Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
rV97CNwo30.elf

Overview

General Information

Sample name:rV97CNwo30.elf
renamed because original name is a hash value
Original sample name:ca4b1ae481fa3903228f9ece7122b4d4.elf
Analysis ID:1447837
MD5:ca4b1ae481fa3903228f9ece7122b4d4
SHA1:bbfe6774ff15371d07d8fd95d90dd651f6bb218e
SHA256:3887ae8f8555c54cf15167fdf16e314ab35db2093364d9757525ce51f454d802
Tags:64elfgafgyt
Infos:

Detection

Gafgyt, Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Gafgyt
Yara detected Mirai
Contains symbols with names commonly found in malware
Machine Learning detection for sample
Opens /proc/net/* files useful for finding connected devices and routers
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample contains strings that are user agent strings indicative of HTTP manipulation
Yara signature match

Classification

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1447837
Start date and time:2024-05-27 09:02:18 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 14s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:rV97CNwo30.elf
renamed because original name is a hash value
Original Sample Name:ca4b1ae481fa3903228f9ece7122b4d4.elf
Detection:MAL
Classification:mal100.spre.troj.linELF@0/0@2/0

Runtime Messages

Command:/tmp/rV97CNwo30.elf
PID:5483
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5470, Parent: 3633)
  • rm (PID: 5470, Parent: 3633, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.RQPeLR8yM9 /tmp/tmp.Sq3TDDT9f8 /tmp/tmp.RjYTqvNaPY
  • dash New Fork (PID: 5471, Parent: 3633)
  • rm (PID: 5471, Parent: 3633, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.RQPeLR8yM9 /tmp/tmp.Sq3TDDT9f8 /tmp/tmp.RjYTqvNaPY
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
rV97CNwo30.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    rV97CNwo30.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      rV97CNwo30.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x114e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x114f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11508:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1151c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11530:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11544:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11558:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1156c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11580:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11594:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1160c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1165c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      rV97CNwo30.elfLinux_Trojan_Gafgyt_a6a2adb9unknownunknown
      • 0xa27:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
      rV97CNwo30.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0x9500:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      Click to see the 13 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5483.1.0000000000400000.0000000000416000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5483.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x114e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x114f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11508:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1151c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11530:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11544:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11558:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1156c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11580:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11594:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1160c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1165c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        5483.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_a6a2adb9unknownunknown
        • 0xa27:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
        5483.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
        • 0x9500:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
        5483.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_f3d83a74unknownunknown
        • 0x94d:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
        Click to see the 52 entries

        Snort Signatures

        Timestamp:05/27/24-09:03:03.347505
        SID:2839489
        Source Port:666
        Destination Port:54260
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:04:28.789486
        SID:2839489
        Source Port:666
        Destination Port:54270
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:05:33.545041
        SID:2839490
        Source Port:54276
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:04:28.202525
        SID:2839490
        Source Port:54270
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:05:16.454179
        SID:2839490
        Source Port:54274
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:03:20.153870
        SID:2839489
        Source Port:666
        Destination Port:54262
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:03:19.466753
        SID:2839490
        Source Port:54262
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:03:52.587779
        SID:2839489
        Source Port:666
        Destination Port:54266
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:04:45.193826
        SID:2839490
        Source Port:54272
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:05:17.165921
        SID:2839489
        Source Port:666
        Destination Port:54274
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:04:11.051134
        SID:2839490
        Source Port:54268
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:03:35.814726
        SID:2839489
        Source Port:666
        Destination Port:54264
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:04:11.772776
        SID:2839489
        Source Port:666
        Destination Port:54268
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:03:02.716784
        SID:2839490
        Source Port:54260
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:04:45.899895
        SID:2839489
        Source Port:666
        Destination Port:54272
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:05:34.229486
        SID:2839489
        Source Port:666
        Destination Port:54276
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:03:52.723818
        SID:2839490
        Source Port:54266
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/27/24-09:03:35.170860
        SID:2839490
        Source Port:54264
        Destination Port:666
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: rV97CNwo30.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: rV97CNwo30.elfReversingLabs: Detection: 68%
        Source: rV97CNwo30.elfVirustotal: Detection: 62%Perma Link
        Machine Learning detection for sample
        Source: rV97CNwo30.elfJoe Sandbox ML: detected

        Spreading

        barindex
        Opens /proc/net/* files useful for finding connected devices and routers
        Source: /tmp/rV97CNwo30.elf (PID: 5483)Opens: /proc/net/routeJump to behavior

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54260 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54260
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54262 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54262
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54264 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54264
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54266 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54266
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54268 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54268
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54270 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54270
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54272 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54272
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54274 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54274
        Source: TrafficSnort IDS: 2839490 ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86) 192.168.2.14:54276 -> 176.123.4.187:666
        Source: TrafficSnort IDS: 2839489 ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response 176.123.4.187:666 -> 192.168.2.14:54276
        Source: global trafficTCP traffic: 192.168.2.14:54260 -> 176.123.4.187:666
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: unknownTCP traffic detected without corresponding DNS query: 176.123.4.187
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
        Source: Process Memory Space: rV97CNwo30.elf PID: 5483, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: rV97CNwo30.elf PID: 5484, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: rV97CNwo30.elf PID: 5485, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Contains symbols with names commonly found in malware
        Source: ELF static info symbol of initial sampleName: vseattack
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: rV97CNwo30.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
        Source: Process Memory Space: rV97CNwo30.elf PID: 5483, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: rV97CNwo30.elf PID: 5484, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: rV97CNwo30.elf PID: 5485, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: classification engineClassification label: mal100.spre.troj.linELF@0/0@2/0
        Source: /usr/bin/dash (PID: 5470)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.RQPeLR8yM9 /tmp/tmp.Sq3TDDT9f8 /tmp/tmp.RjYTqvNaPYJump to behavior
        Source: /usr/bin/dash (PID: 5471)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.RQPeLR8yM9 /tmp/tmp.Sq3TDDT9f8 /tmp/tmp.RjYTqvNaPYJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected Gafgyt
        Source: Yara matchFile source: rV97CNwo30.elf, type: SAMPLE
        Yara detected Mirai
        Source: Yara matchFile source: rV97CNwo30.elf, type: SAMPLE
        Source: Yara matchFile source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: rV97CNwo30.elf PID: 5483, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rV97CNwo30.elf PID: 5484, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rV97CNwo30.elf PID: 5485, type: MEMORYSTR
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
        Source: Initial sampleUser agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0

        Remote Access Functionality

        barindex
        Yara detected Gafgyt
        Source: Yara matchFile source: rV97CNwo30.elf, type: SAMPLE
        Yara detected Mirai
        Source: Yara matchFile source: rV97CNwo30.elf, type: SAMPLE
        Source: Yara matchFile source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: rV97CNwo30.elf PID: 5483, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rV97CNwo30.elf PID: 5484, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rV97CNwo30.elf PID: 5485, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
        File Deletion        		OS Credential Dumping1
        Remote System Discovery        		Remote ServicesData from Local System1
        Data Obfuscation        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Application Layer Protocol        		Traffic DuplicationData Destruction

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447837 Sample: rV97CNwo30.elf Startdate: 27/05/2024 Architecture: LINUX Score: 100 19 176.123.4.187, 54260, 54262, 54264 ALEXHOSTMD Moldova Republic of 2->19 21 daisy.ubuntu.com 2->21 23 Snort IDS alert for network traffic 2->23 25 Malicious sample detected (through community Yara rule) 2->25 27 Antivirus / Scanner detection for submitted sample 2->27 29 5 other signatures 2->29 8 dash rm rV97CNwo30.elf 2->8         started        11 dash rm 2->11         started        signatures3 process4 signatures5 31 Opens /proc/net/* files useful for finding connected devices and routers 8->31 13 rV97CNwo30.elf 8->13         started        15 rV97CNwo30.elf 8->15         started        process6 process7 17 rV97CNwo30.elf 13->17         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        rV97CNwo30.elf68%ReversingLabsLinux.Trojan.LnxGafgyt
        rV97CNwo30.elf63%VirustotalBrowse
        rV97CNwo30.elf100%AviraLINUX/Mirai.Gafgyt.
        rV97CNwo30.elf100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        daisy.ubuntu.com0%VirustotalBrowse

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.25
        		truefalseunknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        176.123.4.187
        		unknownMoldova Republic of
        		200019ALEXHOSTMDtrue

