Linux
Analysis Report
9Iakt8wQQ7.elf
Overview
General Information
Sample name: | 9Iakt8wQQ7.elfrenamed because original name is a hash value |
Original sample name: | a9f370a8aef906ec967bdf2140d0d797.elf |
Analysis ID: | 1441899 |
MD5: | a9f370a8aef906ec967bdf2140d0d797 |
SHA1: | 71a51453266310f24798de9053ca42b5e7cf6a7b |
SHA256: | a5f72c891e99a002bb1a3a1237b3f252b4cd613e4c4f5f248243e23c259dcfa7 |
Tags: | 32armelfmirai |
Infos: |
Detection
Gafgyt
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Deletes system log files
Manipulation of devices in /dev
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1441899 |
Start date and time: | 2024-05-15 12:52:11 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | 9Iakt8wQQ7.elfrenamed because original name is a hash value |
Original Sample Name: | a9f370a8aef906ec967bdf2140d0d797.elf |
Detection: | MAL |
Classification: | mal64.troj.evad.linELF@0/0@1/0 |
Command: | /tmp/9Iakt8wQQ7.elf |
PID: | 5422 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | guess what. you're retarded |
Standard Error: |
- system is lnxubuntu20
- 9Iakt8wQQ7.elf New Fork (PID: 5424, Parent: 5422)
- 9Iakt8wQQ7.elf New Fork (PID: 5426, Parent: 5424)
- 9Iakt8wQQ7.elf New Fork (PID: 5427, Parent: 5424)
- 9Iakt8wQQ7.elf New Fork (PID: 5430, Parent: 5424)
- dash New Fork (PID: 5439, Parent: 3582)
- dash New Fork (PID: 5440, Parent: 3582)
- dash New Fork (PID: 5441, Parent: 3582)
- dash New Fork (PID: 5442, Parent: 3582)
- dash New Fork (PID: 5443, Parent: 3582)
- dash New Fork (PID: 5444, Parent: 3582)
- dash New Fork (PID: 5445, Parent: 3582)
- dash New Fork (PID: 5446, Parent: 3582)
- dash New Fork (PID: 5447, Parent: 3582)
- dash New Fork (PID: 5448, Parent: 3582)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Bashlite, Gafgyt | Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security |
⊘No Snort rule has matched
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | Deleted: | Jump to behavior | ||
Source: | Deleted: | Jump to behavior |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Log files deleted: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Indicator Removal | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 File Deletion | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
38% | Virustotal | Browse | ||
50% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse |
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
retardedclassmate.dyn | 103.161.35.44 | true | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.217.10.153 | unknown | United States | 16509 | AMAZON-02US | false | |
31.220.1.44 | unknown | Germany | 206264 | AMARUTU-TECHNOLOGYNL | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54.217.10.153 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
31.220.1.44 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
retardedclassmate.dyn | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMARUTU-TECHNOLOGYNL | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gurcu Stealer | Browse |
| ||
AMAZON-02US | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Flawedammyy | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | AsyncRAT, PrivateLoader | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | PureLog Stealer, SystemBC | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fb4726d465c5f28b84cd6d14cedd13a7 | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.459195978600076 |
TrID: |
|
File name: | 9Iakt8wQQ7.elf |
File size: | 154'272 bytes |
MD5: | a9f370a8aef906ec967bdf2140d0d797 |
SHA1: | 71a51453266310f24798de9053ca42b5e7cf6a7b |
SHA256: | a5f72c891e99a002bb1a3a1237b3f252b4cd613e4c4f5f248243e23c259dcfa7 |
SHA512: | 5a0111c69278a062686ad97f1f4bc17cea91763e3f070ad4353caf81d1b2cfd9a95a228e0717d6023ebf30369c8a77213c18a846529683aabef7dce064d6c89f |
SSDEEP: | 1536:zNNW7z/eMG0C8GW7I7GqQ2qFMc5VfyAMDCADPL8Tn/T2Gn0AmOzUnT5Hy25lAl5O:z0zWMPxauXXfyaAv8rr2G0b1yuNU6 |
TLSH: | 59E32A45FD509F26C6D221BBFF4E428D372A5768D3EE720399255F20378A89B0E77242 |
File Content Preview: | .ELF...a..........(.........4....Y......4. ...(......................................................H..............Q.td..................................-...L."....t..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 153872 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0x1d2d4 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x25384 | 0x1d384 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x25398 | 0x1d398 | 0x3600 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x31000 | 0x21000 | 0xc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x3100c | 0x2100c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x31020 | 0x21020 | 0x48b0 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x358d0 | 0x258d0 | 0xd544 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x258d0 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0x20998 | 0x20998 | 5.9522 | 0x5 | R E | 0x8000 | .init .text .fini .rodata | |
LOAD | 0x21000 | 0x31000 | 0x31000 | 0x48d0 | 0x11e14 | 0.3727 | 0x6 | RW | 0x8000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 28
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 15, 2024 12:52:55.368139029 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:52:55.615361929 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:52:55.615449905 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:52:55.615905046 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:52:55.863574982 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:52:55.863663912 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:52:56.111051083 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:52:59.496867895 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:52:59.724498987 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:52:59.724639893 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:52:59.725806952 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:52:59.956332922 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:01.129060030 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:01.129085064 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:01.129152060 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:01.129235983 