Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
aQvU3QHA3N.elf

Overview

General Information

Sample name:aQvU3QHA3N.elf
renamed because original name is a hash value
Original sample name:d89880c3205bef70dcf150f5240b34fc.elf
Analysis ID:1429569
MD5:d89880c3205bef70dcf150f5240b34fc
SHA1:d03f59b197f9f793688a4cd3bc800643a0350bb2
SHA256:d976a388929e29dc7fb260794a60f36c7e9b338b1a3cdbf334fb0c283b7af8f9
Tags:64elfmirai
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1429569
Start date and time:2024-04-22 12:10:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 8s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:aQvU3QHA3N.elf
renamed because original name is a hash value
Original Sample Name:d89880c3205bef70dcf150f5240b34fc.elf
Detection:MAL
Classification:mal72.troj.linELF@0/0@0/0

Runtime Messages

Command:/tmp/aQvU3QHA3N.elf
PID:6223
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
aQvU3QHA3N.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0xc224:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
aQvU3QHA3N.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0xca83:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
aQvU3QHA3N.elfLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x938e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0xe61c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
aQvU3QHA3N.elfLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0x101de:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
aQvU3QHA3N.elfLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0xc643:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 7 entries

Memory Dumps

SourceRuleDescriptionAuthorStrings
6224.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0xc224:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
6224.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0xca83:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
6224.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x938e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0xe61c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
6224.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0x101de:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
6224.1.0000000000400000.0000000000414000.r-x.sdmpLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0xc643:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 67 entries

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: aQvU3QHA3N.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: aQvU3QHA3N.elfVirustotal: Detection: 38%Perma Link
Source: aQvU3QHA3N.elfReversingLabs: Detection: 42%
Machine Learning detection for sample
Source: aQvU3QHA3N.elfJoe Sandbox ML: detected
Source: aQvU3QHA3N.elfString: A2surf2/proc/self/exebash /proc/%s/exe/wget/tftp/curlsocket/bin/busybox/usr/lib/systemd/systemd/opt/app/monitorusr/mnt/sys/boot/run/media/srv/etc/dev/telnetsshsshdbashhttpdtelnetddropbearencodersystem/z/secom//usr/sbin//usr/lib//var/tmp/wlanconthyd.archyd.x86_64hyd.x86hyd.i686hyd.mpslhyd.mipshyd.armhyd.arm4hyd.arm5hyd.arm6hyd.arm7hyd.ppchyd.spchyd.m68khyd.sh4hyd.xtensahyd.nios2hyd.aarch64hyd.microblazeel/usr/libexec/openssh/sftp-server/proc/proc/%d/cmdlinenetstat/proc/%s/cmdline.//proc//proc/%d/mapssystemd /var/run/mnt/root/var/tmp/boot/.(deleted)/home/proc/net/tcp%*s %08X127.0.0.1Killing process %d