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        daisy.ubuntu.comHcmes4e8Sw.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.24
        M4huqujaBY.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.25
        cVxP229sNF.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.24
        ZVQBodhgp1.elfGet hashmaliciousMirai, MoobotBrowse
        • 162.213.35.25
        1rA2CJx2rg.elfGet hashmaliciousMirai, MoobotBrowse
        • 162.213.35.24
        nJNBF70tP9.elfGet hashmaliciousMiraiBrowse
        • 162.213.35.25
        SjLTg00G6b.elfGet hashmaliciousMiraiBrowse
        • 162.213.35.25
        mKBZo65Fcb.elfGet hashmaliciousMiraiBrowse
        • 162.213.35.25
        Aqua.x86.elfGet hashmaliciousUnknownBrowse
        • 162.213.35.24

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        ALEXHOSTMD 472.rtf.docGet hashmaliciousSmokeLoaderBrowse
        • 45.84.0.173
        support.Client.exe.zipGet hashmaliciousScreenConnect ToolBrowse
        • 176.123.10.70
        https://coanj.com/Get hashmaliciousUnknownBrowse
        • 45.142.212.163
        Q1a9z2AS7p.elfGet hashmaliciousUnknownBrowse
        • 176.123.1.127
        3sbAd2pTKO.elfGet hashmaliciousUnknownBrowse
        • 176.123.1.127
        5SgnZcDoHg.elfGet hashmaliciousUnknownBrowse
        • 176.123.1.127
        uKzd18tKZ2.elfGet hashmaliciousUnknownBrowse
        • 176.123.1.127
        9r8dnbGVit.elfGet hashmaliciousUnknownBrowse
        • 176.123.1.127
        Aklr8oRy7s.elfGet hashmaliciousMiraiBrowse
        • 176.123.1.127
        a1IUAX8aGK.elfGet hashmaliciousUnknownBrowse
        • 176.123.1.127

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
        Entropy (8bit):5.9625331481202055
        TrID:
        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
        File name:rV97CNwo30.elf
        File size:132'185 bytes
        MD5:ca4b1ae481fa3903228f9ece7122b4d4
        SHA1:bbfe6774ff15371d07d8fd95d90dd651f6bb218e
        SHA256:3887ae8f8555c54cf15167fdf16e314ab35db2093364d9757525ce51f454d802
        SHA512:e891f2657f7574e1257d7be0b460e6af147e73b98ac60d0a6fe22b9308199deb973488e670117a44f9df35c1e7cd59eaec17256ca5aba6004e40a195d42a9782
        SSDEEP:3072:7GGZgLD3hhI2fKGHOZOSp6iKVKkSmr1zwTdWNn:ODBvcsK/mr1zwTdWNn
        TLSH:56D30837D654887AC04712F11BEFC6229D23BCFB0731215723987E605F378AA9E99B46
        File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@......Q.......Q........ ..............Q.......Qa......Qa.....(1................ .....Q.td....................................................H...._....*...H........

        Static ELF Info

        ELF header

        Class:ELF64
        Data:2's complement, little endian
        Version:1 (current)
        Machine:Advanced Micro Devices X86-64
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:UNIX - System V
        ABI Version:0
        Entry Point Address:0x400194
        Flags:0x0
        ELF Header Size:64
        Program Header Offset:64
        Program Header Size:56
        Number of Program Headers:3
        Section Header Offset:102072
        Section Header Size:64
        Number of Section Headers:15
        Header String Table Index:12

        Sections

        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
        NULL0x00x00x00x00x0000
        .initPROGBITS0x4000e80xe80x130x00x6AX001
        .textPROGBITS0x4001000x1000xfe540x00x6AX0016
        .finiPROGBITS0x40ff540xff540xe0x00x6AX001
        .rodataPROGBITS0x40ff800xff800x51900x00x2A0032
        .eh_framePROGBITS0x6151100x151100x2b9c0x00x3WA008
        .ctorsPROGBITS0x617cb00x17cb00x100x00x3WA008
        .dtorsPROGBITS0x617cc00x17cc00x100x00x3WA008
        .jcrPROGBITS0x617cd00x17cd00x80x00x3WA008
        .dataPROGBITS0x617ce00x17ce00x5580x00x3WA0032
        .bssNOBITS0x6182400x182380x6ce80x00x3WA0032
        .commentPROGBITS0x00x182380xc180x00x0001
        .shstrtabSTRTAB0x00x18e500x660x00x0001
        .symtabSYMTAB0x00x192780x4c080x180x0142738
        .strtabSTRTAB0x00x1de800x25d90x00x0001

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x4000000x4000000x151100x151106.38420x5R E0x200000.init .text .fini .rodata
        LOAD0x151100x6151100x6151100x31280x9e183.58400x6RW 0x200000.eh_frame .ctors .dtors .jcr .data .bss
        GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

        Symbols

        NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
        .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        .symtab0x4000e80SECTION<unknown>DEFAULT1
        .symtab0x4001000SECTION<unknown>DEFAULT2
        .symtab0x40ff540SECTION<unknown>DEFAULT3
        .symtab0x40ff800SECTION<unknown>DEFAULT4
        .symtab0x6151100SECTION<unknown>DEFAULT5
        .symtab0x617cb00SECTION<unknown>DEFAULT6
        .symtab0x617cc00SECTION<unknown>DEFAULT7
        .symtab0x617cd00SECTION<unknown>DEFAULT8
        .symtab0x617ce00SECTION<unknown>DEFAULT9
        .symtab0x6182400SECTION<unknown>DEFAULT10
        .symtab0x00SECTION<unknown>DEFAULT11
        C.1.3849.symtab0x414c0040OBJECT<unknown>DEFAULT4
        KHcommSOCK.symtab0x6182a04OBJECT<unknown>DEFAULT10
        KHserverHACKER.symtab0x617e404OBJECT<unknown>DEFAULT9
        LOCAL_ADDR.symtab0x61e56c4OBJECT<unknown>DEFAULT10
        Q.symtab0x6182c016384OBJECT<unknown>DEFAULT10
        UserAgents.symtab0x617d20288OBJECT<unknown>DEFAULT9
        _Exit.symtab0x4074b443FUNC<unknown>DEFAULT2
        _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __CTOR_END__.symtab0x617cb80OBJECT<unknown>DEFAULT6
        __CTOR_LIST__.symtab0x617cb00OBJECT<unknown>DEFAULT6
        __C_ctype_b.symtab0x617e588OBJECT<unknown>DEFAULT9
        __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __C_ctype_b_data.symtab0x413190768OBJECT<unknown>DEFAULT4
        __C_ctype_tolower.symtab0x6182288OBJECT<unknown>DEFAULT9
        __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __C_ctype_tolower_data.symtab0x414e10768OBJECT<unknown>DEFAULT4
        __C_ctype_toupper.symtab0x617e688OBJECT<unknown>DEFAULT9
        __C_ctype_toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __C_ctype_toupper_data.symtab0x413490768OBJECT<unknown>DEFAULT4
        __DTOR_END__.symtab0x617cc80OBJECT<unknown>DEFAULT7
        __DTOR_LIST__.symtab0x617cc00OBJECT<unknown>DEFAULT7
        __EH_FRAME_BEGIN__.symtab0x6151100OBJECT<unknown>DEFAULT5
        __FRAME_END__.symtab0x617ca80OBJECT<unknown>DEFAULT5
        __GI___C_ctype_b.symtab0x617e588OBJECT<unknown>HIDDEN9
        __GI___C_ctype_tolower.symtab0x6182288OBJECT<unknown>HIDDEN9
        __GI___C_ctype_toupper.symtab0x617e688OBJECT<unknown>HIDDEN9
        __GI___ctype_b.symtab0x617e608OBJECT<unknown>HIDDEN9
        __GI___ctype_tolower.symtab0x6182308OBJECT<unknown>HIDDEN9
        __GI___ctype_toupper.symtab0x617e708OBJECT<unknown>HIDDEN9
        __GI___errno_location.symtab0x4078246FUNC<unknown>HIDDEN2
        __GI___fcntl_nocancel.symtab0x407450100FUNC<unknown>HIDDEN2
        __GI___fgetc_unlocked.symtab0x40cf7c222FUNC<unknown>HIDDEN2
        __GI___glibc_strerror_r.symtab0x4091e814FUNC<unknown>HIDDEN2
        __GI___h_errno_location.symtab0x40bb6c6FUNC<unknown>HIDDEN2
        __GI___libc_fcntl.symtab0x4073ec100FUNC<unknown>HIDDEN2
        __GI___sigaddset.symtab0x40963428FUNC<unknown>HIDDEN2
        __GI___sigdelset.symtab0x40965030FUNC<unknown>HIDDEN2
        __GI___sigismember.symtab0x40961432FUNC<unknown>HIDDEN2
        __GI___uClibc_fini.symtab0x40b36c70FUNC<unknown>HIDDEN2
        __GI___uClibc_init.symtab0x40b3e758FUNC<unknown>HIDDEN2
        __GI___xpg_strerror_r.symtab0x4091f8196FUNC<unknown>HIDDEN2
        __GI__exit.symtab0x4074b443FUNC<unknown>HIDDEN2
        __GI_abort.symtab0x40a7e0200FUNC<unknown>HIDDEN2
        __GI_atoi.symtab0x40ac8418FUNC<unknown>HIDDEN2
        __GI_brk.symtab0x40dc2c43FUNC<unknown>HIDDEN2
        __GI_clock_getres.symtab0x40b72041FUNC<unknown>HIDDEN2
        __GI_close.symtab0x40750c41FUNC<unknown>HIDDEN2
        __GI_closedir.symtab0x40b8a0147FUNC<unknown>HIDDEN2
        __GI_config_close.symtab0x40be3643FUNC<unknown>HIDDEN2
        __GI_config_open.symtab0x40be6146FUNC<unknown>HIDDEN2
        __GI_config_read.symtab0x40bb74706FUNC<unknown>HIDDEN2
        __GI_connect.symtab0x4093f043FUNC<unknown>HIDDEN2
        __GI_dup2.symtab0x40753844FUNC<unknown>HIDDEN2
        __GI_errno.symtab0x61e5284OBJECT<unknown>HIDDEN10
        __GI_execl.symtab0x40ae58287FUNC<unknown>HIDDEN2
        __GI_execve.symtab0x40b74c38FUNC<unknown>HIDDEN2
        __GI_exit.symtab0x40adf895FUNC<unknown>HIDDEN2
        __GI_fclose.symtab0x40bf60269FUNC<unknown>HIDDEN2
        __GI_fcntl.symtab0x4073ec100FUNC<unknown>HIDDEN2
        __GI_fflush_unlocked.symtab0x40ce38322FUNC<unknown>HIDDEN2
        __GI_fgetc.symtab0x40cc6c128FUNC<unknown>HIDDEN2
        __GI_fgetc_unlocked.symtab0x40cf7c222FUNC<unknown>HIDDEN2
        __GI_fgets.symtab0x40ccec116FUNC<unknown>HIDDEN2
        __GI_fgets_unlocked.symtab0x40d05c116FUNC<unknown>HIDDEN2
        __GI_fopen.symtab0x40c07010FUNC<unknown>HIDDEN2
        __GI_fork.symtab0x40756438FUNC<unknown>HIDDEN2
        __GI_fputs_unlocked.symtab0x40895056FUNC<unknown>HIDDEN2
        __GI_fseek.symtab0x40dfd05FUNC<unknown>HIDDEN2
        __GI_fseeko64.symtab0x40dfd8225FUNC<unknown>HIDDEN2
        __GI_fstat.symtab0x40dc5882FUNC<unknown>HIDDEN2
        __GI_fstat64.symtab0x40dc5882FUNC<unknown>HIDDEN2
        __GI_fwrite_unlocked.symtab0x408988128FUNC<unknown>HIDDEN2
        __GI_getc_unlocked.symtab0x40cf7c222FUNC<unknown>HIDDEN2
        __GI_getdtablesize.symtab0x40758c36FUNC<unknown>HIDDEN2
        __GI_getegid.symtab0x40b7748FUNC<unknown>HIDDEN2
        __GI_geteuid.symtab0x4075b08FUNC<unknown>HIDDEN2
        __GI_getgid.symtab0x40b77c8FUNC<unknown>HIDDEN2
        __GI_gethostbyname.symtab0x4093a010FUNC<unknown>HIDDEN2
        __GI_gethostbyname2.symtab0x4093ac65FUNC<unknown>HIDDEN2
        __GI_gethostbyname2_r.symtab0x40d904761FUNC<unknown>HIDDEN2
        __GI_gethostbyname_r.symtab0x40f5f4802FUNC<unknown>HIDDEN2
        __GI_gethostname.symtab0x40f91894FUNC<unknown>HIDDEN2
        __GI_getpagesize.symtab0x40b78419FUNC<unknown>HIDDEN2
        __GI_getpid.symtab0x4075b88FUNC<unknown>HIDDEN2
        __GI_getrlimit.symtab0x4075c840FUNC<unknown>HIDDEN2
        __GI_getsockname.symtab0x40941c41FUNC<unknown>HIDDEN2
        __GI_getuid.symtab0x40b7988FUNC<unknown>HIDDEN2
        __GI_h_errno.symtab0x61e52c4OBJECT<unknown>HIDDEN10
        __GI_htonl.symtab0x40936c5FUNC<unknown>HIDDEN2
        __GI_htons.symtab0x4093648FUNC<unknown>HIDDEN2
        __GI_inet_addr.symtab0x40938029FUNC<unknown>HIDDEN2
        __GI_inet_aton.symtab0x40d87c135FUNC<unknown>HIDDEN2
        __GI_inet_ntop.symtab0x40e6d3518FUNC<unknown>HIDDEN2
        __GI_inet_pton.symtab0x40e3f3493FUNC<unknown>HIDDEN2
        __GI_initstate_r.symtab0x40abc8185FUNC<unknown>HIDDEN2
        __GI_ioctl.symtab0x4075f0101FUNC<unknown>HIDDEN2
        __GI_isatty.symtab0x4092d825FUNC<unknown>HIDDEN2
        __GI_kill.symtab0x40765844FUNC<unknown>HIDDEN2
        __GI_lseek.symtab0x40fe1845FUNC<unknown>HIDDEN2
        __GI_lseek64.symtab0x40fa1c5FUNC<unknown>HIDDEN2
        __GI_memchr.symtab0x40d240236FUNC<unknown>HIDDEN2
        __GI_memcpy.symtab0x408af0102FUNC<unknown>HIDDEN2
        __GI_memmove.symtab0x40d32c702FUNC<unknown>HIDDEN2
        __GI_mempcpy.symtab0x40d0d090FUNC<unknown>HIDDEN2
        __GI_memrchr.symtab0x40d5ec233FUNC<unknown>HIDDEN2
        __GI_memset.symtab0x408b60210FUNC<unknown>HIDDEN2
        __GI_mmap.symtab0x40b6f048FUNC<unknown>HIDDEN2
        __GI_mremap.symtab0x40b7a042FUNC<unknown>HIDDEN2
        __GI_munmap.symtab0x40b7cc38FUNC<unknown>HIDDEN2
        __GI_nanosleep.symtab0x40b7f438FUNC<unknown>HIDDEN2
        __GI_ntohl.symtab0x4093795FUNC<unknown>HIDDEN2
        __GI_ntohs.symtab0x4093718FUNC<unknown>HIDDEN2
        __GI_open.symtab0x407684106FUNC<unknown>HIDDEN2
        __GI_opendir.symtab0x40b9c9157FUNC<unknown>HIDDEN2
