mime type: application/x-executable
File size: 425.2 KB (435401 bytes)
MD5: ee7642ff4efb018ee5fb85b64c7ae54f
SHA1: cea62e2b81d1f203a7bfcc6fd4fe219b4139f291
SHA256: dbb4dab585c33e838f7a720351cbcab9d93a89bfdf4d9db2eb0e0231a26d3d11
Virus Total: 35/61 VT report date: 2023-09-13 13:17:18

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://5.180.183.1/ntpd VirusTotal Report 5.180.183.1 VirusTotal Report 2023-09-13 16:13:03

Strings analysis - Possible IPs found 196

2.0.172.39
1.9.2.8
1.8.0.13
1.9.2.3
1.9.2.6
1.9.2.4
4.0.223.4
1.0.154.43
1.0.154.42
1.9.2.16
3.0.4.2
4.0.223.5
1.8.0.14
1.3.8.1
1.8.0.15
1.5.0.8
2.0.172.6
1.9.1.18
0.2.153.1
1.9.1.19
4.0.249.30
2.0.177.1
3.0.196.2
3.0.195.3
3.0.195.1
3.0.195.6
4.0.201.1
3.0.195.4
8.8.8.8
1.9.0.9
1.9.0.8
1.9.0.1
1.9.0.3
1.9.0.2
1.9.0.5
1.9.0.4
1.9.0.7
1.9.0.6
2.0.156.1
4.0.249.25
1.0.154.46
1.8.1.11
1.8.1.10
1.8.1.13
1.8.1.12
1.8.1.15
1.8.1.14
1.8.1.17
1.0.154.48
1.8.1.19
1.8.1.18
3.0.198.1
1.8.1.5
2.0.0.12
1.8.1.7
1.8.1.6
1.8.1.1
2.6.24.2
1.8.1.3
1.8.1.2
2.0.0.19
2.0.0.18
1.8.1.9
1.8.1.8
38.0.0.6
2.0.0.5
4.0.220.1
2.0.0.4
2.0.0.9
2.0.0.8
2.0.0.7
2.0.0.6
3.0.195.20
3.0.195.21
2.0.0.3
3.0.195.27
2.0.0.1
2.0.0.2
4.0.222.1
4.0.222.3
4.0.222.2
4.0.222.5
4.0.222.4
4.0.222.7
4.0.222.6
4.0.222.8
0.3.154.6
2.0.0.24
2.0.0.21
19.77.34.5
4.0.224.2
0.3.154.9
4.0.222.12
1.9.1.8
1.9.1.9
1.9.1.5
1.9.1.6
1.9.1.1
1.9.1.3
1.9.0.15
1.9.0.14
1.8.0.10
1.9.0.16
1.9.0.11
1.9.0.10
1.9.0.13
1.9.0.12
3.0.195.33
1.9.0.19
1.9.0.18
2.0.157.2
1.8.1.21
2.6.17.13
4.0.211.2
4.0.211.7
4.0.211.4
1.8.0.8
1.8.0.9
4.0.221.7
4.0.213.1
1.8.0.1
1.8.0.3
1.8.0.4
1.8.0.5
1.8.0.7
4.0.206.1
4.0.221.8
4.0.221.6
1.0.154.39
4.0.221.3
1.9.1.16
1.5.0.4
1.5.0.7
1.9.1.15
1.5.0.3
1.9.1.11
3.0.197.11
2.0.172.2
1.9.2.14
1.9.2.13
4.0.223.1
4.0.223.2
4.0.223.3
5.0.2.6
5.0.2.4
5.0.2.5
4.1.1.11
4.0.202.2
3.0.195.24
0.2.149.27
0.2.149.29
1.8.4.1
4.0.219.3
5.180.183.1
3.0.195.10
3.0.195.17
4.0.219.6
4.0.219.5
4.0.219.4
1.8.1.16
1.9.2.24
1.9.2.28
1.9.2.29
1.6.3.1
2.6.34.1
0.2.149.30
2.0.172.40
2.0.172.42
2.0.172.43
0.4.154.18
2.0.0.13
2.0.0.15
1.8.1.4
2.0.172.23
2.0.0.11
1.0.154.53
1.0.154.50
2.0.0.10
1.0.154.55
2.0.0.17
1.0.154.59
1.8.1.24
2.0.0.16
1.5.0.5
0.2.149.6
3.0.191.3
4.0.212.1
2.0.173.1
4.0.203.2
1.5.1.1
0.4.154.31
2.0.0.14
1.9.1.14
4.0.203.4
2.0.172.8
3.0.193.2

Strings analysis - Possible URLs found 5

http://www.baidu.com/search/spider.html)
http://www.baidu.com/search/spider.htm)
http://fast.no/support/crawler.asp)
http://feedback.redkolibri.com/
http://www.billybobbot.com/crawler/)