Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
z8lHAECIcU.elf

Overview

General Information

Sample name:z8lHAECIcU.elf
renamed because original name is a hash value
Original sample name:b70c1e3b204c6b5b706f49347cb1f35a.elf
Analysis ID:1383029
MD5:b70c1e3b204c6b5b706f49347cb1f35a
SHA1:3a05449966842a616b2903d7e405528ec64b4e19
SHA256:7829c72ee62b574dbba327de3a60b4063b31851c858327b1eeb05a9740e30456
Tags:32elfmiraipowerpc
Infos:

Detection

Mirai
Score:96
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Mirai
Sample is packed with UPX
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox version:39.0.0 Ruby
Analysis ID:1383029
Start date and time:2024-01-30 00:05:11 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 44s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:z8lHAECIcU.elf
renamed because original name is a hash value
Original Sample Name:b70c1e3b204c6b5b706f49347cb1f35a.elf
Detection:MAL
Classification:mal96.troj.evad.linELF@0/0@2/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
  • VT rate limit hit for: z8lHAECIcU.elf

Runtime Messages

Command:/tmp/z8lHAECIcU.elf
PID:5487
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5627.1.00007f7f8800b000.00007f7f88010000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x41d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x41e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x41f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x420c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x425c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x434c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5627.1.00007f7f8800b000.00007f7f88010000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0x4728:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
    5602.1.00007f7f8800b000.00007f7f88010000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x41d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x41e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x41f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x420c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x425c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x434c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5602.1.00007f7f8800b000.00007f7f88010000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0x4728:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
    5487.1.00007f7f8800b000.00007f7f88010000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x41d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x41e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x41f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x420c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x425c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x42fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x434c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    Click to see the 22 entries

    Snort Signatures

    Timestamp:192.168.2.1489.213.31.12140526232829347 01/30/24-00:09:17.253981
    SID:2829347
    Source Port:40526
    Destination Port:23
    Protocol:TCP
    Classtype:Attempted Information Leak
    Timestamp:192.168.2.14178.163.132.14338860232829347 01/30/24-00:08:46.579114
    SID:2829347
    Source Port:38860
    Destination Port:23
    Protocol:TCP
    Classtype:Attempted Information Leak
    Timestamp:192.168.2.14121.120.101.140538232829347 01/30/24-00:09:06.090881
    SID:2829347
    Source Port:40538
    Destination Port:23
    Protocol:TCP
    Classtype:Attempted Information Leak
    Timestamp:192.168.2.13186.39.129.456244232829347 01/30/24-00:08:32.204233
    SID:2829347
    Source Port:56244
    Destination Port:23
    Protocol:TCP
    Classtype:Attempted Information Leak
    Timestamp:192.168.2.14187.168.4.7039762232023443 01/30/24-00:08:47.045048
    SID:2023443
    Source Port:39762
    Destination Port:23
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.14171.34.207.1247532232829347 01/30/24-00:09:06.318964
    SID:2829347
    Source Port:47532
    Destination Port:23
    Protocol:TCP
    Classtype:Attempted Information Leak
    Timestamp:192.168.2.13201.176.27.8736480232829347 01/30/24-00:07:53.255345
    SID:2829347
    Source Port:36480
    Destination Port:23
    Protocol:TCP
    Classtype:Attempted Information Leak
    Timestamp:192.168.2.1437.98.227.16349802232829347 01/30/24-00:08:57.073420
    SID:2829347
    Source Port:49802
    Destination Port:23
    Protocol:TCP
    Classtype:Attempted Information Leak

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: z8lHAECIcU.elfAvira: detected
    Multi AV Scanner detection for submitted file
    Source: z8lHAECIcU.elfReversingLabs: Detection: 55%