        __GI_pipe.symtab0x4076f038FUNC<unknown>HIDDEN2
        __GI_poll.symtab0x40f97841FUNC<unknown>HIDDEN2
        __GI_raise.symtab0x40dc0018FUNC<unknown>HIDDEN2
        __GI_random.symtab0x40a8b472FUNC<unknown>HIDDEN2
        __GI_random_r.symtab0x40aab790FUNC<unknown>HIDDEN2
        __GI_rawmemchr.symtab0x40e2ac189FUNC<unknown>HIDDEN2
        __GI_read.symtab0x40774439FUNC<unknown>HIDDEN2
        __GI_readdir64.symtab0x40badc143FUNC<unknown>HIDDEN2
        __GI_recv.symtab0x40947c11FUNC<unknown>HIDDEN2
        __GI_recvfrom.symtab0x40948845FUNC<unknown>HIDDEN2
        __GI_sbrk.symtab0x40b81c74FUNC<unknown>HIDDEN2
        __GI_select.symtab0x40776c44FUNC<unknown>HIDDEN2
        __GI_send.symtab0x4094b811FUNC<unknown>HIDDEN2
        __GI_sendto.symtab0x4094c448FUNC<unknown>HIDDEN2
        __GI_setsockopt.symtab0x4094f453FUNC<unknown>HIDDEN2
        __GI_setstate_r.symtab0x40aa0c171FUNC<unknown>HIDDEN2
        __GI_sigaction.symtab0x40b67d114FUNC<unknown>HIDDEN2
        __GI_sigaddset.symtab0x40955c35FUNC<unknown>HIDDEN2
        __GI_sigemptyset.symtab0x40958010FUNC<unknown>HIDDEN2
        __GI_signal.symtab0x40958c133FUNC<unknown>HIDDEN2
        __GI_sigprocmask.symtab0x40779847FUNC<unknown>HIDDEN2
        __GI_sleep.symtab0x40af78142FUNC<unknown>HIDDEN2
        __GI_socket.symtab0x40952c47FUNC<unknown>HIDDEN2
        __GI_sprintf.symtab0x40785c149FUNC<unknown>HIDDEN2
        __GI_srandom_r.symtab0x40ab11183FUNC<unknown>HIDDEN2
        __GI_stat.symtab0x40f9a479FUNC<unknown>HIDDEN2
        __GI_stat64.symtab0x40f9a479FUNC<unknown>HIDDEN2
        __GI_strcasecmp.symtab0x40fe4848FUNC<unknown>HIDDEN2
        __GI_strchr.symtab0x408c40417FUNC<unknown>HIDDEN2
        __GI_strchrnul.symtab0x40d6d8268FUNC<unknown>HIDDEN2
        __GI_strcmp.symtab0x408de433FUNC<unknown>HIDDEN2
        __GI_strcoll.symtab0x408de433FUNC<unknown>HIDDEN2
        __GI_strcpy.symtab0x408e10213FUNC<unknown>HIDDEN2
        __GI_strcspn.symtab0x40d130135FUNC<unknown>HIDDEN2
        __GI_strdup.symtab0x40fa2454FUNC<unknown>HIDDEN2
        __GI_strlen.symtab0x408ef0225FUNC<unknown>HIDDEN2
        __GI_strncpy.symtab0x408fd4131FUNC<unknown>HIDDEN2
        __GI_strnlen.symtab0x409058201FUNC<unknown>HIDDEN2
        __GI_strpbrk.symtab0x40e220140FUNC<unknown>HIDDEN2
        __GI_strrchr.symtab0x40d7e453FUNC<unknown>HIDDEN2
        __GI_strspn.symtab0x40d1b8135FUNC<unknown>HIDDEN2
        __GI_strstr.symtab0x409124193FUNC<unknown>HIDDEN2
        __GI_strtok.symtab0x4092cc10FUNC<unknown>HIDDEN2
        __GI_strtok_r.symtab0x40d81c94FUNC<unknown>HIDDEN2
        __GI_strtol.symtab0x40ac9810FUNC<unknown>HIDDEN2
        __GI_strtoll.symtab0x40ac9810FUNC<unknown>HIDDEN2
        __GI_sysconf.symtab0x40b0e7560FUNC<unknown>HIDDEN2
        __GI_tcgetattr.symtab0x4092f4110FUNC<unknown>HIDDEN2
        __GI_time.symtab0x4077c88FUNC<unknown>HIDDEN2
        __GI_times.symtab0x40b8688FUNC<unknown>HIDDEN2
        __GI_toupper.symtab0x40780430FUNC<unknown>HIDDEN2
        __GI_uname.symtab0x40f9f438FUNC<unknown>HIDDEN2
        __GI_vfork.symtab0x4073d421FUNC<unknown>HIDDEN2
        __GI_vsnprintf.symtab0x4078f4189FUNC<unknown>HIDDEN2
        __GI_wait4.symtab0x40b87047FUNC<unknown>HIDDEN2
        __GI_waitpid.symtab0x4077d07FUNC<unknown>HIDDEN2
        __GI_wcrtomb.symtab0x40be9068FUNC<unknown>HIDDEN2
        __GI_wcsnrtombs.symtab0x40bee4123FUNC<unknown>HIDDEN2
        __GI_wcsrtombs.symtab0x40bed415FUNC<unknown>HIDDEN2
        __GI_write.symtab0x4077d842FUNC<unknown>HIDDEN2
        __JCR_END__.symtab0x617cd00OBJECT<unknown>DEFAULT8
        __JCR_LIST__.symtab0x617cd00OBJECT<unknown>DEFAULT8
        __app_fini.symtab0x61e5188OBJECT<unknown>HIDDEN10
        __atexit_lock.symtab0x6181e040OBJECT<unknown>DEFAULT9
        __bss_start.symtab0x6182380NOTYPE<unknown>DEFAULTSHN_ABS
        __check_one_fd.symtab0x40b3b253FUNC<unknown>DEFAULT2
        __close_nameservers.symtab0x40f554109FUNC<unknown>HIDDEN2
        __ctype_b.symtab0x617e608OBJECT<unknown>DEFAULT9
        __ctype_tolower.symtab0x6182308OBJECT<unknown>DEFAULT9
        __ctype_toupper.symtab0x617e708OBJECT<unknown>DEFAULT9
        __curbrk.symtab0x61e5308OBJECT<unknown>HIDDEN10
        __data_start.symtab0x617cf00NOTYPE<unknown>DEFAULT9
        __decode_dotted.symtab0x40e8dc280FUNC<unknown>HIDDEN2
        __decode_header.symtab0x40fb20156FUNC<unknown>HIDDEN2
        __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        __dns_lookup.symtab0x40e9f41853FUNC<unknown>HIDDEN2
        __do_global_ctors_aux.symtab0x40ff200FUNC<unknown>DEFAULT2
        __do_global_dtors_aux.symtab0x4001000FUNC<unknown>DEFAULT2
        __dso_handle.symtab0x617ce00OBJECT<unknown>HIDDEN9
        __encode_dotted.symtab0x40fe78162FUNC<unknown>HIDDEN2
        __encode_header.symtab0x40fa5c193FUNC<unknown>HIDDEN2
        __encode_question.symtab0x40fbbc80FUNC<unknown>HIDDEN2
        __environ.symtab0x61e5088OBJECT<unknown>DEFAULT10
        __errno_location.symtab0x4078246FUNC<unknown>DEFAULT2
        __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __exit_cleanup.symtab0x61e4f88OBJECT<unknown>HIDDEN10
        __fcntl_nocancel.symtab0x407450100FUNC<unknown>DEFAULT2
        __fgetc_unlocked.symtab0x40cf7c222FUNC<unknown>DEFAULT2
        __fini_array_end.symtab0x617cac0NOTYPE<unknown>HIDDEN5
        __fini_array_start.symtab0x617cac0NOTYPE<unknown>HIDDEN5
        __get_hosts_byname_r.symtab0x40f5c448FUNC<unknown>HIDDEN2
        __getdents.symtab0x40deb0288FUNC<unknown>HIDDEN2
        __getdents64.symtab0x40deb0288FUNC<unknown>HIDDEN2
        __getpagesize.symtab0x40b78419FUNC<unknown>DEFAULT2
        __glibc_strerror_r.symtab0x4091e814FUNC<unknown>DEFAULT2
        __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __h_errno_location.symtab0x40bb6c6FUNC<unknown>DEFAULT2
        __h_errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __init_array_end.symtab0x617cac0NOTYPE<unknown>HIDDEN5
        __init_array_start.symtab0x617cac0NOTYPE<unknown>HIDDEN5
        __libc_close.symtab0x40750c41FUNC<unknown>DEFAULT2
        __libc_connect.symtab0x4093f043FUNC<unknown>DEFAULT2
        __libc_fcntl.symtab0x4073ec100FUNC<unknown>DEFAULT2
        __libc_fork.symtab0x40756438FUNC<unknown>DEFAULT2
        __libc_lseek.symtab0x40fe1845FUNC<unknown>DEFAULT2
        __libc_lseek64.symtab0x40fa1c5FUNC<unknown>DEFAULT2
        __libc_nanosleep.symtab0x40b7f438FUNC<unknown>DEFAULT2
        __libc_open.symtab0x407684106FUNC<unknown>DEFAULT2
        __libc_read.symtab0x40774439FUNC<unknown>DEFAULT2
        __libc_recv.symtab0x40947c11FUNC<unknown>DEFAULT2
        __libc_recvfrom.symtab0x40948845FUNC<unknown>DEFAULT2
        __libc_select.symtab0x40776c44FUNC<unknown>DEFAULT2
        __libc_send.symtab0x4094b811FUNC<unknown>DEFAULT2
        __libc_sendto.symtab0x4094c448FUNC<unknown>DEFAULT2
        __libc_sigaction.symtab0x40b67d114FUNC<unknown>DEFAULT2
        __libc_stack_end.symtab0x61e5008OBJECT<unknown>DEFAULT10
        __libc_waitpid.symtab0x4077d07FUNC<unknown>DEFAULT2
        __libc_write.symtab0x4077d842FUNC<unknown>DEFAULT2
        __local_nameserver.symtab0x414df016OBJECT<unknown>HIDDEN4
        __malloc_consolidate.symtab0x40a46a407FUNC<unknown>HIDDEN2
        __malloc_largebin_index.symtab0x409670110FUNC<unknown>DEFAULT2
        __malloc_lock.symtab0x6180a040OBJECT<unknown>DEFAULT9
        __malloc_state.symtab0x61e8201752OBJECT<unknown>DEFAULT10
        __malloc_trim.symtab0x40a3d4150FUNC<unknown>DEFAULT2
        __nameserver.symtab0x61ef188OBJECT<unknown>HIDDEN10
        __nameservers.symtab0x61ef204OBJECT<unknown>HIDDEN10
        __open_etc_hosts.symtab0x40fc0c10FUNC<unknown>HIDDEN2