Networking

barindex
Connects to many ports of the same IP (likely port scanning)
Source: global trafficTCP traffic: 91.228.147.116 ports 0,3,5,6,7,56730
Source: global trafficTCP traffic: 192.168.2.23:49106 -> 91.228.147.116:56730
Source: /tmp/aQvU3QHA3N.elf (PID: 6223)Socket: 0.0.0.0::56730Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 17.247.232.57
Source: unknownTCP traffic detected without corresponding DNS query: 75.125.147.71
Source: unknownTCP traffic detected without corresponding DNS query: 182.195.195.146
Source: unknownTCP traffic detected without corresponding DNS query: 91.37.56.8
Source: unknownTCP traffic detected without corresponding DNS query: 190.94.194.83
Source: unknownTCP traffic detected without corresponding DNS query: 82.15.182.25
Source: unknownTCP traffic detected without corresponding DNS query: 63.163.14.54
Source: unknownTCP traffic detected without corresponding DNS query: 202.78.213.149
Source: unknownTCP traffic detected without corresponding DNS query: 64.207.25.62
Source: unknownTCP traffic detected without corresponding DNS query: 2.55.127.227
Source: unknownTCP traffic detected without corresponding DNS query: 204.208.13.241
Source: unknownTCP traffic detected without corresponding DNS query: 134.234.98.248
Source: unknownTCP traffic detected without corresponding DNS query: 140.11.95.209
Source: unknownTCP traffic detected without corresponding DNS query: 89.85.33.15
Source: unknownTCP traffic detected without corresponding DNS query: 93.38.62.230
Source: unknownTCP traffic detected without corresponding DNS query: 54.31.237.167
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.153.109
Source: unknownTCP traffic detected without corresponding DNS query: 99.0.127.94
Source: unknownTCP traffic detected without corresponding DNS query: 153.54.33.50
Source: unknownTCP traffic detected without corresponding DNS query: 12.180.138.86
Source: unknownTCP traffic detected without corresponding DNS query: 44.88.32.125
Source: unknownTCP traffic detected without corresponding DNS query: 126.172.80.202
Source: unknownTCP traffic detected without corresponding DNS query: 8.25.178.127
Source: unknownTCP traffic detected without corresponding DNS query: 31.227.27.65
Source: unknownTCP traffic detected without corresponding DNS query: 111.196.43.33
Source: unknownTCP traffic detected without corresponding DNS query: 160.49.181.67
Source: unknownTCP traffic detected without corresponding DNS query: 107.16.92.78
Source: unknownTCP traffic detected without corresponding DNS query: 186.189.132.227
Source: unknownTCP traffic detected without corresponding DNS query: 155.236.47.80
Source: unknownTCP traffic detected without corresponding DNS query: 122.77.144.1
Source: unknownTCP traffic detected without corresponding DNS query: 207.189.14.212
Source: unknownTCP traffic detected without corresponding DNS query: 220.5.139.5
Source: unknownTCP traffic detected without corresponding DNS query: 197.22.157.146
Source: unknownTCP traffic detected without corresponding DNS query: 128.149.201.198
Source: unknownTCP traffic detected without corresponding DNS query: 125.127.232.127
Source: unknownTCP traffic detected without corresponding DNS query: 80.185.133.71
Source: unknownTCP traffic detected without corresponding DNS query: 176.102.189.173
Source: unknownTCP traffic detected without corresponding DNS query: 46.225.206.14
Source: unknownTCP traffic detected without corresponding DNS query: 199.151.121.197
Source: unknownTCP traffic detected without corresponding DNS query: 133.58.26.1
Source: unknownTCP traffic detected without corresponding DNS query: 90.175.141.95
Source: unknownTCP traffic detected without corresponding DNS query: 65.24.25.92
Source: unknownTCP traffic detected without corresponding DNS query: 200.55.149.164
Source: unknownTCP traffic detected without corresponding DNS query: 44.67.113.188
Source: unknownTCP traffic detected without corresponding DNS query: 14.224.42.76
Source: unknownTCP traffic detected without corresponding DNS query: 105.52.195.79
Source: unknownTCP traffic detected without corresponding DNS query: 95.228.215.149
Source: unknownTCP traffic detected without corresponding DNS query: 208.16.159.244
Source: unknownTCP traffic detected without corresponding DNS query: 208.155.145.199
Source: unknownTCP traffic detected without corresponding DNS query: 14.215.25.30
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: Initial sampleString containing 'busybox' found: /bin/busybox
Source: Initial sampleString containing 'busybox' found: A2surf2/proc/self/exebash /proc/%s/exe/wget/tftp/curlsocket/bin/busybox/usr/lib/systemd/systemd/opt/app/monitorusr/mnt/sys/boot/run/media/srv/etc/dev/telnetsshsshdbashhttpdtelnetddropbearencodersystem/z/secom//usr/sbin//usr/lib//var/tmp/wlanconthyd.archyd.x86_64hyd.x86hyd.i686hyd.mpslhyd.mipshyd.armhyd.arm4hyd.arm5hyd.arm6hyd.arm7hyd.ppchyd.spchyd.m68khyd.sh4hyd.xtensahyd.nios2hyd.aarch64hyd.microblazeel/usr/libexec/openssh/sftp-server/proc/proc/%d/cmdlinenetstat/proc/%s/cmdline.//proc//proc/%d/mapssystemd /var/run/mnt/root/var/tmp/boot/.(deleted)/home/proc/net/tcp%*s %08X127.0.0.1Killing process %d
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)SIGKILL sent: pid: 6224, result: successfulJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)SIGKILL sent: pid: 6226, result: successfulJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)SIGKILL sent: pid: 6228, result: successfulJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)SIGKILL sent: pid: 6229, result: successfulJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)SIGKILL sent: pid: 6230, result: successfulJump to behavior
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: aQvU3QHA3N.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 6224.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 6226.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 6229.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 6230.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 6228.1.0000000000400000.0000000000414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: classification engineClassification label: mal72.troj.linELF@0/0@0/0
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/6230/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/6231/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/6231/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1582/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1582/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/3088/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/230/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/110/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/231/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/111/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/232/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1579/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1579/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/112/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/233/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1699/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/113/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/234/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1335/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1698/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1698/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/114/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/235/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1334/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1334/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1576/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1576/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/2302/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/2302/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/115/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/236/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/236/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/116/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/237/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/237/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/117/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/118/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/910/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/910/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/119/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/6226/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/912/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/912/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/6229/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/6228/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/10/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/2307/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/2307/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/11/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/918/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/918/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/12/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/13/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/14/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/15/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/15/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/16/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/16/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/17/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/17/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/18/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1594/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1594/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/120/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/120/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/121/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/121/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1349/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1349/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/122/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/122/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/243/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/243/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/123/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/123/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/2/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/124/mapsJump to behavior
Source: /tmp/aQvU3QHA3N.elf (PID: 6225)File opened: /proc/124/cmdlineJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume Access1
OS Credential Dumping		System Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1429569 Sample: aQvU3QHA3N.elf Startdate: 22/04/2024 Architecture: LINUX Score: 72 22 91.228.147.116, 49106, 56730 MIROHOSTWebhostingdatacenteranddomainnamesregistrati Ukraine 2->22 24 128.104.74.101, 23 WISC-MADISON-ASUS United States 2->24 26 98 other IPs or domains 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 2 other signatures 2->34 8 aQvU3QHA3N.elf 2->8         started        signatures3 process4 process5 10 aQvU3QHA3N.elf 8->10         started        12 aQvU3QHA3N.elf 8->12         started        14 aQvU3QHA3N.elf 8->14         started        16 aQvU3QHA3N.elf 8->16         started        process6 18 aQvU3QHA3N.elf 10->18         started        20 aQvU3QHA3N.elf 10->20         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
aQvU3QHA3N.elf38%VirustotalBrowse
aQvU3QHA3N.elf42%ReversingLabsLinux.Trojan.Mirai
aQvU3QHA3N.elf100%AviraEXP/ELF.Mirai.W
aQvU3QHA3N.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
198.67.215.54
unknownUnited States
1239SPRINTLINKUSfalse
111.156.214.21
unknownChina
9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
84.52.105.226
unknownRussian Federation
25408WESTCALL-SPB-ASRUfalse
86.21.115.186
unknownUnited Kingdom
5089NTLGBfalse
36.254.147.198
unknownChina
38565NCELL-AS-NPNcellPvtLtdNPfalse
169.113.24.23
unknownUnited States
37611AfrihostZAfalse
2.55.127.227
unknownIsrael
12400PARTNER-ASILfalse
170.120.165.3
unknownUnited States
22347DORSEY-WHITNEYUSfalse
160.160.96.147
unknownMorocco
6713IAM-ASMAfalse
18.236.14.150
unknownUnited States
16509AMAZON-02USfalse
179.13.85.216
unknownColombia
27831ColombiaMovilCOfalse
108.93.104.21
unknownUnited States
7018ATT-INTERNET4USfalse
221.95.126.21
unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
93.5.229.78
unknownFrance
15557LDCOMNETFRfalse
217.216.17.7
unknownSpain
12357COMUNITELSPAINESfalse
105.203.51.55
unknownEgypt
36992ETISALAT-MISREGfalse
220.5.139.5
unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
35.86.241.55
unknownUnited States
237MERIT-AS-14USfalse
120.189.101.36
unknownIndonesia
4761INDOSAT-INP-APINDOSATInternetNetworkProviderIDfalse
12.180.138.86
unknownUnited States
7018ATT-INTERNET4USfalse
157.15.59.204
unknownunknown
2512TCP-NETTCPIncJPfalse
208.111.38.13
unknownUnited States
36236NETACTUATEUSfalse
19.221.61.147
unknownUnited States
3MIT-GATEWAYSUSfalse
72.160.179.33
unknownUnited States
22561CENTURYLINK-LEGACY-LIGHTCOREUSfalse
152.229.24.89
unknownUnited States
5307DNIC-ASBLK-05120-05376USfalse
90.175.141.95
unknownSpain
12479UNI2-ASESfalse
76.44.169.153
unknownUnited States
18494CENTURYLINK-LEGACY-EMBARQ-WRBGUSfalse
72.111.201.91
unknownUnited States
22394CELLCOUSfalse
80.67.110.147
unknownSpain
8426CLARANET-ASClaraNETLTDGBfalse
57.87.27.1
unknownBelgium
51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
62.250.32.44
unknownNetherlands
13127VERSATELASfortheTrans-EuropeanTele2IPTransportbackbofalse
68.109.160.164
unknownUnited States
22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
181.158.220.197
unknownColombia
26611COMCELSACOfalse
149.205.249.133
unknownGermany
680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
202.250.131.164
unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
44.217.190.120
unknownUnited States
14618AMAZON-AESUSfalse
180.232.170.41
unknownPhilippines
9658ETPI-IDS-AS-APEasternTelecomsPhilsIncPHfalse
147.118.121.181
unknownUnited States
10370NORTHWEST-AIRLINESUSfalse
66.43.97.141
unknownUnited States
32035CCDT-ASUSfalse
176.56.160.65
unknownNetherlands
41095IPTPNLfalse
153.54.33.50
unknownUnited States
14962NCR-252USfalse
140.193.236.48
unknownCanada
17001UMANITOBACAfalse
132.82.187.249
unknownUnited States
306DNIC-ASBLK-00306-00371USfalse
107.16.92.78
unknownUnited States
14654WAYPORTUSfalse
128.104.74.101
unknownUnited States
59WISC-MADISON-ASUSfalse
98.244.62.103
unknownUnited States
7922COMCAST-7922USfalse
112.150.0.178
unknownKorea Republic of
17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
17.75.129.37
unknownUnited States
714APPLE-ENGINEERINGUSfalse
68.37.162.11
unknownUnited States
7922COMCAST-7922USfalse
98.42.110.127
unknownUnited States
7922COMCAST-7922USfalse
57.97.110.222
unknownBelgium
51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
9.175.218.72
unknownUnited States
3356LEVEL3USfalse
54.31.237.167
unknownUnited States
14618AMAZON-AESUSfalse
64.210.100.248
unknownUnited States
262248MetroMPLSPAfalse
176.192.36.28
unknownRussian Federation
12714TI-ASMoscowRussiaRUfalse
180.170.190.199
unknownChina
4812CHINANET-SH-APChinaTelecomGroupCNfalse
91.228.147.116
unknownUkraine
28907MIROHOSTWebhostingdatacenteranddomainnamesregistratitrue
89.85.33.15
unknownFrance
5410BOUYGTEL-ISPFRfalse
189.26.195.167
unknownBrazil
18881TELEFONICABRASILSABRfalse
126.172.80.202
unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
218.219.199.162
unknownJapan4685ASAHI-NETAsahiNetJPfalse
77.143.229.53
unknownFrance
49902SRR-ASFRfalse
164.50.19.15
unknownUnited States
395877CITYOFTEMPEUSfalse
101.134.43.250
unknownChina
37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
134.234.98.248
unknownUnited States
1586DNIC-ASBLK-01550-01601USfalse
93.8.209.91
unknownFrance
15557LDCOMNETFRfalse
121.100.213.226
unknownChina
38158CBN-NETWORKS-AS-IDPTCyberindoAditamaIDfalse
62.53.126.65
unknownGermany
6805TDDE-ASN1DEfalse
62.165.97.41
unknownNetherlands
20847PREVIDER-ASNLfalse
133.58.26.1
unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
105.52.195.79
unknownKenya
33771SAFARICOM-LIMITEDKEfalse
85.65.237.35
unknownIsrael
1680NV-ASNCELLCOMltdILfalse
216.158.171.89
unknownUnited States
30034VCS-ASNUSfalse
57.211.55.90
unknownBelgium
2686ATGS-MMD-ASUSfalse
75.125.147.71
unknownUnited States
36351SOFTLAYERUSfalse
58.233.38.11
unknownKorea Republic of
9318SKB-ASSKBroadbandCoLtdKRfalse
61.141.221.25
unknownChina
4813BACKBONE-GUANGDONG-APChinaTelecomGroupCNfalse
187.189.96.167
unknownMexico
22884TOTALPLAYTELECOMUNICACIONESSADECVMXfalse
82.15.182.25
unknownUnited Kingdom
5089NTLGBfalse
130.199.106.26
unknownUnited States
43BNL-ASUSfalse
186.94.123.125
unknownVenezuela
8048CANTVServiciosVenezuelaVEfalse
155.236.47.80
unknownSouth Africa
3917SHELL-3917ShellInformationTechnologyInternationalBVfalse
202.90.157.30
unknownPhilippines
9821DOST-PH-APDepartmentofScienceandTechnologyPHfalse
175.219.44.233
unknownKorea Republic of
4766KIXS-AS-KRKoreaTelecomKRfalse
92.14.71.1
unknownUnited Kingdom
13285OPALTELECOM-ASTalkTalkCommunicationsLimitedGBfalse
111.34.96.142
unknownChina
24444CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompanyfalse
57.217.243.141
unknownBelgium
2686ATGS-MMD-ASUSfalse
40.104.248.233
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
1.47.37.207
unknownThailand
24378ENGTAC-AS-TH-APTotalAccessCommunicationPLCTHfalse
198.157.91.216
unknownUnited States
18676AVAYAUSfalse
79.47.232.18
unknownItaly
3269ASN-IBSNAZITfalse
133.112.149.159
unknownJapan2522PPP-EXPJapanNetworkInformationCenterJPfalse
212.151.69.205
unknownSweden
1257TELE2EUfalse
5.248.220.31
unknownUkraine
15895KSNET-ASUAfalse
17.247.232.57
unknownUnited States
714APPLE-ENGINEERINGUSfalse
177.245.85.157
unknownMexico
13999MegaCableSAdeCVMXfalse
80.185.133.71
unknownFrance
41272MOSELLE-TELECOM-ASFRfalse
91.37.56.8
unknownGermany
3320DTAGInternetserviceprovideroperationsDEfalse
119.164.228.33
unknownChina
4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
67.51.79.172
unknownUnited States
7385ALLSTREAMUSfalse