    Networking

    barindex
    Snort IDS alert for network traffic
    Source: TrafficSnort IDS: 2829347 ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723) 192.168.2.13:56244 -> 186.39.129.4:23
    Source: TrafficSnort IDS: 2829347 ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723) 192.168.2.13:36480 -> 201.176.27.87:23
    Source: TrafficSnort IDS: 2023443 ET TROJAN Possible Linux.Mirai Login Attempt (klv123) 192.168.2.14:39762 -> 187.168.4.70:23
    Source: TrafficSnort IDS: 2829347 ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723) 192.168.2.14:38860 -> 178.163.132.143:23
    Source: TrafficSnort IDS: 2829347 ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723) 192.168.2.14:49802 -> 37.98.227.163:23
    Source: TrafficSnort IDS: 2829347 ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723) 192.168.2.14:47532 -> 171.34.207.12:23
    Source: TrafficSnort IDS: 2829347 ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723) 192.168.2.14:40538 -> 121.120.101.1:23
    Source: TrafficSnort IDS: 2829347 ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723) 192.168.2.14:40526 -> 89.213.31.121:23
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37696
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37702
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37706
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37710
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37714
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37718
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37722
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37726
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37728
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37730
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60010
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60014
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60020
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60028
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60032
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60040
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60044
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60050
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60056
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60060
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38214
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38220
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38226
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38232
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38234
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39752
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38242
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39764
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38250
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38254
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39768
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38258
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39776
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38268
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39786
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39788
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39798
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38274
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39808
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39814
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39826
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38294
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38320
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38340
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38362
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38372
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38378
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38394
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38408
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38424
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50592
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50602
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50606
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50610
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50616
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50618
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50620
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50624
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50628
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50628
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50634
    Source: global trafficTCP traffic: 192.168.2.14:54784 -> 195.144.21.204:1312
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)Socket: 0.0.0.0::0
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)Socket: 0.0.0.0::0
    Source: global trafficTCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443
    Source: unknownTCP traffic detected without corresponding DNS query: 195.144.21.204
    Source: unknownTCP traffic detected without corresponding DNS query: 45.118.56.52
    Source: unknownTCP traffic detected without corresponding DNS query: 178.180.156.52
    Source: unknownTCP traffic detected without corresponding DNS query: 27.181.65.55
    Source: unknownTCP traffic detected without corresponding DNS query: 92.2.24.83
    Source: unknownTCP traffic detected without corresponding DNS query: 192.191.33.52
    Source: unknownTCP traffic detected without corresponding DNS query: 148.208.151.53
    Source: unknownTCP traffic detected without corresponding DNS query: 171.146.117.249
    Source: unknownTCP traffic detected without corresponding DNS query: 32.118.147.85
    Source: unknownTCP traffic detected without corresponding DNS query: 60.140.51.254
    Source: unknownTCP traffic detected without corresponding DNS query: 174.72.188.95
    Source: unknownTCP traffic detected without corresponding DNS query: 173.50.141.201
    Source: unknownTCP traffic detected without corresponding DNS query: 174.95.182.212
    Source: unknownTCP traffic detected without corresponding DNS query: 253.58.112.162
    Source: unknownTCP traffic detected without corresponding DNS query: 119.177.124.202
    Source: unknownTCP traffic detected without corresponding DNS query: 78.49.95.199
    Source: unknownTCP traffic detected without corresponding DNS query: 178.72.147.236
    Source: unknownTCP traffic detected without corresponding DNS query: 85.24.155.199
    Source: unknownTCP traffic detected without corresponding DNS query: 122.198.184.4
    Source: unknownTCP traffic detected without corresponding DNS query: 63.211.67.102
    Source: unknownTCP traffic detected without corresponding DNS query: 209.230.121.78
    Source: unknownTCP traffic detected without corresponding DNS query: 217.152.204.56
    Source: unknownTCP traffic detected without corresponding DNS query: 2.107.108.182
    Source: unknownTCP traffic detected without corresponding DNS query: 8.139.132.199
    Source: unknownTCP traffic detected without corresponding DNS query: 200.185.109.41
    Source: unknownTCP traffic detected without corresponding DNS query: 64.54.105.217
    Source: unknownTCP traffic detected without corresponding DNS query: 155.238.61.24
    Source: unknownTCP traffic detected without corresponding DNS query: 27.3.133.215
    Source: unknownTCP traffic detected without corresponding DNS query: 133.121.145.169
    Source: unknownTCP traffic detected without corresponding DNS query: 105.76.38.182
    Source: unknownTCP traffic detected without corresponding DNS query: 249.97.63.178
    Source: unknownTCP traffic detected without corresponding DNS query: 42.119.68.5
    Source: unknownTCP traffic detected without corresponding DNS query: 155.36.14.205
    Source: unknownTCP traffic detected without corresponding DNS query: 81.247.122.34
    Source: unknownTCP traffic detected without corresponding DNS query: 175.167.146.64
    Source: unknownTCP traffic detected without corresponding DNS query: 174.170.107.88
    Source: unknownTCP traffic detected without corresponding DNS query: 44.1.167.175
    Source: unknownTCP traffic detected without corresponding DNS query: 2.101.172.115
    Source: unknownTCP traffic detected without corresponding DNS query: 70.23.196.169
    Source: unknownTCP traffic detected without corresponding DNS query: 102.233.134.232
    Source: unknownTCP traffic detected without corresponding DNS query: 191.108.120.177
    Source: unknownTCP traffic detected without corresponding DNS query: 102.4.43.45
    Source: unknownTCP traffic detected without corresponding DNS query: 216.151.225.108
    Source: unknownTCP traffic detected without corresponding DNS query: 67.15.96.98
    Source: unknownTCP traffic detected without corresponding DNS query: 245.67.200.241
    Source: unknownTCP traffic detected without corresponding DNS query: 190.39.232.135
    Source: unknownTCP traffic detected without corresponding DNS query: 182.172.4.46
    Source: unknownTCP traffic detected without corresponding DNS query: 104.165.116.111
    Source: unknownTCP traffic detected without corresponding DNS query: 160.182.15.136
    Source: unknownTCP traffic detected without corresponding DNS query: 115.3.66.55
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
    Source: z8lHAECIcU.elfString found in binary or memory: http://upx.sf.net
    Source: unknownNetwork traffic detected: HTTP traffic on port 46540 -> 443