        __open_nameservers.symtab0x40f189968FUNC<unknown>HIDDEN2
        __pagesize.symtab0x61e5108OBJECT<unknown>DEFAULT10
        __preinit_array_end.symtab0x617cac0NOTYPE<unknown>HIDDEN5
        __preinit_array_start.symtab0x617cac0NOTYPE<unknown>HIDDEN5
        __progname.symtab0x6182108OBJECT<unknown>DEFAULT9
        __progname_full.symtab0x6182188OBJECT<unknown>DEFAULT9
        __pthread_initialize_minimal.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        __pthread_mutex_init.symtab0x40b34f3FUNC<unknown>DEFAULT2
        __pthread_mutex_lock.symtab0x40b34c3FUNC<unknown>DEFAULT2
        __pthread_mutex_trylock.symtab0x40b34c3FUNC<unknown>DEFAULT2
        __pthread_mutex_unlock.symtab0x40b34c3FUNC<unknown>DEFAULT2
        __pthread_return_0.symtab0x40b34c3FUNC<unknown>DEFAULT2
        __read_etc_hosts_r.symtab0x40fc16511FUNC<unknown>HIDDEN2
        __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        __res_sync.symtab0x61ef088OBJECT<unknown>HIDDEN10
        __resolv_attempts.symtab0x6182251OBJECT<unknown>HIDDEN9
        __resolv_lock.symtab0x61e54040OBJECT<unknown>DEFAULT10
        __resolv_timeout.symtab0x6182241OBJECT<unknown>HIDDEN9
        __restore_rt.symtab0x40b6740NOTYPE<unknown>DEFAULT2
        __rtld_fini.symtab0x61e5208OBJECT<unknown>HIDDEN10
        __searchdomain.symtab0x61ef108OBJECT<unknown>HIDDEN10
        __searchdomains.symtab0x61ef244OBJECT<unknown>HIDDEN10
        __sigaddset.symtab0x40963428FUNC<unknown>DEFAULT2
        __sigdelset.symtab0x40965030FUNC<unknown>DEFAULT2
        __sigismember.symtab0x40961432FUNC<unknown>DEFAULT2
        __stdin.symtab0x617e988OBJECT<unknown>DEFAULT9
        __stdio_READ.symtab0x40e0bc58FUNC<unknown>HIDDEN2
        __stdio_WRITE.symtab0x40c07c171FUNC<unknown>HIDDEN2
        __stdio_adjust_position.symtab0x40e0f8131FUNC<unknown>HIDDEN2
        __stdio_fwrite.symtab0x40c35c259FUNC<unknown>HIDDEN2
        __stdio_init_mutex.symtab0x407a1315FUNC<unknown>HIDDEN2
        __stdio_mutex_initializer.4920.symtab0x41379040OBJECT<unknown>DEFAULT4
        __stdio_rfill.symtab0x40e17c37FUNC<unknown>HIDDEN2
        __stdio_seek.symtab0x40e20031FUNC<unknown>HIDDEN2
        __stdio_trans2r_o.symtab0x40e1a490FUNC<unknown>HIDDEN2
        __stdio_trans2w_o.symtab0x40c460149FUNC<unknown>HIDDEN2
        __stdio_wcommit.symtab0x407aac39FUNC<unknown>HIDDEN2
        __stdout.symtab0x617ea08OBJECT<unknown>DEFAULT9
        __syscall_error.symtab0x40b65c22FUNC<unknown>HIDDEN2
        __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __uClibc_fini.symtab0x40b36c70FUNC<unknown>DEFAULT2
        __uClibc_init.symtab0x40b3e758FUNC<unknown>DEFAULT2
        __uClibc_main.symtab0x40b421570FUNC<unknown>DEFAULT2
        __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __uclibc_progname.symtab0x6182088OBJECT<unknown>HIDDEN9
        __vfork.symtab0x4073d421FUNC<unknown>HIDDEN2
        __xpg_strerror_r.symtab0x4091f8196FUNC<unknown>DEFAULT2
        __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __xstat32_conv.symtab0x40dd58172FUNC<unknown>HIDDEN2
        __xstat64_conv.symtab0x40dcac172FUNC<unknown>HIDDEN2
        __xstat_conv.symtab0x40de04172FUNC<unknown>HIDDEN2
        _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _bss_custom_printf_spec.symtab0x61e2f010OBJECT<unknown>DEFAULT10
        _charpad.symtab0x407ad477FUNC<unknown>DEFAULT2
        _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _custom_printf_arginfo.symtab0x61e77080OBJECT<unknown>HIDDEN10
        _custom_printf_handler.symtab0x61e7c080OBJECT<unknown>HIDDEN10
        _custom_printf_spec.symtab0x6180908OBJECT<unknown>HIDDEN9
        _dl_aux_init.symtab0x40dc1423FUNC<unknown>DEFAULT2
        _dl_phdr.symtab0x61eef88OBJECT<unknown>DEFAULT10
        _dl_phnum.symtab0x61ef008OBJECT<unknown>DEFAULT10
        _edata.symtab0x6182380NOTYPE<unknown>DEFAULTSHN_ABS
        _end.symtab0x61ef280NOTYPE<unknown>DEFAULTSHN_ABS
        _errno.symtab0x61e5284OBJECT<unknown>DEFAULT10
        _exit.symtab0x4074b443FUNC<unknown>DEFAULT2
        _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _fini.symtab0x40ff540FUNC<unknown>DEFAULT3
        _fixed_buffers.symtab0x61c2f08192OBJECT<unknown>DEFAULT10
        _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _fp_out_narrow.symtab0x407b21120FUNC<unknown>DEFAULT2
        _fpmaxtostr.symtab0x40c64c1565FUNC<unknown>HIDDEN2
        _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _h_errno.symtab0x61e52c4OBJECT<unknown>DEFAULT10
        _init.symtab0x4000e80FUNC<unknown>DEFAULT1
        _load_inttype.symtab0x40c4f885FUNC<unknown>HIDDEN2
        _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ppfs_init.symtab0x408250114FUNC<unknown>HIDDEN2
        _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ppfs_parsespec.symtab0x4084ea1126FUNC<unknown>HIDDEN2
        _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ppfs_prepargs.symtab0x4082c467FUNC<unknown>HIDDEN2
        _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ppfs_setargs.symtab0x408308436FUNC<unknown>HIDDEN2
        _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _promoted_size.symtab0x4084bc46FUNC<unknown>DEFAULT2
        _pthread_cleanup_pop_restore.symtab0x40b35a18FUNC<unknown>DEFAULT2
        _pthread_cleanup_push_defer.symtab0x40b3528FUNC<unknown>DEFAULT2
        _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _sigintr.symtab0x61e8108OBJECT<unknown>HIDDEN10
        _start.symtab0x40019442FUNC<unknown>DEFAULT2
        _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _stdio_fopen.symtab0x40c128563FUNC<unknown>HIDDEN2
        _stdio_init.symtab0x4079b495FUNC<unknown>HIDDEN2
        _stdio_openlist.symtab0x617ea88OBJECT<unknown>DEFAULT9
        _stdio_openlist_add_lock.symtab0x617eb040OBJECT<unknown>DEFAULT9
        _stdio_openlist_dec_use.symtab0x40cd60216FUNC<unknown>HIDDEN2
        _stdio_openlist_del_count.symtab0x61c2e44OBJECT<unknown>DEFAULT10
        _stdio_openlist_del_lock.symtab0x617ee040OBJECT<unknown>DEFAULT9
        _stdio_openlist_use_count.symtab0x61c2e04OBJECT<unknown>DEFAULT10
        _stdio_streams.symtab0x617f10384OBJECT<unknown>DEFAULT9
        _stdio_term.symtab0x407a22135FUNC<unknown>HIDDEN2
        _stdio_user_locking.symtab0x617f084OBJECT<unknown>DEFAULT9
        _stdlib_strto_l.symtab0x40aca4339FUNC<unknown>HIDDEN2
        _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _store_inttype.symtab0x40c55046FUNC<unknown>HIDDEN2
        _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _string_syserrmsgs.symtab0x4138902906OBJECT<unknown>HIDDEN4
        _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _uintmaxtostr.symtab0x40c580201FUNC<unknown>HIDDEN2
        _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _vfprintf_internal.symtab0x407b991716FUNC<unknown>HIDDEN2
        _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        abort.symtab0x40a7e0200FUNC<unknown>DEFAULT2
        abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        access.symtab0x4074e041FUNC<unknown>DEFAULT2
        access.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        acnc.symtab0x403426161FUNC<unknown>DEFAULT2
        add_entry.symtab0x4069cb99FUNC<unknown>DEFAULT2
        atoi.symtab0x40ac8418FUNC<unknown>DEFAULT2
        atoi.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        axis_bp.symtab0x617d104OBJECT<unknown>DEFAULT9
        bcopy.symtab0x4092bc14FUNC<unknown>DEFAULT2
        bcopy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        been_there_done_that.symtab0x61e4f04OBJECT<unknown>DEFAULT10
        brk.symtab0x40dc2c43FUNC<unknown>DEFAULT2
        brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        bsd_signal.symtab0x40958c133FUNC<unknown>DEFAULT2
        buf.5843.symtab0x61e310448OBJECT<unknown>DEFAULT10
        bzero.symtab0x408a10210FUNC<unknown>DEFAULT2
        c.symtab0x617e484OBJECT<unknown>DEFAULT9
        calloc.symtab0x409f6c248FUNC<unknown>DEFAULT2
        calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        checksum_generic.symtab0x4001c0114FUNC<unknown>DEFAULT2
        checksum_tcp_udp.symtab0x400232222FUNC<unknown>DEFAULT2
        checksum_tcpudp.symtab0x400310222FUNC<unknown>DEFAULT2
        clock.symtab0x40782c46FUNC<unknown>DEFAULT2
        clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        clock_getres.symtab0x40b72041FUNC<unknown>DEFAULT2
        clock_getres.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        close.symtab0x40750c41FUNC<unknown>DEFAULT2
        close.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        closedir.symtab0x40b8a0147FUNC<unknown>DEFAULT2
        closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        closenameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        completed.5156.symtab0x6182401OBJECT<unknown>DEFAULT10
        connect.symtab0x4093f043FUNC<unknown>DEFAULT2
        connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        connectTimeout.symtab0x401986582FUNC<unknown>DEFAULT2
        crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        csum.symtab0x401cce116FUNC<unknown>DEFAULT2
        data_start.symtab0x617cf00NOTYPE<unknown>DEFAULT9
        decoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        decodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        dnslookup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        dup2.symtab0x40753844FUNC<unknown>DEFAULT2
        dup2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        encoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        encodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        encodeq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        environ.symtab0x61e5088OBJECT<unknown>DEFAULT10
        errno.symtab0x61e5284OBJECT<unknown>DEFAULT10
        errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        execl.symtab0x40ae58287FUNC<unknown>DEFAULT2
        execl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        execve.symtab0x40b74c38FUNC<unknown>DEFAULT2
        execve.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        exit.symtab0x40adf895FUNC<unknown>DEFAULT2
        exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        exp10_table.symtab0x414c50208OBJECT<unknown>DEFAULT4
        fclose.symtab0x40bf60269FUNC<unknown>DEFAULT2
        fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fcntl.symtab0x4073ec100FUNC<unknown>DEFAULT2
        fd_to_DIR.symtab0x40b934149FUNC<unknown>DEFAULT2
        fdgets.symtab0x40145b130FUNC<unknown>DEFAULT2
        fdopen_pids.symtab0x61c2c08OBJECT<unknown>DEFAULT10
        fdopendir.symtab0x40ba66115FUNC<unknown>DEFAULT2
        fdpclose.symtab0x401333296FUNC<unknown>DEFAULT2
        fdpopen.symtab0x40115a473FUNC<unknown>DEFAULT2
        fflush_unlocked.symtab0x40ce38322FUNC<unknown>DEFAULT2
        fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgetc.symtab0x40cc6c128FUNC<unknown>DEFAULT2
        fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgetc_unlocked.symtab0x40cf7c222FUNC<unknown>DEFAULT2
        fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgets.symtab0x40ccec116FUNC<unknown>DEFAULT2
        fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgets_unlocked.symtab0x40d05c116FUNC<unknown>DEFAULT2
        fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        findRandIP.symtab0x401c9f47FUNC<unknown>DEFAULT2
        fmt.symtab0x414c3020OBJECT<unknown>DEFAULT4
        fopen.symtab0x40c07010FUNC<unknown>DEFAULT2
        fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fork.symtab0x40756438FUNC<unknown>DEFAULT2
        fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fputs_unlocked.symtab0x40895056FUNC<unknown>DEFAULT2
        fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        frame_dummy.symtab0x4001500FUNC<unknown>DEFAULT2
        free.symtab0x40a601451FUNC<unknown>DEFAULT2
        free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fseek.symtab0x40dfd05FUNC<unknown>DEFAULT2
        fseeko.symtab0x40dfd05FUNC<unknown>DEFAULT2
        fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fseeko64.symtab0x40dfd8225FUNC<unknown>DEFAULT2
        fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fstat.symtab0x40dc5882FUNC<unknown>DEFAULT2
        fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fstat64.symtab0x40dc5882FUNC<unknown>DEFAULT2
        fwrite_unlocked.symtab0x408988128FUNC<unknown>DEFAULT2
        fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getBuild.symtab0x4058a46FUNC<unknown>DEFAULT2
        getHost.symtab0x40166265FUNC<unknown>DEFAULT2
        getOurIP.symtab0x4056c1483FUNC<unknown>DEFAULT2
        get_hosts_byname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getc.symtab0x40cc6c128FUNC<unknown>DEFAULT2
        getc_unlocked.symtab0x40cf7c222FUNC<unknown>DEFAULT2
        getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getdtablesize.symtab0x40758c36FUNC<unknown>DEFAULT2
        getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getegid.symtab0x40b7748FUNC<unknown>DEFAULT2
        getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        geteuid.symtab0x4075b08FUNC<unknown>DEFAULT2
        geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getgid.symtab0x40b77c8FUNC<unknown>DEFAULT2
        getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gethostbyname.symtab0x4093a010FUNC<unknown>DEFAULT2
        gethostbyname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gethostbyname2.symtab0x4093ac65FUNC<unknown>DEFAULT2
        gethostbyname2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gethostbyname2_r.symtab0x40d904761FUNC<unknown>DEFAULT2
        gethostbyname2_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gethostbyname_r.symtab0x40f5f4802FUNC<unknown>DEFAULT2
        gethostbyname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gethostname.symtab0x40f91894FUNC<unknown>DEFAULT2
        gethostname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getpagesize.symtab0x40b78419FUNC<unknown>DEFAULT2
        getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getpid.symtab0x4075b88FUNC<unknown>DEFAULT2
        getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getppid.symtab0x4075c08FUNC<unknown>DEFAULT2
        getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getrlimit.symtab0x4075c840FUNC<unknown>DEFAULT2
        getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getrlimit64.symtab0x4075c840FUNC<unknown>DEFAULT2
        getsockname.symtab0x40941c41FUNC<unknown>DEFAULT2
        getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getsockopt.symtab0x40944850FUNC<unknown>DEFAULT2
        getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getuid.symtab0x40b7988FUNC<unknown>DEFAULT2
        getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        h_errno.symtab0x61e52c4OBJECT<unknown>DEFAULT10
        hacks.symtab0x617d004OBJECT<unknown>DEFAULT9
        hacks2.symtab0x617d044OBJECT<unknown>DEFAULT9
        hacks3.symtab0x617d084OBJECT<unknown>DEFAULT9
        hacks4.symtab0x617d0c4OBJECT<unknown>DEFAULT9
        hextable.symtab0x410cc02048OBJECT<unknown>DEFAULT4
