Sample details: 50f0c8de94f732ef3d50b659c9ec311d --

Hashes
MD5: 50f0c8de94f732ef3d50b659c9ec311d
SHA1: ebf8716b3a16f9f4cbd1543d1caaef6e1e34e266
SHA256: e9d4c803389b235d3657459be7b7b39f6bc34e967ae11697519df46ba08b915b
SSDEEP: 768:zipbi/131WUsTETbl1T9Q9n5pY5eEgGsllk5MDZH0a26lBHW2tdFsDMUQSDAYTtJ:zT93Egl1wYAzk5a+8NbK1DVRug
Details
File Type: ELF
Yara Hits
Source
http://104.168.174.246/bins/mana.ppc
Strings
		xTc808c
}i[x|k
 }$KxB
 }$KxB
}KSx}>
"\8!"`N
"\8!"`N
g)8`#1K
(T`X(}iJx|c
$|iJxTc
Jx|	JxT
U) 6})
U) 6})
U @.U)(4})
 }ISxB
>TkF>/
KxTi@.|
}#Kx9)
$}+Kx9k
>}(Kx/
}#Kx}e[x8
+x}%KxD
QJD.QJ
}#Kx8!
}#XP9)
 }CSx}e[x
}CSx}e[x
}e[x}CSx
<|	R.p	
}iXP= 
<|	:.p	
|	:.p	
 POST /cdn-cgi/
 HTTP/1.1
User-Agent: 
Host: 
Cookie: 
/proc/net/tcp
104.168.174.246
,9<0=$7
,7gaee
?8"efg
efg`ab
<=gael
75 edfm
5::=1fdef
5::=1fdeg
5::=1fde`
5::=1fdea
5::=1fdeb
?;d"=.,"
?;d509=:
758"=:
2=018efg
0125!8 
'!$$;& 
1$=7&;! 1&
9; ;&;85
93gadd
91&8=:
FGNGVGF
CLKOG"
QVCVWQ"
FTPjGNRGP"
lKeeGp
qMPCnmcfgp"
lKeeGpF
kW{EWHGkSL"
PMWVG"
ARWKLDM"
`memokrq"
NMACN"
UCVAJFME"
UCVAJFME"
}UCVAJFME"
LGVQNKLI
rpktoqe"
egvnmacnkr"
iknncvvi"
eJMQVuWXjGPG
QJGNN"
GLC@NG"
Q[QVGO"
@WQ[@MZ
CRRNGV
DMWLF"
LAMPPGAV"
@WQ[@MZ
@WQ[@MZ
vqMWPAG
gLEKLG
sWGP["
PGQMNT
LCOGQGPTGP
aMLLGAVKML
CNKTG"
cAAGRV
CRRNKACVKML
ZJVON	ZON
CRRNKACVKML
cAAGRV
nCLEWCEG
aMLVGLV
CRRNKACVKML
WPNGLAMFGF"
QGVaMMIKG
PGDPGQJ
NMACVKML
AMMIKG
AMLVGLV
NGLEVJ
VPCLQDGP
GLAMFKLE
AJWLIGF"
AMLLGAVKML
QGPTGP
FMQCPPGQV"
QGPTGP
ANMWFDNCPG
LEKLZ"
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
qCDCPK
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
qCDCPK
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
qCDCPK
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
qCDCPK
oMXKNNC
oCAKLVMQJ
cRRNGuG@iKV
tGPQKML
qCDCPK
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
kLDMrCVJ
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
oqkgaPCUNGP
aGLVGP
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
kLDMrCVJ
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
dWLuG@rPMFWAVQ
oMXKNNC
oCAKLVMQJ
dKPGDMZ
oMXKNNC
oCAKLVMQJ
dKPGDMZ
oMXKNNC
oCAKLVMQJ
dKPGDMZ
oMXKNNC
oCAKLVMQJ
dKPGDMZ
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
CQQUMPF"
GLVGP"
FICMUHDKPJKCF
GFHICK"
/dev/null
.shstrtab
.rodata
.ctors
.dtors
.sdata