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 5627.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5627.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5602.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5602.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5487.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5487.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5489.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5489.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5497.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5497.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5611.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5611.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5606.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5606.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: 5491.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5491.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5487, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5487, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5497, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5602, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5602, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5611, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5611, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5627, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5627, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
    Source: LOAD without section mappingsProgram segment: 0x100000
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)SIGKILL sent: pid: 940, result: successful
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)SIGKILL sent: pid: 940, result: successful
    Source: 5627.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5627.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5602.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5602.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5487.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5487.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5489.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5489.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5497.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5497.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5611.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5611.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5606.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5606.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: 5491.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5491.1.00007f7f8800b000.00007f7f88010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5487, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5487, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5497, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5602, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5602, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5611, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5611, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5627, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: z8lHAECIcU.elf PID: 5627, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
    Source: classification engineClassification label: mal96.troj.evad.linELF@0/0@2/0

    Data Obfuscation

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/490/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/791/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/794/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/795/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/797/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/853/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/917/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/780/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/1/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/661/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/782/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/785/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/940/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/767/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/800/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/888/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/801/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/725/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/769/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/726/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/803/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/806/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/807/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5495)File opened: /proc/928/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/490/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/791/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/794/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/795/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/797/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/853/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/917/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/780/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/1/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/661/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/782/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/785/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/940/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/767/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/800/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/888/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/801/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/725/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/769/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/726/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/803/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/806/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/807/fd
    Source: /tmp/z8lHAECIcU.elf (PID: 5489)File opened: /proc/928/fd

    Hooking and other Techniques for Hiding and Protection

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37696
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37702
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37706
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37710
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37714
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37718
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37722
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37726
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37728
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37730
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60010
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60014
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60020
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60028
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60032
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60040
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60044
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60050
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60056
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60060
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38214
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38220
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38226
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38232
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38234
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39752
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38242
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39764
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38250
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38254
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39768
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38258
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39776
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38268
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39786
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39788
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39798
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38274
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39808
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39814
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39826
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38294
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38320
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38340
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38362
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38372
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38378
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38394
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38408
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38424
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50592
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50602
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50606
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50610
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50616
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50618
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50620
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50624
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50628
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50628
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50634
    Source: z8lHAECIcU.elfSubmission file: segment LOAD with 7.929 entropy (max. 8.0)
    Source: /tmp/z8lHAECIcU.elf (PID: 5487)Queries kernel information via 'uname':
    Source: z8lHAECIcU.elf, 5487.1.0000560216b78000.0000560216c28000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
    Source: z8lHAECIcU.elf, 5489.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5606.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5627.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5611.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5491.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5602.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5497.1.0000560216b78000.0000560216c28000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc1
    Source: z8lHAECIcU.elf, 5487.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5489.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5606.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5627.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5611.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5491.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5602.1.0000560216b78000.0000560216c28000.rw-.sdmp, z8lHAECIcU.elf, 5497.1.0000560216b78000.0000560216c28000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
    Source: z8lHAECIcU.elf, 5487.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5489.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5606.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5627.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5611.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5491.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5602.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5497.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc
    Source: z8lHAECIcU.elf, 5487.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5489.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5606.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5627.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5611.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5491.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5602.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmp, z8lHAECIcU.elf, 5497.1.00007ffcc513b000.00007ffcc515c000.rw-.sdmpBinary or memory string: ix86_64/usr/bin/qemu-ppc/tmp/z8lHAECIcU.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/z8lHAECIcU.elf

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Detected Mirai
    Source: TrafficSnort IDS: ET TROJAN Possible Linux.Mirai Login Attempt (klv123)
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
    Obfuscated Files or Information    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media11
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
    Application Layer Protocol    		Traffic DuplicationData Destruction