        hoste.5842.symtab0x61e4d032OBJECT<unknown>DEFAULT10
        htonl.symtab0x40936c5FUNC<unknown>DEFAULT2
        htons.symtab0x4093648FUNC<unknown>DEFAULT2
        httphex.symtab0x40359f1096FUNC<unknown>DEFAULT2
        i.5293.symtab0x617e4c4OBJECT<unknown>DEFAULT9
        index.symtab0x408c40417FUNC<unknown>DEFAULT2
        inet_addr.symtab0x40938029FUNC<unknown>DEFAULT2
        inet_aton.symtab0x40d87c135FUNC<unknown>DEFAULT2
        inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        inet_ntop.symtab0x40e6d3518FUNC<unknown>DEFAULT2
        inet_ntop4.symtab0x40e5e0243FUNC<unknown>DEFAULT2
        inet_pton.symtab0x40e3f3493FUNC<unknown>DEFAULT2
        inet_pton4.symtab0x40e36c135FUNC<unknown>DEFAULT2
        initConnection.symtab0x40555a359FUNC<unknown>DEFAULT2
        init_rand.symtab0x400504126FUNC<unknown>DEFAULT2
        initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        initstate.symtab0x40a956110FUNC<unknown>DEFAULT2
        initstate_r.symtab0x40abc8185FUNC<unknown>DEFAULT2
        ioctl.symtab0x4075f0101FUNC<unknown>DEFAULT2
        ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        isatty.symtab0x4092d825FUNC<unknown>DEFAULT2
        isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        kill.symtab0x40765844FUNC<unknown>DEFAULT2
        kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        killer_status.symtab0x6182b04OBJECT<unknown>DEFAULT10
        last_id.5904.symtab0x6182202OBJECT<unknown>DEFAULT9
        last_ns_num.5903.symtab0x61e5384OBJECT<unknown>DEFAULT10
        listFork.symtab0x401bcc211FUNC<unknown>DEFAULT2
        llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        lseek.symtab0x40fe1845FUNC<unknown>DEFAULT2
        lseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        lseek64.symtab0x40fa1c5FUNC<unknown>DEFAULT2
        macAddress.symtab0x6182b46OBJECT<unknown>DEFAULT10
        main.symtab0x4058aa1477FUNC<unknown>DEFAULT2
        main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        makeIPPacket.symtab0x401deb153FUNC<unknown>DEFAULT2
        makeRandomStr.symtab0x4016da110FUNC<unknown>DEFAULT2
        makevsepacket.symtab0x402df4169FUNC<unknown>DEFAULT2
        malloc.symtab0x4096de2187FUNC<unknown>DEFAULT2
        malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        malloc_trim.symtab0x40a7c428FUNC<unknown>DEFAULT2
        memchr.symtab0x40d240236FUNC<unknown>DEFAULT2
        memchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        memcpy.symtab0x408af0102FUNC<unknown>DEFAULT2
        memmove.symtab0x40d32c702FUNC<unknown>DEFAULT2
        memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mempcpy.symtab0x40d0d090FUNC<unknown>DEFAULT2
        memrchr.symtab0x40d5ec233FUNC<unknown>DEFAULT2
        memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        memset.symtab0x408b60210FUNC<unknown>DEFAULT2
        mmap.symtab0x40b6f048FUNC<unknown>DEFAULT2
        mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mremap.symtab0x40b7a042FUNC<unknown>DEFAULT2
        mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        munmap.symtab0x40b7cc38FUNC<unknown>DEFAULT2
        munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mylock.symtab0x6180d040OBJECT<unknown>DEFAULT9
        mylock.symtab0x61810040OBJECT<unknown>DEFAULT9
        nanosleep.symtab0x40b7f438FUNC<unknown>DEFAULT2
        nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        next_start.1699.symtab0x61e3008OBJECT<unknown>DEFAULT10
        ngPid.symtab0x61e5744OBJECT<unknown>DEFAULT10
        nprocessors_onln.symtab0x40b008223FUNC<unknown>DEFAULT2
        ntohl.symtab0x4093795FUNC<unknown>DEFAULT2
        ntohl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        ntohs.symtab0x4093718FUNC<unknown>DEFAULT2
        ntop.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        numpids.symtab0x6182a88OBJECT<unknown>DEFAULT10
        object.5168.symtab0x61826048OBJECT<unknown>DEFAULT10
        open.symtab0x407684106FUNC<unknown>DEFAULT2
        open.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        opendir.symtab0x40b9c9157FUNC<unknown>DEFAULT2
        opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        opennameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        ourIP.symtab0x61e5704OBJECT<unknown>DEFAULT10
        p.5154.symtab0x617ce80OBJECT<unknown>DEFAULT9
        parseHex.symtab0x4014dd85FUNC<unknown>DEFAULT2
        parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        pids.symtab0x61e5808OBJECT<unknown>DEFAULT10
        pipe.symtab0x4076f038FUNC<unknown>DEFAULT2
        pipe.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        poll.symtab0x40f97841FUNC<unknown>DEFAULT2
        poll.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        prctl.symtab0x40771844FUNC<unknown>DEFAULT2
        prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        prefix.5143.symtab0x4137c812OBJECT<unknown>DEFAULT4
        print.symtab0x400a321083FUNC<unknown>DEFAULT2
        printchar.symtab0x4007bf75FUNC<unknown>DEFAULT2
        printi.symtab0x4008f1321FUNC<unknown>DEFAULT2
        prints.symtab0x40080a231FUNC<unknown>DEFAULT2
        processCmd.symtab0x4039e77027FUNC<unknown>DEFAULT2
        program_invocation_name.symtab0x6182188OBJECT<unknown>DEFAULT9
        program_invocation_short_name.symtab0x6182108OBJECT<unknown>DEFAULT9
        qual_chars.5150.symtab0x4137e020OBJECT<unknown>DEFAULT4
        raise.symtab0x40dc0018FUNC<unknown>DEFAULT2
        raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rand.symtab0x40a8a811FUNC<unknown>DEFAULT2
        rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rand__str.symtab0x405f36135FUNC<unknown>DEFAULT2
        rand_alpha_str.symtab0x405fbd118FUNC<unknown>DEFAULT2
        rand_alphastr.symtab0x400710175FUNC<unknown>DEFAULT2
        rand_cmwc.symtab0x40065a182FUNC<unknown>DEFAULT2
        rand_init.symtab0x405e7083FUNC<unknown>DEFAULT2
        rand_next.symtab0x405ec3115FUNC<unknown>DEFAULT2
        random.symtab0x40a8b472FUNC<unknown>DEFAULT2
        random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        random_poly_info.symtab0x4143f040OBJECT<unknown>DEFAULT4
        random_r.symtab0x40aab790FUNC<unknown>DEFAULT2
        random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        randtbl.symtab0x618160128OBJECT<unknown>DEFAULT9
        rawmemchr.symtab0x40e2ac189FUNC<unknown>DEFAULT2
        rawmemchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        read.symtab0x40774439FUNC<unknown>DEFAULT2
        read.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        read_etc_hosts_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        readdir64.symtab0x40badc143FUNC<unknown>DEFAULT2
        readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        realloc.symtab0x40a064878FUNC<unknown>DEFAULT2
        realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        recv.symtab0x40947c11FUNC<unknown>DEFAULT2
        recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        recvLine.symtab0x401748574FUNC<unknown>DEFAULT2
        recvfrom.symtab0x40948845FUNC<unknown>DEFAULT2
        recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        resolv_conf_mtime.5885.symtab0x61e5684OBJECT<unknown>DEFAULT10
        resolv_domain_to_hostname.symtab0x406034156FUNC<unknown>DEFAULT2
        resolv_entries_free.symtab0x40673056FUNC<unknown>DEFAULT2
        resolv_lookup.symtab0x4061781464FUNC<unknown>DEFAULT2
        resolv_skip_name.symtab0x4060d0168FUNC<unknown>DEFAULT2