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
NTLGBEgLiYySziA.elfGet hashmaliciousMirai, OkiruBrowse
  • 82.32.112.53
qHaDdrhGKL.elfGet hashmaliciousMiraiBrowse
  • 82.4.86.214
tajma.arm7-20240421-1029.elfGet hashmaliciousMirai, OkiruBrowse
  • 82.39.27.143
9IseFevRH6.elfGet hashmaliciousMiraiBrowse
  • 81.104.146.11
dPFRrhKTeG.elfGet hashmaliciousUnknownBrowse
  • 86.22.124.245
KSRRrEMt1w.elfGet hashmaliciousMiraiBrowse
  • 80.4.37.77
3OcPSlVa7n.elfGet hashmaliciousMiraiBrowse
  • 82.33.237.127
rc21AW1MZD.elfGet hashmaliciousMiraiBrowse
  • 62.31.100.64
jLntRRok3B.elfGet hashmaliciousMiraiBrowse
  • 86.8.159.13
CTTNETChinaTieTongTelecommunicationsCorporationCN42EYULJ8y1.elfGet hashmaliciousMiraiBrowse
  • 123.91.190.143
tajma.arm7-20240422-0539.elfGet hashmaliciousMirai, OkiruBrowse
  • 110.105.203.194
EgLiYySziA.elfGet hashmaliciousMirai, OkiruBrowse
  • 111.132.152.16
qHaDdrhGKL.elfGet hashmaliciousMiraiBrowse
  • 111.132.103.46
dugw41p62T.elfGet hashmaliciousMiraiBrowse
  • 110.59.218.243
Y98pGn3FUt.elfGet hashmaliciousMiraiBrowse
  • 61.237.31.201
tajma.x86-20240421-1027.elfGet hashmaliciousMirai, OkiruBrowse
  • 110.205.202.32
czEunnbk7b.elfGet hashmaliciousMiraiBrowse
  • 122.93.239.85
dPFRrhKTeG.elfGet hashmaliciousUnknownBrowse
  • 110.117.148.248
wFtZih4nN9.elfGet hashmaliciousMiraiBrowse
  • 101.157.211.245
WESTCALL-SPB-ASRUPa0exc41sw.elfGet hashmaliciousMiraiBrowse
  • 109.167.232.174
L4qsAy3vf5.elfGet hashmaliciousUnknownBrowse
  • 109.167.232.175
mips-20230712-1440.elfGet hashmaliciousMiraiBrowse
  • 109.167.232.195
N6PuGEkG5Q.elfGet hashmaliciousMiraiBrowse
  • 109.167.232.174
E6YuGHKk5r.elfGet hashmaliciousMiraiBrowse
  • 84.52.66.7
H6I36Hyajw.elfGet hashmaliciousUnknownBrowse
  • 109.167.180.223
x86.elfGet hashmaliciousMiraiBrowse
  • 109.167.180.235
1QvbcUnNmb.elfGet hashmaliciousMiraiBrowse
  • 31.41.34.28
bk.x86-20220929-0628.elfGet hashmaliciousMiraiBrowse
  • 109.167.232.170
nLGarztxox.elfGet hashmaliciousUnknownBrowse
  • 84.52.109.0
SPRINTLINKUSg2PqnVy6cQ.elfGet hashmaliciousMirai, OkiruBrowse
  • 63.162.162.69
b3astmode.arm7.elfGet hashmaliciousMiraiBrowse
  • 204.214.48.16
cfGjk0Keob.elfGet hashmaliciousMiraiBrowse
  • 144.232.41.187
Q2bIN963Kt.elfGet hashmaliciousMirai, OkiruBrowse
  • 198.70.191.166
9IseFevRH6.elfGet hashmaliciousMiraiBrowse
  • 204.104.131.208
KSRRrEMt1w.elfGet hashmaliciousMiraiBrowse
  • 204.180.4.40
4XAsw9FSr5.elfGet hashmaliciousUnknownBrowse
  • 63.184.206.209
0Ox8zezLAz.elfGet hashmaliciousMiraiBrowse
  • 65.161.79.113
hYN45tzxwl.elfGet hashmaliciousMiraiBrowse
  • 199.3.5.113
cx9Nvpe3Cs.elfGet hashmaliciousMiraiBrowse
  • 199.1.33.76

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):6.204016598779974
TrID:
  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:aQvU3QHA3N.elf
File size:84'064 bytes
MD5:d89880c3205bef70dcf150f5240b34fc
SHA1:d03f59b197f9f793688a4cd3bc800643a0350bb2
SHA256:d976a388929e29dc7fb260794a60f36c7e9b338b1a3cdbf334fb0c283b7af8f9
SHA512:174bd5617677a133f62c79ddfb9d4eae139149cc9d51a7222f824304014654d2f75455579635ac9b92dcdeee508538a2db73237c26e406915699a32c0db68b52
SSDEEP:1536:6OXZPj/hQdrmil0QOjaBG9Zu51l3u57o3pIxvj67wQaI7p1MxQgIu2/oG0efr7dh:dZr/WdFLosG9w51l3u57oav4Ta8YxQIJ
TLSH:F7832887B5D6C9FDC15AC5385B2BB53AC472F07E1239B2A76BC0EE162D4CE201A2F550
File Content Preview:.ELF..............>.......@.....@........E..........@.8...@.......................@.......@......;.......;.......................;.......;Q......;Q.............@4..............Q.td....................................................H...._....J...H........

Static ELF Info

ELF header

Class:ELF64
Data:2's complement, little endian
Version:1 (current)
Machine:Advanced Micro Devices X86-64
Version Number:0x1
Type:EXEC (Executable file)
OS/ABI:UNIX - System V
ABI Version:0
Entry Point Address:0x400194
Flags:0x0
ELF Header Size:64
Program Header Offset:64
Program Header Size:56
Number of Program Headers:3
Section Header Offset:83424
Section Header Size:64
Number of Section Headers:10
Header String Table Index:9

Sections

NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
NULL0x00x00x00x00x0000
.initPROGBITS0x4000e80xe80x130x00x6AX001
.textPROGBITS0x4001000x1000x10a760x00x6AX0016
.finiPROGBITS0x410b760x10b760xe0x00x6AX001
.rodataPROGBITS0x410ba00x10ba00x30000x00x2A0032
.ctorsPROGBITS0x513ba80x13ba80x100x00x3WA008
.dtorsPROGBITS0x513bb80x13bb80x100x00x3WA008
.dataPROGBITS0x513be00x13be00x9c00x00x3WA0032
.bssNOBITS0x5145a00x145a00x2a480x00x3WA0032
.shstrtabSTRTAB0x00x145a00x3e0x00x0001