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1383029 Sample: z8lHAECIcU.elf Startdate: 30/01/2024 Architecture: LINUX Score: 96 42 172.96.116.60, 23 ZNETUS United States 2->42 44 154.210.135.128 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 2->44 46 99 other IPs or domains 2->46 48 Snort IDS alert for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Antivirus / Scanner detection for submitted sample 2->52 54 5 other signatures 2->54 10 z8lHAECIcU.elf 2->10         started        signatures3 process4 process5 12 z8lHAECIcU.elf 10->12         started        14 z8lHAECIcU.elf 10->14         started        16 z8lHAECIcU.elf 10->16         started        process6 18 z8lHAECIcU.elf 12->18         started        20 z8lHAECIcU.elf 12->20         started        22 z8lHAECIcU.elf 14->22         started        24 z8lHAECIcU.elf 14->24         started        26 z8lHAECIcU.elf 14->26         started        process7 28 z8lHAECIcU.elf 18->28         started        30 z8lHAECIcU.elf 18->30         started        32 z8lHAECIcU.elf 18->32         started        34 z8lHAECIcU.elf 22->34         started        36 z8lHAECIcU.elf 22->36         started        process8 38 z8lHAECIcU.elf 28->38         started        40 z8lHAECIcU.elf 28->40         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    z8lHAECIcU.elf55%ReversingLabsLinux.Trojan.Mirai
    z8lHAECIcU.elf100%AviraEXP/ELF.Agent.Gen.F