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:01.129235983 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:01.129235983 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:01.129988909 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:01.367477894 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:01.388668060 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:01.388756990 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:01.388884068 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:01.664736986 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:01.726641893 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:01.726722002 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:01.727504969 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:02.009854078 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:02.091548920 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:02.091564894 CEST | 443 | 37676 | 54.217.10.153 | 192.168.2.13 |
May 15, 2024 12:53:02.091650009 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:02.091650009 CEST | 37676 | 443 | 192.168.2.13 | 54.217.10.153 |
May 15, 2024 12:53:10.631273985 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:53:10.878499031 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:53:10.878568888 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:53:10.878638029 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:53:26.129232883 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:53:26.129385948 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:53:41.379712105 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:53:41.379940987 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:53:56.633325100 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:53:56.633511066 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:54:11.883758068 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:54:11.883889914 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:54:27.131624937 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:54:27.131726980 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:54:40.956845999 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:54:41.204154015 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:54:41.204174042 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:54:41.204282045 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
May 15, 2024 12:54:56.471813917 CEST | 5667 | 55932 | 31.220.1.44 | 192.168.2.13 |
May 15, 2024 12:54:56.471930981 CEST | 55932 | 5667 | 192.168.2.13 | 31.220.1.44 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 15, 2024 12:52:55.148164034 CEST | 51579 | 53 | 192.168.2.13 | 51.254.162.59 |
May 15, 2024 12:52:55.367338896 CEST | 53 | 51579 | 51.254.162.59 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 15, 2024 12:52:55.148164034 CEST | 192.168.2.13 | 51.254.162.59 | 0x14d4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 15, 2024 12:52:55.367338896 CEST | 51.254.162.59 | 192.168.2.13 | 0x14d4 | No error (0) | 103.161.35.44 | A (IP address) | IN (0x0001) | false | ||
May 15, 2024 12:52:55.367338896 CEST | 51.254.162.59 | 192.168.2.13 | 0x14d4 | No error (0) | 31.220.1.44 | A (IP address) | IN (0x0001) | false | ||
May 15, 2024 12:52:55.367338896 CEST | 51.254.162.59 | 192.168.2.13 | 0x14d4 | No error (0) | 89.32.41.31 | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
May 15, 2024 12:53:01.129152060 CEST | 54.217.10.153 | 443 | 192.168.2.13 | 37676 | CN=motd.ubuntu.com CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | Thu Mar 07 10:27:55 CET 2024 Fri Sep 04 02:00:00 CEST 2020 | Wed Jun 05 11:27:54 CEST 2024 Mon Sep 15 18:00:00 CEST 2025 | 771,4866-4867-4865-49196-49200-163-159-52393-52392-52394-49327-49325-49315-49311-49245-49249-49239-49235-49195-49199-162-158-49326-49324-49314-49310-49244-49248-49238-49234-49188-49192-107-106-49267-49271-196-195-49187-49191-103-64-49266-49270-190-189-49162-49172-57-56-136-135-49161-49171-51-50-69-68-157-49313-49309-49233-156-49312-49308-49232-61-192-60-186-53-132-47-65-255,0-11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2 | fb4726d465c5f28b84cd6d14cedd13a7 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 |
System Behavior
Start time (UTC): | 10:52:53 |
Start date (UTC): | 15/05/2024 |
Path: | /tmp/9Iakt8wQQ7.elf |
Arguments: | /tmp/9Iakt8wQQ7.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 10:52:53 |
Start date (UTC): | 15/05/2024 |
Path: | /tmp/9Iakt8wQQ7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 10:52:53 |
Start date (UTC): | 15/05/2024 |
Path: | /tmp/9Iakt8wQQ7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 10:52:53 |
Start date (UTC): | 15/05/2024 |
Path: | /tmp/9Iakt8wQQ7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 10:52:53 |
Start date (UTC): | 15/05/2024 |
Path: | /tmp/9Iakt8wQQ7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.AEQOKm3Wk1 /tmp/tmp.u2Z8V9De4Y /tmp/tmp.pzSyU74hCW |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/cat |
Arguments: | cat /tmp/tmp.AEQOKm3Wk1 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/head |
Arguments: | head -n 10 |
File size: | 47480 bytes |
MD5 hash: | fd96a67145172477dd57131396fc9608 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/tr |
Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
File size: | 51544 bytes |
MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/cut |
Arguments: | cut -c -80 |
File size: | 47480 bytes |
MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/cat |
Arguments: | cat /tmp/tmp.AEQOKm3Wk1 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/head |
Arguments: | head -n 10 |
File size: | 47480 bytes |
MD5 hash: | fd96a67145172477dd57131396fc9608 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/tr |
Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
File size: | 51544 bytes |
MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/cut |
Arguments: | cut -c -80 |
File size: | 47480 bytes |
MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 10:53:00 |
Start date (UTC): | 15/05/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.AEQOKm3Wk1 /tmp/tmp.u2Z8V9De4Y /tmp/tmp.pzSyU74hCW |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |