sha256:40eceb322f1b0a1832fe4bc1426df7de9e753d0903babbb4f8061e29838fd008

类型: loader?

平台: linux x86 elf

主函数:

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b6cac438-7025-48da-8c5d-a1288db4fd46/Untitled.png

连接c2,地址是5.2.73.120

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/201f9cdd-5490-45fe-9f56-7196c2770d7e/Untitled.png

发送一个标记

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/12f51090-2806-4d43-95ba-cbdf9dd247a0/Untitled.png

循环从c2接收指令,然后parse_cmds解析指令

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/954c3077-835b-4c4f-a958-a45800776b9b/Untitled.png

就三个指令

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/40cb443e-901b-4308-9d9d-ee12dbf2695f/Untitled.png

结论:可能识别错了?