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		162.213.35.25
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netz8lHAECIcU.elffalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        143.20.10.217
        		unknownUnited States
        		264008LANCAMANTOANISERVICOSDEINFORMATICALTDA-MEBRfalse
        62.15.62.97
        		unknownSpain
        		12479UNI2-ASESfalse
        14.116.8.18
        		unknownChina
        		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        182.248.9.31
        		unknownJapan2516KDDIKDDICORPORATIONJPfalse
        139.176.199.183
        		unknownChina
        		8968BT-ITALIAITfalse
        252.93.238.106
        		unknownReserved
        		unknownunknownfalse
        5.5.54.254
        		unknownGermany
        		6805TDDE-ASN1DEfalse
        146.207.94.223
        		unknownUnited States
        		209CENTURYLINK-US-LEGACY-QWESTUSfalse
        48.41.224.232
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        12.128.179.252
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        134.245.99.183
        		unknownGermany
        		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
        158.30.183.12
        		unknownUnited States
        		1504DNIC-AS-01504USfalse
        207.24.250.138
        		unknownUnited States
        		701UUNETUSfalse
        159.192.195.151
        		unknownThailand
        		131090CAT-IDC-4BYTENET-AS-APCATTELECOMPublicCompanyLtdCATTfalse
        147.179.51.115
        		unknownUnited States
        		12257EMC-AS12257USfalse
        194.110.153.106
        		unknownRussian Federation
        		57364KMARUDA-ASRUfalse
        191.66.127.159
        		unknownColombia
        		26611COMCELSACOfalse
        114.3.173.36
        		unknownIndonesia
        		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
        154.210.135.128
        		unknownSeychelles
        		136800XIAOZHIYUN1-AS-APICIDCNETWORKUSfalse
        126.13.86.249
        		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
        48.105.48.124
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        126.119.158.153
        		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
        99.18.205.102
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        1.135.197.42
        		unknownAustralia
        		1221ASN-TELSTRATelstraCorporationLtdAUfalse
        113.54.159.212
        		unknownChina
        		24355CNGI-CD-IX-AS-APCERNET2IXatUniversityofElectronicSciefalse
        31.191.242.155
        		unknownItaly
        		24608WINDTRE-ASITfalse
        82.74.104.213
        		unknownNetherlands
        		33915TNF-ASNLfalse
        172.96.116.60
        		unknownUnited States
        		21859ZNETUSfalse
        158.99.140.158
        		unknownSpain
        		766REDIRISRedIRISAutonomousSystemESfalse
        192.73.27.27
        		unknownUnited States
        		1569DNIC-ASBLK-01550-01601USfalse
        101.68.105.103
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        253.3.96.45
        		unknownReserved
        		unknownunknownfalse
        54.104.203.186
        		unknownUnited States
        		16509AMAZON-02USfalse
        92.154.45.128
        		unknownFrance
        		3215FranceTelecom-OrangeFRfalse
        121.98.36.77
        		unknownNew Zealand
        		9790VOCUSGROUPNZVocusGroupNZfalse
        101.222.153.72
        		unknownIndia
        		58519CHINATELECOM-CTCLOUDCloudComputingCorporationCNfalse
        169.9.204.236
        		unknownUnited States
        		203CENTURYLINK-LEGACY-LVLT-203USfalse
        17.71.130.172
        		unknownUnited States
        		714APPLE-ENGINEERINGUSfalse
        243.251.148.233
        		unknownReserved
        		unknownunknownfalse
        179.59.217.116
        		unknownBolivia
        		28024NuevatelPCSdeBoliviaSABOfalse
        183.156.204.184
        		unknownChina
        		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        135.188.153.89
        		unknownUnited States
        		14962NCR-252USfalse
        23.198.151.244
        		unknownUnited States
        		16625AKAMAI-ASUSfalse
        205.190.14.132
        		unknownUnited States
        		1239SPRINTLINKUSfalse
        68.114.229.58
        		unknownUnited States
        		20115CHARTER-20115USfalse
        163.214.108.250
        		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
        74.34.248.50
        		unknownUnited States
        		7011FRONTIER-AND-CITIZENSUSfalse
        145.199.203.218
        		unknownNetherlands
        		1101IP-EEND-ASIP-EENDBVNLfalse
        150.69.156.165
        		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
        246.125.75.217
        		unknownReserved
        		unknownunknownfalse
        169.82.172.59
        		unknownUnited States
        		37611AfrihostZAfalse
        195.223.214.33
        		unknownItaly
        		3269ASN-IBSNAZITfalse
        70.13.65.109
        		unknownUnited States
        		10507SPCSUSfalse
        9.87.14.68
        		unknownUnited States
        		3356LEVEL3USfalse
        218.120.121.238
        		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
        63.86.208.103
        		unknownUnited States
        		701UUNETUSfalse
        9.3.186.54
        		unknownUnited States
        		3356LEVEL3USfalse
        153.92.252.240
        		unknownFrance
        		200484SENDINBLUE-ASNFRfalse
        182.235.249.50
        		unknownTaiwan; Republic of China (ROC)
        		9416MULTIMEDIA-AS-APHoshinMultimediaCenterIncTWfalse
        31.92.237.234
        		unknownUnited Kingdom
        		12576EELtdGBfalse
        187.146.129.146
        		unknownMexico
        		8151UninetSAdeCVMXfalse
        107.115.136.122
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        218.218.215.102
        		unknownJapan4725ODNSoftBankMobileCorpJPfalse
        106.143.252.179
        		unknownJapan2516KDDIKDDICORPORATIONJPfalse
        250.18.6.146
        		unknownReserved
        		unknownunknownfalse
        8.228.87.35
        		unknownUnited States
        		3356LEVEL3USfalse
        247.238.11.84
        		unknownReserved
        		unknownunknownfalse
        208.147.74.180
        		unknownUnited States
        		3561CENTURYLINK-LEGACY-SAVVISUSfalse
        243.167.131.128
        		unknownReserved
        		unknownunknownfalse
        14.212.146.48
        		unknownChina
        		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        19.193.194.127
        		unknownUnited States
        		3MIT-GATEWAYSUSfalse
        161.2.87.46
        		unknownUnited Kingdom
        		15914BritishAirwaysGBfalse
        68.225.43.93
        		unknownUnited States
        		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
        206.243.250.156
        		unknownUnited States
        		3356LEVEL3USfalse
        58.217.149.0
        		unknownChina
        		134769CHINANET-JIANGSU-CHANGZHOU-IDCChinaNetJiangsuChangzhouIDfalse
        99.35.249.6
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        100.191.250.217
        		unknownUnited States
        		21928T-MOBILE-AS21928USfalse
        169.81.123.251
        		unknownUnited States
        		37611AfrihostZAfalse
        124.87.226.93
        		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
        184.108.200.170
        		unknownUnited States
        		7922COMCAST-7922USfalse
        184.119.120.53
        		unknownUnited States
        		7922COMCAST-7922USfalse
        177.122.19.188
        		unknownBrazil
        		26615TIMSABRfalse
        123.246.197.174
        		unknownChina
        		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        57.255.57.243
        		unknownBelgium
        		2686ATGS-MMD-ASUSfalse
        60.3.74.81
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        9.170.63.8
        		unknownUnited States
        		3356LEVEL3USfalse
        65.32.152.106
        		unknownUnited States
        		33363BHN-33363USfalse
        178.130.18.68
        		unknownRussian Federation
        		41691SUMTEL-AS-RIPEMoscowRussiaRUfalse
        152.72.236.20
        		unknownUnited States
        		21558SC-JOHNSONUSfalse
        176.250.112.170
        		unknownUnited Kingdom
        		5607BSKYB-BROADBAND-ASGBfalse
        1.151.84.116
        		unknownAustralia
        		1221ASN-TELSTRATelstraCorporationLtdAUfalse
        34.38.58.159
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        121.61.138.101
        		unknownChina
        		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        218.52.94.110
        		unknownKorea Republic of
        		9318SKB-ASSKBroadbandCoLtdKRfalse
        54.24.234.54
        		unknownUnited States
        		14618AMAZON-AESUSfalse
        250.122.249.195
        		unknownReserved
        		unknownunknownfalse
        105.120.247.83
        		unknownNigeria
        		36873VNL1-ASNGfalse
        213.69.38.204
        		unknownGermany
        		702UUNETUSfalse
        209.181.93.110
        		unknownUnited States
        		209CENTURYLINK-US-LEGACY-QWESTUSfalse
        114.240.125.107
        		unknownChina
        		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), statically linked, no section header
        Entropy (8bit):7.925460713571166
        TrID:
        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
        File name:z8lHAECIcU.elf
        File size:26'232 bytes
        MD5:b70c1e3b204c6b5b706f49347cb1f35a
        SHA1:3a05449966842a616b2903d7e405528ec64b4e19
        SHA256:7829c72ee62b574dbba327de3a60b4063b31851c858327b1eeb05a9740e30456
        SHA512:f04ca1d58d59f76a87d044338dd568b1e7473d650006c42a20bb91781ee41a2c3cacb690700cbe04f209a6e374a8d2bcb4c9d592ba63c6c6936d177b04841f70
        SSDEEP:384:ZWez9/6Jgn9yMGEGHV4u/DT8HgPEt6seDYc/OPM4uVcqgw05VxJc0j:AG959yM0HWubJsWDYcGk4uVcqgw09S0j
        TLSH:E4C2E191E1B62E96FB766E505A75C2C177B00E9EB777CDD2254CAF0808A321B47057CC
        File Content Preview:.ELF......................S....4.........4. ...(......................e...e................L...L...L................dt.Q................................UPX!.......................T.......?.E.h4...@b..................i.&...Us..S?......{.u....b.. .O.dR...'.

        Static ELF Info

        ELF header

        Class:ELF32
        Data:2's complement, big endian
        Version:1 (current)
        Machine:PowerPC
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:UNIX - Linux
        ABI Version:0
        Entry Point Address:0x105398
        Flags:0x0
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:0
        Section Header Size:40
        Number of Section Headers:0
        Header String Table Index:0

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x1000000x1000000x65800x65807.92900x5R E0x10000
        LOAD0xfb4c0x1001fb4c0x1001fb4c0x00x00.00000x6RW 0x10000
        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

        Network Behavior

        Snort IDS Alerts

        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
        192.168.2.1489.213.31.12140526232829347 01/30/24-00:09:17.253981TCP2829347ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723)4052623192.168.2.1489.213.31.121
        192.168.2.14178.163.132.14338860232829347 01/30/24-00:08:46.579114TCP2829347ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723)3886023192.168.2.14178.163.132.143
        192.168.2.14121.120.101.140538232829347 01/30/24-00:09:06.090881TCP2829347ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723)4053823192.168.2.14121.120.101.1
        192.168.2.13186.39.129.456244232829347 01/30/24-00:08:32.204233TCP2829347ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723)5624423192.168.2.13186.39.129.4
        192.168.2.14187.168.4.7039762232023443 01/30/24-00:08:47.045048TCP2023443ET TROJAN Possible Linux.Mirai Login Attempt (klv123)3976223192.168.2.14187.168.4.70
        192.168.2.14171.34.207.1247532232829347 01/30/24-00:09:06.318964TCP2829347ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723)4753223192.168.2.14171.34.207.12
        192.168.2.13201.176.27.8736480232829347 01/30/24-00:07:53.255345TCP2829347ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723)3648023192.168.2.13201.176.27.87
        192.168.2.1437.98.227.16349802232829347 01/30/24-00:08:57.073420TCP2829347ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723)4980223192.168.2.1437.98.227.163