Program Segments

TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
LOAD0x00x4000000x4000000x13ba00x13ba06.29210x5R E0x100000.init .text .fini .rodata
LOAD0x13ba80x513ba80x513ba80x9f80x34402.73360x6RW 0x100000.ctors .dtors .data .bss
GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Apr 22, 2024 12:10:50.281403065 CEST5526823192.168.2.2317.247.232.57
Apr 22, 2024 12:10:50.281405926 CEST5526823192.168.2.2375.125.147.71
Apr 22, 2024 12:10:50.281418085 CEST5526823192.168.2.23182.195.195.146
Apr 22, 2024 12:10:50.281439066 CEST5526823192.168.2.2391.37.56.8
Apr 22, 2024 12:10:50.281455040 CEST5526823192.168.2.23190.94.194.83
Apr 22, 2024 12:10:50.281466007 CEST5526823192.168.2.2382.15.182.25
Apr 22, 2024 12:10:50.281476974 CEST5526823192.168.2.2363.163.14.54
Apr 22, 2024 12:10:50.281478882 CEST5526823192.168.2.23202.78.213.149
Apr 22, 2024 12:10:50.281495094 CEST5526823192.168.2.2364.207.25.62
Apr 22, 2024 12:10:50.281513929 CEST5526823192.168.2.232.55.127.227
Apr 22, 2024 12:10:50.281531096 CEST5526823192.168.2.23204.208.13.241
Apr 22, 2024 12:10:50.281531096 CEST5526823192.168.2.23134.234.98.248
Apr 22, 2024 12:10:50.281531096 CEST5526823192.168.2.23140.11.95.209
Apr 22, 2024 12:10:50.281531096 CEST5526823192.168.2.2389.85.33.15
Apr 22, 2024 12:10:50.281532049 CEST5526823192.168.2.2393.38.62.230
Apr 22, 2024 12:10:50.281547070 CEST5526823192.168.2.2342.129.110.79
Apr 22, 2024 12:10:50.281547070 CEST5526823192.168.2.2380.67.110.147
Apr 22, 2024 12:10:50.281548023 CEST5526823192.168.2.2354.31.237.167
Apr 22, 2024 12:10:50.281564951 CEST5526823192.168.2.2323.50.153.109
Apr 22, 2024 12:10:50.281574011 CEST5526823192.168.2.2399.0.127.94
Apr 22, 2024 12:10:50.281574965 CEST5526823192.168.2.23153.54.33.50
Apr 22, 2024 12:10:50.281586885 CEST5526823192.168.2.2364.210.100.248
Apr 22, 2024 12:10:50.281586885 CEST5526823192.168.2.2312.180.138.86
Apr 22, 2024 12:10:50.281605005 CEST5526823192.168.2.2398.42.110.127
Apr 22, 2024 12:10:50.281605959 CEST5526823192.168.2.2344.88.32.125
Apr 22, 2024 12:10:50.281609058 CEST5526823192.168.2.23126.172.80.202
Apr 22, 2024 12:10:50.281609058 CEST5526823192.168.2.238.25.178.127
Apr 22, 2024 12:10:50.281609058 CEST5526823192.168.2.2331.227.27.65
Apr 22, 2024 12:10:50.281625986 CEST5526823192.168.2.23111.196.43.33
Apr 22, 2024 12:10:50.281625986 CEST5526823192.168.2.23160.49.181.67
Apr 22, 2024 12:10:50.281627893 CEST5526823192.168.2.23107.16.92.78
Apr 22, 2024 12:10:50.281642914 CEST5526823192.168.2.23186.189.132.227
Apr 22, 2024 12:10:50.281645060 CEST5526823192.168.2.23155.236.47.80
Apr 22, 2024 12:10:50.281652927 CEST5526823192.168.2.23122.77.144.1
Apr 22, 2024 12:10:50.281670094 CEST5526823192.168.2.23207.189.14.212
Apr 22, 2024 12:10:50.281672001 CEST5526823192.168.2.23220.5.139.5
Apr 22, 2024 12:10:50.281683922 CEST5526823192.168.2.23197.22.157.146
Apr 22, 2024 12:10:50.281687021 CEST5526823192.168.2.23128.149.201.198
Apr 22, 2024 12:10:50.281697989 CEST5526823192.168.2.23125.127.232.127
Apr 22, 2024 12:10:50.281697989 CEST5526823192.168.2.2380.185.133.71
Apr 22, 2024 12:10:50.281707048 CEST5526823192.168.2.23176.102.189.173
Apr 22, 2024 12:10:50.281708956 CEST5526823192.168.2.2346.225.206.14
Apr 22, 2024 12:10:50.281723022 CEST5526823192.168.2.23199.151.121.197
Apr 22, 2024 12:10:50.281728983 CEST5526823192.168.2.23133.58.26.1
Apr 22, 2024 12:10:50.281728983 CEST5526823192.168.2.2337.210.180.251
Apr 22, 2024 12:10:50.281743050 CEST5526823192.168.2.2390.175.141.95
Apr 22, 2024 12:10:50.281745911 CEST5526823192.168.2.2365.24.25.92
Apr 22, 2024 12:10:50.281750917 CEST5526823192.168.2.23200.55.149.164
Apr 22, 2024 12:10:50.281757116 CEST5526823192.168.2.2344.67.113.188
Apr 22, 2024 12:10:50.281757116 CEST5526823192.168.2.2314.224.42.76
Apr 22, 2024 12:10:50.281771898 CEST5526823192.168.2.23105.52.195.79
Apr 22, 2024 12:10:50.281783104 CEST5526823192.168.2.23179.210.15.228
Apr 22, 2024 12:10:50.281795979 CEST5526823192.168.2.2395.228.215.149
Apr 22, 2024 12:10:50.281795979 CEST5526823192.168.2.23208.16.159.244
Apr 22, 2024 12:10:50.281796932 CEST5526823192.168.2.23208.155.145.199
Apr 22, 2024 12:10:50.281809092 CEST5526823192.168.2.2314.215.25.30
Apr 22, 2024 12:10:50.281825066 CEST5526823192.168.2.23103.207.136.80
Apr 22, 2024 12:10:50.281836987 CEST5526823192.168.2.2372.160.179.33
Apr 22, 2024 12:10:50.281846046 CEST5526823192.168.2.23111.156.214.21
Apr 22, 2024 12:10:50.281847000 CEST5526823192.168.2.2358.106.200.147
Apr 22, 2024 12:10:50.281851053 CEST5526823192.168.2.23169.113.24.23
Apr 22, 2024 12:10:50.281855106 CEST5526823192.168.2.2370.84.41.154
Apr 22, 2024 12:10:50.281855106 CEST5526823192.168.2.2392.14.71.1
Apr 22, 2024 12:10:50.281862974 CEST5526823192.168.2.2389.100.224.1
Apr 22, 2024 12:10:50.281862974 CEST5526823192.168.2.2340.173.243.197
Apr 22, 2024 12:10:50.281863928 CEST5526823192.168.2.23133.112.149.159
Apr 22, 2024 12:10:50.281874895 CEST5526823192.168.2.23138.4.15.149
Apr 22, 2024 12:10:50.281897068 CEST5526823192.168.2.23130.199.106.26
Apr 22, 2024 12:10:50.281897068 CEST5526823192.168.2.23223.148.41.197
Apr 22, 2024 12:10:50.281904936 CEST5526823192.168.2.2368.37.162.11
Apr 22, 2024 12:10:50.281908035 CEST5526823192.168.2.2397.138.177.191
Apr 22, 2024 12:10:50.281908035 CEST5526823192.168.2.23105.203.51.55
Apr 22, 2024 12:10:50.281908035 CEST5526823192.168.2.23140.193.236.48
Apr 22, 2024 12:10:50.281913996 CEST5526823192.168.2.2323.248.116.45
Apr 22, 2024 12:10:50.281919003 CEST5526823192.168.2.2318.236.14.150
Apr 22, 2024 12:10:50.281927109 CEST5526823192.168.2.23140.116.54.13
Apr 22, 2024 12:10:50.281939030 CEST5526823192.168.2.23132.82.187.249
Apr 22, 2024 12:10:50.281939030 CEST5526823192.168.2.23167.24.233.227
Apr 22, 2024 12:10:50.281951904 CEST5526823192.168.2.2350.225.62.74
Apr 22, 2024 12:10:50.281955957 CEST5526823192.168.2.2331.219.85.212
Apr 22, 2024 12:10:50.281970024 CEST5526823192.168.2.23163.242.184.46
Apr 22, 2024 12:10:50.281980038 CEST5526823192.168.2.23153.162.175.200
Apr 22, 2024 12:10:50.281985044 CEST5526823192.168.2.23186.94.123.125
Apr 22, 2024 12:10:50.281991005 CEST5526823192.168.2.23135.35.187.173
Apr 22, 2024 12:10:50.281991005 CEST5526823192.168.2.23188.3.13.222
Apr 22, 2024 12:10:50.282001019 CEST5526823192.168.2.2397.181.10.219
Apr 22, 2024 12:10:50.282005072 CEST5526823192.168.2.2332.92.51.31
Apr 22, 2024 12:10:50.282021046 CEST5526823192.168.2.23120.118.79.15
Apr 22, 2024 12:10:50.282027006 CEST5526823192.168.2.2362.165.97.41
Apr 22, 2024 12:10:50.282046080 CEST5526823192.168.2.2394.226.197.230
Apr 22, 2024 12:10:50.282047987 CEST5526823192.168.2.2336.254.147.198
Apr 22, 2024 12:10:50.282052994 CEST5526823192.168.2.2393.253.124.228
Apr 22, 2024 12:10:50.282085896 CEST5526823192.168.2.23131.225.67.199
Apr 22, 2024 12:10:50.282085896 CEST5526823192.168.2.2350.154.26.73
Apr 22, 2024 12:10:50.282087088 CEST5526823192.168.2.23218.219.199.162
Apr 22, 2024 12:10:50.282102108 CEST5526823192.168.2.2384.52.105.226
Apr 22, 2024 12:10:50.282114983 CEST5526823192.168.2.23138.159.153.209
Apr 22, 2024 12:10:50.282118082 CEST5526823192.168.2.23149.205.249.133
Apr 22, 2024 12:10:50.282121897 CEST5526823192.168.2.2337.121.157.204
Apr 22, 2024 12:10:50.282121897 CEST5526823192.168.2.23217.18.87.185
Apr 22, 2024 12:10:50.282138109 CEST5526823192.168.2.23198.67.215.54
Apr 22, 2024 12:10:50.282146931 CEST5526823192.168.2.23181.158.220.197
Apr 22, 2024 12:10:50.282146931 CEST5526823192.168.2.23163.105.144.179
Apr 22, 2024 12:10:50.282147884 CEST5526823192.168.2.23207.114.123.127
Apr 22, 2024 12:10:50.282147884 CEST5526823192.168.2.2361.141.221.25
Apr 22, 2024 12:10:50.282149076 CEST5526823192.168.2.23154.27.171.26
Apr 22, 2024 12:10:50.282155991 CEST5526823192.168.2.2386.21.115.186
Apr 22, 2024 12:10:50.282170057 CEST5526823192.168.2.23119.164.228.33
Apr 22, 2024 12:10:50.282171965 CEST5526823192.168.2.23131.97.56.205
Apr 22, 2024 12:10:50.282175064 CEST5526823192.168.2.23210.221.19.56
Apr 22, 2024 12:10:50.282179117 CEST5526823192.168.2.23157.116.91.135
Apr 22, 2024 12:10:50.282179117 CEST5526823192.168.2.2346.195.16.120
Apr 22, 2024 12:10:50.282186031 CEST5526823192.168.2.23128.104.74.101
Apr 22, 2024 12:10:50.282203913 CEST5526823192.168.2.23219.99.240.212
Apr 22, 2024 12:10:50.282205105 CEST5526823192.168.2.2358.233.38.11
Apr 22, 2024 12:10:50.282205105 CEST5526823192.168.2.2377.143.229.53
Apr 22, 2024 12:10:50.282206059 CEST5526823192.168.2.2351.33.190.100
Apr 22, 2024 12:10:50.282206059 CEST5526823192.168.2.23198.225.181.12
Apr 22, 2024 12:10:50.282216072 CEST5526823192.168.2.23182.71.209.32
Apr 22, 2024 12:10:50.282227993 CEST5526823192.168.2.2357.217.243.141
Apr 22, 2024 12:10:50.282233953 CEST5526823192.168.2.239.175.218.72
Apr 22, 2024 12:10:50.282238960 CEST5526823192.168.2.23202.250.131.164
Apr 22, 2024 12:10:50.282243013 CEST5526823192.168.2.23116.84.72.223
Apr 22, 2024 12:10:50.282244921 CEST5526823192.168.2.2325.157.167.224
Apr 22, 2024 12:10:50.282248020 CEST5526823192.168.2.23120.189.101.36
Apr 22, 2024 12:10:50.282249928 CEST5526823192.168.2.2379.47.232.18
Apr 22, 2024 12:10:50.282269001 CEST5526823192.168.2.2317.149.127.60
Apr 22, 2024 12:10:50.282282114 CEST5526823192.168.2.23147.222.31.172
Apr 22, 2024 12:10:50.282290936 CEST5526823192.168.2.2360.185.216.58
Apr 22, 2024 12:10:50.282291889 CEST5526823192.168.2.23202.90.157.30
Apr 22, 2024 12:10:50.282296896 CEST5526823192.168.2.23187.189.96.167
Apr 22, 2024 12:10:50.282309055 CEST5526823192.168.2.23212.151.69.205
Apr 22, 2024 12:10:50.282315016 CEST5526823192.168.2.2344.217.190.120
Apr 22, 2024 12:10:50.282340050 CEST5526823192.168.2.2370.171.68.122
Apr 22, 2024 12:10:50.282341003 CEST5526823192.168.2.23119.17.139.188
Apr 22, 2024 12:10:50.282341003 CEST5526823192.168.2.2375.181.97.250
Apr 22, 2024 12:10:50.282346010 CEST5526823192.168.2.23176.192.36.28
Apr 22, 2024 12:10:50.282349110 CEST5526823192.168.2.23150.235.135.113
Apr 22, 2024 12:10:50.282356024 CEST5526823192.168.2.23198.157.91.216
Apr 22, 2024 12:10:50.282356977 CEST5526823192.168.2.23188.28.98.248
Apr 22, 2024 12:10:50.282376051 CEST5526823192.168.2.23129.96.29.251
Apr 22, 2024 12:10:50.282378912 CEST5526823192.168.2.23138.156.9.102
Apr 22, 2024 12:10:50.282386065 CEST5526823192.168.2.231.250.116.230
Apr 22, 2024 12:10:50.282392979 CEST5526823192.168.2.2317.75.129.37
Apr 22, 2024 12:10:50.282404900 CEST5526823192.168.2.2382.142.20.141
Apr 22, 2024 12:10:50.282418966 CEST5526823192.168.2.23112.150.0.178
Apr 22, 2024 12:10:50.282437086 CEST5526823192.168.2.2366.73.144.133
Apr 22, 2024 12:10:50.282443047 CEST5526823192.168.2.235.248.220.31
Apr 22, 2024 12:10:50.282444000 CEST5526823192.168.2.23117.252.242.230
Apr 22, 2024 12:10:50.282445908 CEST5526823192.168.2.23177.245.85.157
Apr 22, 2024 12:10:50.282457113 CEST5526823192.168.2.2345.85.247.30
Apr 22, 2024 12:10:50.282460928 CEST5526823192.168.2.23208.77.32.228
Apr 22, 2024 12:10:50.282465935 CEST5526823192.168.2.2373.142.107.122
Apr 22, 2024 12:10:50.282468081 CEST5526823192.168.2.2370.99.16.39
Apr 22, 2024 12:10:50.282475948 CEST5526823192.168.2.2357.211.55.90
Apr 22, 2024 12:10:50.282486916 CEST5526823192.168.2.2372.240.250.213
Apr 22, 2024 12:10:50.282505989 CEST5526823192.168.2.23206.199.195.53
Apr 22, 2024 12:10:50.282505989 CEST5526823192.168.2.2372.111.201.91
Apr 22, 2024 12:10:50.282505989 CEST5526823192.168.2.2319.221.61.147
Apr 22, 2024 12:10:50.282514095 CEST5526823192.168.2.23130.104.178.228
Apr 22, 2024 12:10:50.282514095 CEST5526823192.168.2.2394.60.91.152
Apr 22, 2024 12:10:50.282530069 CEST5526823192.168.2.23169.238.82.165
Apr 22, 2024 12:10:50.282532930 CEST5526823192.168.2.23164.50.19.15
Apr 22, 2024 12:10:50.282552958 CEST5526823192.168.2.23131.202.34.20
Apr 22, 2024 12:10:50.282558918 CEST5526823192.168.2.23124.34.118.226
Apr 22, 2024 12:10:50.282558918 CEST5526823192.168.2.2382.252.146.147
Apr 22, 2024 12:10:50.282574892 CEST5526823192.168.2.23149.102.248.164
Apr 22, 2024 12:10:50.282576084 CEST5526823192.168.2.23180.232.170.41
Apr 22, 2024 12:10:50.282583952 CEST5526823192.168.2.234.129.224.239
Apr 22, 2024 12:10:50.282596111 CEST5526823192.168.2.23222.244.43.36
Apr 22, 2024 12:10:50.282596111 CEST5526823192.168.2.23150.146.35.92
Apr 22, 2024 12:10:50.282597065 CEST5526823192.168.2.23173.252.146.138
Apr 22, 2024 12:10:50.282598972 CEST5526823192.168.2.2331.148.110.30
Apr 22, 2024 12:10:50.282612085 CEST5526823192.168.2.2380.174.126.37
Apr 22, 2024 12:10:50.282623053 CEST5526823192.168.2.2335.100.253.170
Apr 22, 2024 12:10:50.282623053 CEST5526823192.168.2.23180.170.190.199
Apr 22, 2024 12:10:50.282623053 CEST5526823192.168.2.23170.120.165.3
Apr 22, 2024 12:10:50.282632113 CEST5526823192.168.2.23221.95.126.21
Apr 22, 2024 12:10:50.282643080 CEST5526823192.168.2.23108.93.104.21
Apr 22, 2024 12:10:50.282649994 CEST5526823192.168.2.2393.5.229.78
Apr 22, 2024 12:10:50.282669067 CEST5526823192.168.2.23117.251.107.147
Apr 22, 2024 12:10:50.282669067 CEST5526823192.168.2.2335.86.241.55
