Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 0360ce8cac6f38111f6374639f3591cf --

Hashes
MD5: 0360ce8cac6f38111f6374639f3591cf
SHA1: 5131b9688422c3b068483abbd69ff148320d1620
SHA256: 874a8f3175479e0d6e54e633b02f81e59dde5d3ae1e793f7506391caad98d8d3
SSDEEP: 1536:TbexjN7GKhzWCHxi5elCuqRA0rTvAiCI8OUUdHzDV6GLxa6hPvy241:TbexjJGKhzLx4NAKEipf1rvy241
Details
File Type: ELF
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/IP |
Strings
		9U+&6@
`}HSx@
`}HSx@
`}HSx@
`}HSx@
<T`X(}iJx|c
8|iJxTc
>ThF>/
xU@@.|cCx|
xU@@.|cCx|
xU@@.|cCx|
`}HSx@
`}HSx@
>}(Kx/
`}HSx@
H@}?Kx@
:|dHP8
}#Kx8!
}#Kx8!
}kH.}i
}kH.}i
}CX.}CSxN
(}+Zy@
(|iJy@
X(}(By@
}`H(|kZy@
}	Cx|g
(}IJy@
(}+Zy@
(}*Ry@
(}*Ry@
 |c"x|c
} HP9J
}b[x9)
}b[x|K
#x}8Kx|{
}#Kx}e[x8
+x}%KxD
QJD.QJ
}&KxTc
x}(Kx8c
x}'Kx}j[x8
`0}	,0|
`0}	,0|
}#Kx8!
}#Kx8!
}#Kx8!
4}#Kx8!
 }CSx}e[x
}CSx}e[x
}e[x}CSx
}iXP= 
`P}l[x}
})0P})Z
Cx}1Kx}PSxK
<}#Kx~F
t}=Kx|~
(}5Kx}k
}kH.}i
<|	:.p	
|	:.p	
 |	Z.p	
x}g[x8`
x8c? K
}#XP9)
|	X.})Z
}$@.9)
t})XP=`
}KSx;@
\})@P/
}eXP= 
}z[x9!
}#Kx|j
} 899+
}#Kx|j
|cFpT	
|c&pT	
}h[x9k
} HP9)
(}h[xH
} HP9)
} HP9)
x}<Kx/
}JCx9)
Sx})[x})
;xU)@.})
;x}QSx
})Zx9c
}H2x9k
}JZx9)
})PP9I
}@PPq`
 HTTP/1.1
Content-Length: 
Content-Length:
[util] Failed to call socket(), errno = %d
[main] Sending %D to CNC!
Loading RouterFucker v1
/dev/watchdog
/dev/misc/watchdog
2580e538f3723927f1ea2fdb8d57b99e9cc37ced1
023ea8c671c0abf77241886465200cf81b1a2bf5e
CNC: %S
[main] Command from CNC %D
64.36.240.17
sending
%D, %D
Intercepted a query! %D.%D.%D.%D %D questions
Query for %S TXID %X
Quantum Insert raw socket fail! %D
\[UPnPScan] Failed to initialize UDP socket, cannot scan
[scanner] UPnP scanner process initialized. Scanning started.