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 30, 2024 00:05:52.374599934 CET547841312192.168.2.14195.144.21.204
        Jan 30, 2024 00:05:52.379626989 CET3816723192.168.2.1445.118.56.52
        Jan 30, 2024 00:05:52.379698038 CET3816723192.168.2.14178.180.156.52
        Jan 30, 2024 00:05:52.380132914 CET3816723192.168.2.1427.181.65.55
        Jan 30, 2024 00:05:52.380137920 CET3816723192.168.2.1492.2.24.83
        Jan 30, 2024 00:05:52.380168915 CET3816723192.168.2.14192.191.33.52
        Jan 30, 2024 00:05:52.380206108 CET3816723192.168.2.14148.208.151.53
        Jan 30, 2024 00:05:52.380208015 CET3816723192.168.2.14171.146.117.249
        Jan 30, 2024 00:05:52.380209923 CET3816723192.168.2.1432.118.147.85
        Jan 30, 2024 00:05:52.380228043 CET3816723192.168.2.1460.140.51.254
        Jan 30, 2024 00:05:52.380234957 CET3816723192.168.2.14174.72.188.95
        Jan 30, 2024 00:05:52.380234957 CET3816723192.168.2.14173.50.141.201
        Jan 30, 2024 00:05:52.380249977 CET3816723192.168.2.14174.95.182.212
        Jan 30, 2024 00:05:52.380249977 CET3816723192.168.2.14253.58.112.162
        Jan 30, 2024 00:05:52.380261898 CET3816723192.168.2.14119.177.124.202
        Jan 30, 2024 00:05:52.381328106 CET3816723192.168.2.1478.49.95.199
        Jan 30, 2024 00:05:52.381329060 CET3816723192.168.2.14178.72.147.236
        Jan 30, 2024 00:05:52.381331921 CET3816723192.168.2.1485.24.155.199
        Jan 30, 2024 00:05:52.381357908 CET3816723192.168.2.14122.198.184.4
        Jan 30, 2024 00:05:52.381359100 CET3816723192.168.2.1463.211.67.102
        Jan 30, 2024 00:05:52.381372929 CET3816723192.168.2.14209.230.121.78
        Jan 30, 2024 00:05:52.381373882 CET3816723192.168.2.14217.152.204.56
        Jan 30, 2024 00:05:52.381376028 CET3816723192.168.2.142.107.108.182
        Jan 30, 2024 00:05:52.381447077 CET3816723192.168.2.148.139.132.199
        Jan 30, 2024 00:05:52.381454945 CET3816723192.168.2.14200.185.109.41
        Jan 30, 2024 00:05:52.381459951 CET3816723192.168.2.1464.54.105.217
        Jan 30, 2024 00:05:52.381484032 CET3816723192.168.2.14155.238.61.24
        Jan 30, 2024 00:05:52.381489038 CET3816723192.168.2.1427.3.133.215
        Jan 30, 2024 00:05:52.381491899 CET3816723192.168.2.14133.121.145.169
        Jan 30, 2024 00:05:52.381511927 CET3816723192.168.2.14105.76.38.182
        Jan 30, 2024 00:05:52.381516933 CET3816723192.168.2.14249.97.63.178
        Jan 30, 2024 00:05:52.381531954 CET3816723192.168.2.1442.119.68.5
        Jan 30, 2024 00:05:52.381534100 CET3816723192.168.2.14155.36.14.205
        Jan 30, 2024 00:05:52.381555080 CET3816723192.168.2.1481.247.122.34
        Jan 30, 2024 00:05:52.381566048 CET3816723192.168.2.14175.167.146.64
        Jan 30, 2024 00:05:52.381567001 CET3816723192.168.2.14174.170.107.88
        Jan 30, 2024 00:05:52.381572962 CET3816723192.168.2.1444.1.167.175
        Jan 30, 2024 00:05:52.381591082 CET3816723192.168.2.142.101.172.115
        Jan 30, 2024 00:05:52.381591082 CET3816723192.168.2.1470.23.196.169
        Jan 30, 2024 00:05:52.381603003 CET3816723192.168.2.14102.233.134.232
        Jan 30, 2024 00:05:52.381604910 CET3816723192.168.2.14191.108.120.177
        Jan 30, 2024 00:05:52.381649971 CET3816723192.168.2.14102.4.43.45
        Jan 30, 2024 00:05:52.381654024 CET3816723192.168.2.14216.151.225.108
        Jan 30, 2024 00:05:52.381654024 CET3816723192.168.2.1467.15.96.98
        Jan 30, 2024 00:05:52.381654024 CET3816723192.168.2.14245.67.200.241
        Jan 30, 2024 00:05:52.381688118 CET3816723192.168.2.14190.39.232.135
        Jan 30, 2024 00:05:52.381688118 CET3816723192.168.2.14182.172.4.46
        Jan 30, 2024 00:05:52.381726980 CET3816723192.168.2.14104.165.116.111
        Jan 30, 2024 00:05:52.381728888 CET3816723192.168.2.14160.182.15.136
        Jan 30, 2024 00:05:52.381731033 CET3816723192.168.2.14115.3.66.55
        Jan 30, 2024 00:05:52.381733894 CET3816723192.168.2.14211.251.251.39
        Jan 30, 2024 00:05:52.381748915 CET3816723192.168.2.1494.109.219.80
        Jan 30, 2024 00:05:52.381752014 CET3816723192.168.2.1459.117.16.55
        Jan 30, 2024 00:05:52.381778955 CET3816723192.168.2.1485.76.223.230
        Jan 30, 2024 00:05:52.382006884 CET3816723192.168.2.14204.104.234.244
        Jan 30, 2024 00:05:52.382014036 CET3816723192.168.2.1460.133.11.97
        Jan 30, 2024 00:05:52.382015944 CET3816723192.168.2.14191.68.240.98
        Jan 30, 2024 00:05:52.382016897 CET3816723192.168.2.14179.136.129.174
        Jan 30, 2024 00:05:52.382019043 CET3816723192.168.2.1466.29.239.10
        Jan 30, 2024 00:05:52.382021904 CET3816723192.168.2.14149.13.124.100
        Jan 30, 2024 00:05:52.382028103 CET3816723192.168.2.1418.34.180.114
        Jan 30, 2024 00:05:52.382029057 CET3816723192.168.2.1412.238.93.43