Apr 22, 2024 12:10:50.282694101 CEST5526823192.168.2.23155.182.38.63
Apr 22, 2024 12:10:50.282696962 CEST5526823192.168.2.23189.26.195.167
Apr 22, 2024 12:10:50.282697916 CEST5526823192.168.2.2393.8.209.91
Apr 22, 2024 12:10:50.282710075 CEST5526823192.168.2.23110.251.60.23
Apr 22, 2024 12:10:50.282711983 CEST5526823192.168.2.2348.224.225.198
Apr 22, 2024 12:10:50.282711983 CEST5526823192.168.2.2340.104.248.233
Apr 22, 2024 12:10:50.282716036 CEST5526823192.168.2.23147.118.121.181
Apr 22, 2024 12:10:50.282732964 CEST5526823192.168.2.23143.21.146.195
Apr 22, 2024 12:10:50.282732964 CEST5526823192.168.2.23189.118.136.25
Apr 22, 2024 12:10:50.282741070 CEST5526823192.168.2.23175.219.44.233
Apr 22, 2024 12:10:50.282749891 CEST5526823192.168.2.23114.7.239.246
Apr 22, 2024 12:10:50.282757044 CEST5526823192.168.2.2313.167.131.105
Apr 22, 2024 12:10:50.282757044 CEST5526823192.168.2.2386.79.52.148
Apr 22, 2024 12:10:50.282777071 CEST5526823192.168.2.2398.244.62.103
Apr 22, 2024 12:10:50.282785892 CEST5526823192.168.2.23192.82.147.198
Apr 22, 2024 12:10:50.282788038 CEST5526823192.168.2.2357.87.27.1
Apr 22, 2024 12:10:50.282795906 CEST5526823192.168.2.2317.141.88.149
Apr 22, 2024 12:10:50.282797098 CEST5526823192.168.2.23217.216.17.7
Apr 22, 2024 12:10:50.282799959 CEST5526823192.168.2.232.223.201.41
Apr 22, 2024 12:10:50.282799959 CEST5526823192.168.2.23190.49.226.219
Apr 22, 2024 12:10:50.282799959 CEST5526823192.168.2.2368.71.238.240
Apr 22, 2024 12:10:50.282809973 CEST5526823192.168.2.2362.250.32.44
Apr 22, 2024 12:10:50.282819033 CEST5526823192.168.2.23184.238.97.72
Apr 22, 2024 12:10:50.282826900 CEST5526823192.168.2.2385.86.221.14
Apr 22, 2024 12:10:50.282831907 CEST5526823192.168.2.2380.227.223.164
Apr 22, 2024 12:10:50.282835007 CEST5526823192.168.2.23130.216.195.155
Apr 22, 2024 12:10:50.282870054 CEST5526823192.168.2.23157.15.59.204
Apr 22, 2024 12:10:50.282870054 CEST5526823192.168.2.23101.134.43.250
Apr 22, 2024 12:10:50.282870054 CEST5526823192.168.2.2397.70.106.121
Apr 22, 2024 12:10:50.282871008 CEST5526823192.168.2.23163.60.87.226
Apr 22, 2024 12:10:50.282870054 CEST5526823192.168.2.2376.44.169.153
Apr 22, 2024 12:10:50.282870054 CEST5526823192.168.2.2357.97.110.222
Apr 22, 2024 12:10:50.282885075 CEST5526823192.168.2.23192.65.72.134
Apr 22, 2024 12:10:50.282885075 CEST5526823192.168.2.23137.238.48.65
Apr 22, 2024 12:10:50.282886028 CEST5526823192.168.2.23157.174.7.110
Apr 22, 2024 12:10:50.282905102 CEST5526823192.168.2.2398.215.51.127
Apr 22, 2024 12:10:50.282919884 CEST5526823192.168.2.23121.240.58.38
Apr 22, 2024 12:10:50.282929897 CEST5526823192.168.2.23118.146.185.254
Apr 22, 2024 12:10:50.282933950 CEST5526823192.168.2.23210.60.175.147
Apr 22, 2024 12:10:50.282934904 CEST5526823192.168.2.231.47.37.207
Apr 22, 2024 12:10:50.282949924 CEST5526823192.168.2.23182.67.0.35
Apr 22, 2024 12:10:50.282949924 CEST5526823192.168.2.23152.229.24.89
Apr 22, 2024 12:10:50.282952070 CEST5526823192.168.2.2367.51.79.172
Apr 22, 2024 12:10:50.282952070 CEST5526823192.168.2.2396.188.72.6
Apr 22, 2024 12:10:50.282958984 CEST5526823192.168.2.23107.140.22.15
Apr 22, 2024 12:10:50.282958984 CEST5526823192.168.2.2357.210.176.95
Apr 22, 2024 12:10:50.282974005 CEST5526823192.168.2.23179.13.85.216
Apr 22, 2024 12:10:50.282974005 CEST5526823192.168.2.2366.43.97.141
Apr 22, 2024 12:10:50.282978058 CEST5526823192.168.2.2337.93.69.31
Apr 22, 2024 12:10:50.282978058 CEST5526823192.168.2.2371.230.237.52
Apr 22, 2024 12:10:50.282978058 CEST5526823192.168.2.23112.72.199.243
Apr 22, 2024 12:10:50.282984972 CEST5526823192.168.2.2334.154.180.41
Apr 22, 2024 12:10:50.282985926 CEST5526823192.168.2.23132.239.11.164
Apr 22, 2024 12:10:50.282989025 CEST5526823192.168.2.23121.100.213.226
Apr 22, 2024 12:10:50.282989979 CEST5526823192.168.2.23192.150.12.225
Apr 22, 2024 12:10:50.282996893 CEST5526823192.168.2.23139.203.205.5
Apr 22, 2024 12:10:50.282996893 CEST5526823192.168.2.239.155.162.102
Apr 22, 2024 12:10:50.283008099 CEST5526823192.168.2.23155.70.162.129
Apr 22, 2024 12:10:50.283009052 CEST5526823192.168.2.23176.56.160.65
Apr 22, 2024 12:10:50.283008099 CEST5526823192.168.2.23201.57.113.13
Apr 22, 2024 12:10:50.283009052 CEST5526823192.168.2.23160.160.96.147
Apr 22, 2024 12:10:50.283008099 CEST5526823192.168.2.2368.121.146.230
Apr 22, 2024 12:10:50.283014059 CEST5526823192.168.2.2385.65.237.35
Apr 22, 2024 12:10:50.283026934 CEST5526823192.168.2.2362.53.126.65
Apr 22, 2024 12:10:50.283035040 CEST5526823192.168.2.23103.230.165.225
Apr 22, 2024 12:10:50.283040047 CEST5526823192.168.2.2349.31.248.106
Apr 22, 2024 12:10:50.283041000 CEST5526823192.168.2.23208.111.38.13
Apr 22, 2024 12:10:50.283040047 CEST5526823192.168.2.23168.221.138.118
Apr 22, 2024 12:10:50.283041000 CEST5526823192.168.2.23216.158.171.89
Apr 22, 2024 12:10:50.283044100 CEST5526823192.168.2.23203.36.137.203
Apr 22, 2024 12:10:50.283044100 CEST5526823192.168.2.23153.56.184.45
Apr 22, 2024 12:10:50.283044100 CEST5526823192.168.2.2368.109.160.164
Apr 22, 2024 12:10:50.283072948 CEST5526823192.168.2.23111.34.96.142
Apr 22, 2024 12:10:50.283072948 CEST5526823192.168.2.2351.193.217.115
Apr 22, 2024 12:10:50.290898085 CEST4910656730192.168.2.2391.228.147.116
Apr 22, 2024 12:10:50.525042057 CEST567304910691.228.147.116192.168.2.23
Apr 22, 2024 12:10:50.525105953 CEST4910656730192.168.2.2391.228.147.116
Apr 22, 2024 12:10:50.563932896 CEST2355268218.219.199.162192.168.2.23
Apr 22, 2024 12:10:50.610522985 CEST2355268111.196.43.33192.168.2.23
Apr 22, 2024 12:10:50.610557079 CEST2355268222.244.43.36192.168.2.23
Apr 22, 2024 12:10:50.613955021 CEST2355268180.232.170.41192.168.2.23
Apr 22, 2024 12:10:50.848695993 CEST4910656730192.168.2.2391.228.147.116
Apr 22, 2024 12:10:50.910413027 CEST43928443192.168.2.2391.189.91.42
Apr 22, 2024 12:10:51.083039999 CEST567304910691.228.147.116192.168.2.23
Apr 22, 2024 12:10:51.083117962 CEST4910656730192.168.2.2391.228.147.116
Apr 22, 2024 12:10:51.217940092 CEST2355268126.172.80.202192.168.2.23
Apr 22, 2024 12:10:56.541699886 CEST42836443192.168.2.2391.189.91.43
Apr 22, 2024 12:10:57.821574926 CEST4251680192.168.2.23109.202.202.202
Apr 22, 2024 12:11:11.899522066 CEST43928443192.168.2.2391.189.91.42
Apr 22, 2024 12:11:22.138215065 CEST42836443192.168.2.2391.189.91.43
Apr 22, 2024 12:11:28.281471014 CEST4251680192.168.2.23109.202.202.202
Apr 22, 2024 12:11:52.854101896 CEST43928443192.168.2.2391.189.91.42
Apr 22, 2024 12:12:13.331130981 CEST42836443192.168.2.2391.189.91.43

