Report - 42.230.184.113:60964/bin.sh

Report Overview

Visitedpublic

2024-11-15 02:43:21

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
42.230.184.113	unknown	unknown	No data	No data	397 B	136 kB	42.230.184.113
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-11-13	512 B	1.2 kB	35.244.181.201

Scan Date	Severity	Indicator	Alert
2024-11-15	medium	42.230.184.113:60964/bin.sh	Detects a suspicious ELF binary with UPX compression
2024-11-15	medium	42.230.184.113:60964/bin.sh	Linux.Packer.Patched_UPX

No alerts detected

No alerts detected

No alerts detected

Scan Date	Severity	Indicator	Alert
2024-11-15	medium	42.230.184.113	Sinkholed

No alerts detected

URL

42.230.184.113:60964/bin.sh

IP / ASN

42.230.184.113

#4837 CHINA UNICOM China169 Backbone

File Overview

File TypeELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)

Size136 kB (135784 bytes)

MD559ce0baba11893f90527fc951ac69912

SHA15857a7dd621c4c3ebb0b5a3bec915d409f70d39f

SHA2564293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects a suspicious ELF binary with UPX compression
Elastic Security YARA Rules	malware	Linux.Packer.Patched_UPX
VirusTotal	malicious	VirusTotal - Scan result 47/64

	URL	IP	Response	Size