        Jan 30, 2024 00:05:52.382031918 CET3816723192.168.2.14255.181.173.76
        Jan 30, 2024 00:05:52.382034063 CET3816723192.168.2.1448.81.44.206
        Jan 30, 2024 00:05:52.382038116 CET3816723192.168.2.1466.205.69.96
        Jan 30, 2024 00:05:52.382088900 CET3816723192.168.2.14158.34.107.63
        Jan 30, 2024 00:05:52.382091999 CET3816723192.168.2.1443.60.182.179
        Jan 30, 2024 00:05:52.382102966 CET3816723192.168.2.14250.8.19.18
        Jan 30, 2024 00:05:52.382128000 CET3816723192.168.2.14116.138.91.70
        Jan 30, 2024 00:05:52.382136106 CET3816723192.168.2.14178.225.113.56
        Jan 30, 2024 00:05:52.382155895 CET3816723192.168.2.1492.66.247.237
        Jan 30, 2024 00:05:52.382180929 CET3816723192.168.2.14198.42.38.51
        Jan 30, 2024 00:05:52.382195950 CET3816723192.168.2.14123.175.8.92
        Jan 30, 2024 00:05:52.382196903 CET3816723192.168.2.1480.13.130.59
        Jan 30, 2024 00:05:52.382215977 CET3816723192.168.2.14128.238.244.157
        Jan 30, 2024 00:05:52.382217884 CET3816723192.168.2.1478.87.125.25
        Jan 30, 2024 00:05:52.382232904 CET3816723192.168.2.1461.194.60.65
        Jan 30, 2024 00:05:52.382235050 CET3816723192.168.2.14255.54.211.113
        Jan 30, 2024 00:05:52.382235050 CET3816723192.168.2.14170.28.136.152
        Jan 30, 2024 00:05:52.382276058 CET3816723192.168.2.1474.230.105.204
        Jan 30, 2024 00:05:52.382278919 CET3816723192.168.2.14248.6.79.199
        Jan 30, 2024 00:05:52.382281065 CET3816723192.168.2.14252.214.19.59
        Jan 30, 2024 00:05:52.382281065 CET3816723192.168.2.14173.46.137.131
        Jan 30, 2024 00:05:52.382317066 CET3816723192.168.2.14123.95.213.42
        Jan 30, 2024 00:05:52.382318020 CET3816723192.168.2.14154.211.80.71
        Jan 30, 2024 00:05:52.382318974 CET3816723192.168.2.1466.232.103.182
        Jan 30, 2024 00:05:52.382361889 CET3816723192.168.2.1427.60.113.197
        Jan 30, 2024 00:05:52.382373095 CET3816723192.168.2.1483.152.193.56
        Jan 30, 2024 00:05:52.382468939 CET3816723192.168.2.14247.158.179.106
        Jan 30, 2024 00:05:52.382487059 CET3816723192.168.2.1498.17.18.205
        Jan 30, 2024 00:05:52.382529020 CET3816723192.168.2.14107.143.158.73
        Jan 30, 2024 00:05:52.382533073 CET3816723192.168.2.14177.227.97.197
        Jan 30, 2024 00:05:52.382551908 CET3816723192.168.2.1470.19.142.47
        Jan 30, 2024 00:05:52.382570982 CET3816723192.168.2.14161.162.215.83
        Jan 30, 2024 00:05:52.382570982 CET3816723192.168.2.1469.53.120.48
        Jan 30, 2024 00:05:52.382570982 CET3816723192.168.2.14148.143.191.188
        Jan 30, 2024 00:05:52.382570982 CET3816723192.168.2.14160.224.6.85
        Jan 30, 2024 00:05:52.382584095 CET3816723192.168.2.14182.150.14.151
        Jan 30, 2024 00:05:52.382596970 CET3816723192.168.2.14129.8.216.79
        Jan 30, 2024 00:05:52.382597923 CET3816723192.168.2.14173.112.110.138

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 30, 2024 00:08:38.346493959 CET192.168.2.141.1.1.10xf4d9Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
        Jan 30, 2024 00:08:38.346534014 CET192.168.2.141.1.1.10xf83dStandard query (0)daisy.ubuntu.com28IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 30, 2024 00:08:38.465751886 CET1.1.1.1192.168.2.140xf4d9No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
        Jan 30, 2024 00:08:38.465751886 CET1.1.1.1192.168.2.140xf4d9No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

        System Behavior

        General

        Start time (UTC):23:05:51
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:/tmp/z8lHAECIcU.elf
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:05:51
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:34
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:34
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:34
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:39
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:39
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:34
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:34
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:05:51
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:05:51
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:05:51
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:34
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:08:34
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:05:51
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6

        General

        Start time (UTC):23:05:51
        Start date (UTC):29/01/2024
        Path:/tmp/z8lHAECIcU.elf
        Arguments:-
        File size:5388968 bytes
        MD5 hash:ae65271c943d3451b7f026d1fadccea6