Received UPnP (200 OK) packet from %S
Server:
Server banner %S
Location:
Location %S
:52869/picsdesc.xml
Picsdesc.xml redirect
Port %D Path %S
<presentationURL>
</presentationURL>
Router IP: %S
No presentation URL found! %D bytes ret
M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
ST: ssdp:all
MAN: "ssdp:discover"
FATAL: Unable to bind(), socks5, result = %D
bind() success in socks5, going to listen, result = %D
FATAL: Unable to accept(), socks5, result = %D
Unable to pthread_create(), socks5, result = %D, will retry
Unable to read(), socks5 fork, greeting, result = %D
Wrong SOCKS version, socks5 fork, greeting, remote version = %D
Accepted from remote host, socks5
Unsupported SOCKS cmd, socks5 fork, connreq, remote cmd = %D
Couldn't look up hostname %S, socks5 fork, connreq
Looked up hostname %S, socks5 fork, connreq
Unsupported SOCKS addr type, socks5 fork, connreq, remote cmd = %D
Client closed connection
Target closed connection
Exiting
Cookie: 
User-Agent: 
HTTP Wiretap raw socket fail! %D
Host: 
/bin/sh
/dev/null
clntudp_create: out of memory
bad auth_len gid %d str %d auth %d
xdr_string: out of memory
xdr_bytes: out of memory
/etc/resolv.conf
/etc/config/resolv.conf
nameserver
domain
search
(null)
hlLjztqZ
npxXoudifFeEgGaACScs
 +0-#'I
Unknown error 
Success
Operation not permitted
No such file or directory
No such process
Interrupted system call
Input/output error
No such device or address
Argument list too long
Exec format error
Bad file descriptor
No child processes
Resource temporarily unavailable
Cannot allocate memory
Permission denied
Bad address
Block device required
Device or resource busy
File exists
Invalid cross-device link
No such device
Not a directory
Is a directory
Invalid argument
Too many open files in system
Too many open files
Inappropriate ioctl for device
Text file busy
File too large
No space left on device
Illegal seek
Read-only file system
Too many links
Broken pipe
Numerical argument out of domain
Numerical result out of range
Resource deadlock avoided
File name too long
No locks available
Function not implemented
Directory not empty
Too many levels of symbolic links
No message of desired type
Identifier removed
Channel number out of range
Level 2 not synchronized
Level 3 halted
Level 3 reset
Link number out of range
Protocol driver not attached
No CSI structure available
Level 2 halted
Invalid exchange
Invalid request descriptor
Exchange full
No anode
Invalid request code
Invalid slot
Bad font file format
Device not a stream
No data available
Timer expired
Out of streams resources
Machine is not on the network
Package not installed
Object is remote
Link has been severed
Advertise error
Srmount error
Communication error on send
Protocol error
Multihop attempted
RFS specific error
Bad message
Value too large for defined data type
Name not unique on network
File descriptor in bad state
Remote address changed
Can not access a needed shared library
Accessing a corrupted shared library
.lib section in a.out corrupted
Attempting to link in too many shared libraries
Cannot exec a shared library directly
Invalid or incomplete multibyte or wide character
Interrupted system call should be restarted
Streams pipe error
Too many users
Socket operation on non-socket
Destination address required
Message too long
Protocol wrong type for socket
Protocol not available
Protocol not supported
Socket type not supported
Operation not supported
Protocol family not supported
Address family not supported by protocol
Address already in use
Cannot assign requested address
Network is down
Network is unreachable
Network dropped connection on reset
Software caused connection abort
Connection reset by peer
No buffer space available
Transport endpoint is already connected
Transport endpoint is not connected
Cannot send after transport endpoint shutdown
Too many references: cannot splice
Connection timed out
Connection refused
Host is down
No route to host
Operation already in progress
Operation now in progress
Stale NFS file handle
Structure needs cleaning
Not a XENIX named type file
No XENIX semaphores available
Is a named type file
Remote I/O error
Disk quota exceeded
No medium found
Wrong medium type
MP__get_myaddress: socket
__get_myaddress: ioctl (get interface configuration)
__get_myaddress: ioctl
Cannot register service
xdr_array: out of memory
0123456789abcdef
/etc/hosts
/etc/config/hosts
%s%s%m
 Nnk(A 
<RPC: (unknown error code)
; errno = %s
; low version = %lu, high version = %lu
; why = 
(unknown authentication error - %d)
; s1 = %lu, s2 = %lu
Authentication OK
Invalid client credential
Server rejected credential
Invalid client verifier
Server rejected verifier
Client credential too weak
Invalid server verifier
Failed (unspecified error)
RPC: Success
RPC: Can't encode arguments
RPC: Can't decode result
RPC: Unable to send
RPC: Unable to receive
RPC: Timed out
RPC: Incompatible versions of RPC
RPC: Authentication error
RPC: Program unavailable
RPC: Program/version mismatch
RPC: Procedure unavailable
RPC: Server can't decode arguments
RPC: Remote system error
RPC: Unknown host
RPC: Unknown protocol
RPC: Port mapper failure
RPC: Program not registered
RPC: Failed (unspecified error)
0.9.30
.shstrtab
.rodata
.ctors
.dtors
.sdata