ICMP Packets

TimestampSource IPDest IPChecksumCodeType
Apr 22, 2024 12:10:50.477134943 CEST45.85.247.30192.168.2.23e440(Unknown)Destination Unreachable
Apr 22, 2024 12:10:50.516145945 CEST91.37.56.8192.168.2.2391c9(Unknown)Destination Unreachable
Apr 22, 2024 12:10:50.556794882 CEST188.28.98.248192.168.2.23deeb(Port unreachable)Destination Unreachable
Apr 22, 2024 12:10:53.803124905 CEST157.15.58.2192.168.2.2398b4(Host unreachable)Destination Unreachable

System Behavior

General

Start time (UTC):10:10:48
Start date (UTC):22/04/2024
Path:/tmp/aQvU3QHA3N.elf
Arguments:/tmp/aQvU3QHA3N.elf
File size:84064 bytes
MD5 hash:d89880c3205bef70dcf150f5240b34fc

Chronological Activities


General

Start time (UTC):10:10:49
Start date (UTC):22/04/2024
Path:/tmp/aQvU3QHA3N.elf
Arguments:-
File size:84064 bytes
MD5 hash:d89880c3205bef70dcf150f5240b34fc

Chronological Activities


General

Start time (UTC):10:10:49
Start date (UTC):22/04/2024
Path:/tmp/aQvU3QHA3N.elf
Arguments:-
File size:84064 bytes
MD5 hash:d89880c3205bef70dcf150f5240b34fc

Chronological Activities


General

Start time (UTC):10:10:49
Start date (UTC):22/04/2024
Path:/tmp/aQvU3QHA3N.elf
Arguments:-
File size:84064 bytes
MD5 hash:d89880c3205bef70dcf150f5240b34fc

Chronological Activities


General

Start time (UTC):10:10:49
Start date (UTC):22/04/2024
Path:/tmp/aQvU3QHA3N.elf
Arguments:-
File size:84064 bytes
MD5 hash:d89880c3205bef70dcf150f5240b34fc

Chronological Activities


General

Start time (UTC):10:10:49
Start date (UTC):22/04/2024
Path:/tmp/aQvU3QHA3N.elf
Arguments:-
File size:84064 bytes
MD5 hash:d89880c3205bef70dcf150f5240b34fc

General

Start time (UTC):10:10:49
Start date (UTC):22/04/2024
Path:/tmp/aQvU3QHA3N.elf
Arguments:-
File size:84064 bytes
MD5 hash:d89880c3205bef70dcf150f5240b34fc