        rindex.symtab0x40d7e453FUNC<unknown>DEFAULT2
        rtcp.symtab0x402859939FUNC<unknown>DEFAULT2
        sbrk.symtab0x40b81c74FUNC<unknown>DEFAULT2
        sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        scanPid.symtab0x61e5784OBJECT<unknown>DEFAULT10
        select.symtab0x40776c44FUNC<unknown>DEFAULT2
        select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        send.symtab0x4094b811FUNC<unknown>DEFAULT2
        send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sendSTD.symtab0x402c04496FUNC<unknown>DEFAULT2
        sendto.symtab0x4094c448FUNC<unknown>DEFAULT2
        sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        setsockopt.symtab0x4094f453FUNC<unknown>DEFAULT2
        setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        setstate.symtab0x40a8fc90FUNC<unknown>DEFAULT2
        setstate_r.symtab0x40aa0c171FUNC<unknown>DEFAULT2
        sigaction.symtab0x40b67d114FUNC<unknown>DEFAULT2
        sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigaddset.symtab0x40955c35FUNC<unknown>DEFAULT2
        sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigemptyset.symtab0x40958010FUNC<unknown>DEFAULT2
        signal.symtab0x40958c133FUNC<unknown>DEFAULT2
        signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigprocmask.symtab0x40779847FUNC<unknown>DEFAULT2
        sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        skip_and_NUL_space.symtab0x40f15d44FUNC<unknown>DEFAULT2
        skip_nospace.symtab0x40f13441FUNC<unknown>DEFAULT2
        sleep.symtab0x40af78142FUNC<unknown>DEFAULT2
        sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        socket.symtab0x40952c47FUNC<unknown>DEFAULT2
        socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        socket_connect.symtab0x4034c7216FUNC<unknown>DEFAULT2
        sockprintf.symtab0x401005341FUNC<unknown>DEFAULT2
        spec_and_mask.5149.symtab0x41380016OBJECT<unknown>DEFAULT4
        spec_base.5142.symtab0x4137d47OBJECT<unknown>DEFAULT4
        spec_chars.5146.symtab0x41386021OBJECT<unknown>DEFAULT4
        spec_flags.5145.symtab0x4138788OBJECT<unknown>DEFAULT4
        spec_or_mask.5148.symtab0x41381016OBJECT<unknown>DEFAULT4
        spec_ranges.5147.symtab0x4138209OBJECT<unknown>DEFAULT4
        sprintf.symtab0x40785c149FUNC<unknown>DEFAULT2
        sprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        srand.symtab0x40a9c472FUNC<unknown>DEFAULT2
        srandom.symtab0x40a9c472FUNC<unknown>DEFAULT2
        srandom_r.symtab0x40ab11183FUNC<unknown>DEFAULT2
        stat.symtab0x40f9a479FUNC<unknown>DEFAULT2
        stat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        stat64.symtab0x40f9a479FUNC<unknown>DEFAULT2
        stderr.symtab0x617e908OBJECT<unknown>DEFAULT9
        stdin.symtab0x617e808OBJECT<unknown>DEFAULT9
        stdout.symtab0x617e888OBJECT<unknown>DEFAULT9
        strcasecmp.symtab0x40fe4848FUNC<unknown>DEFAULT2
        strcasecmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strchr.symtab0x408c40417FUNC<unknown>DEFAULT2
        strchrnul.symtab0x40d6d8268FUNC<unknown>DEFAULT2
        strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strcmp.symtab0x408de433FUNC<unknown>DEFAULT2
        strcoll.symtab0x408de433FUNC<unknown>DEFAULT2
        strcpy.symtab0x408e10213FUNC<unknown>DEFAULT2
        strcspn.symtab0x40d130135FUNC<unknown>DEFAULT2
        strdup.symtab0x40fa2454FUNC<unknown>DEFAULT2
        strdup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strerror_r.symtab0x4091f8196FUNC<unknown>DEFAULT2
        strlen.symtab0x408ef0225FUNC<unknown>DEFAULT2
        strncpy.symtab0x408fd4131FUNC<unknown>DEFAULT2
        strncpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strnlen.symtab0x409058201FUNC<unknown>DEFAULT2
        strnlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strpbrk.symtab0x40e220140FUNC<unknown>DEFAULT2
        strrchr.symtab0x40d7e453FUNC<unknown>DEFAULT2
        strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strspn.symtab0x40d1b8135FUNC<unknown>DEFAULT2
        strstr.symtab0x409124193FUNC<unknown>DEFAULT2
        strstr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strtoimax.symtab0x40ac9810FUNC<unknown>DEFAULT2
        strtok.symtab0x4092cc10FUNC<unknown>DEFAULT2
        strtok.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strtok_r.symtab0x40d81c94FUNC<unknown>DEFAULT2
        strtok_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strtol.symtab0x40ac9810FUNC<unknown>DEFAULT2
        strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strtoll.symtab0x40ac9810FUNC<unknown>DEFAULT2
        strtoq.symtab0x40ac9810FUNC<unknown>DEFAULT2
        sysconf.symtab0x40b0e7560FUNC<unknown>DEFAULT2
        sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        szprintf.symtab0x400f38205FUNC<unknown>DEFAULT2
        table.symtab0x61e5a0464OBJECT<unknown>DEFAULT10
        table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        table_init.symtab0x406768466FUNC<unknown>DEFAULT2
        table_key.symtab0x617e504OBJECT<unknown>DEFAULT9
        table_lock_val.symtab0x40696341FUNC<unknown>DEFAULT2
        table_retrieve_val.symtab0x40698c63FUNC<unknown>DEFAULT2
        table_unlock_val.symtab0x40693a41FUNC<unknown>DEFAULT2
        tcgetattr.symtab0x4092f4110FUNC<unknown>DEFAULT2
        tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        tcpFl00d.symtab0x4023a21207FUNC<unknown>DEFAULT2
        tcpcsum.symtab0x401d42169FUNC<unknown>DEFAULT2
        time.symtab0x4077c88FUNC<unknown>DEFAULT2
        time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        times.symtab0x40b8688FUNC<unknown>DEFAULT2
        times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        toggle_obf.symtab0x406a2e288FUNC<unknown>DEFAULT2
        toupper.symtab0x40780430FUNC<unknown>DEFAULT2
        toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        trim.symtab0x400582216FUNC<unknown>DEFAULT2
        type_codes.symtab0x41383024OBJECT<unknown>DEFAULT4
        type_sizes.symtab0x41384812OBJECT<unknown>DEFAULT4
        udpfl00d.symtab0x401e841310FUNC<unknown>DEFAULT2
        uname.symtab0x40f9f438FUNC<unknown>DEFAULT2
        uname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        unknown.1721.symtab0x41388014OBJECT<unknown>DEFAULT4
        unsafe_state.symtab0x61813040OBJECT<unknown>DEFAULT9
        uppercase.symtab0x4016a355FUNC<unknown>DEFAULT2
        userID.symtab0x617e444OBJECT<unknown>DEFAULT9
        usleep.symtab0x40b31852FUNC<unknown>DEFAULT2
        usleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        util_atoi.symtab0x406d63484FUNC<unknown>DEFAULT2
        util_fdgets.symtab0x40727a157FUNC<unknown>DEFAULT2
        util_isalpha.symtab0x40734053FUNC<unknown>DEFAULT2
        util_isdigit.symtab0x4073aa41FUNC<unknown>DEFAULT2
        util_isspace.symtab0x40737553FUNC<unknown>DEFAULT2
        util_isupper.symtab0x40731741FUNC<unknown>DEFAULT2
        util_itoa.symtab0x406f47280FUNC<unknown>DEFAULT2
        util_local_addr.symtab0x4071d8162FUNC<unknown>DEFAULT2
        util_memcpy.symtab0x406cf268FUNC<unknown>DEFAULT2
        util_memsearch.symtab0x40705f140FUNC<unknown>DEFAULT2
        util_strcat.symtab0x406cb066FUNC<unknown>DEFAULT2
        util_strcmp.symtab0x406c03121FUNC<unknown>DEFAULT2
        util_strcpy.symtab0x406c7c52FUNC<unknown>DEFAULT2
        util_stristr.symtab0x4070eb237FUNC<unknown>DEFAULT2
        util_strlen.symtab0x406b5047FUNC<unknown>DEFAULT2
        util_strncmp.symtab0x406b7f132FUNC<unknown>DEFAULT2
        util_zero.symtab0x406d3645FUNC<unknown>DEFAULT2
        vfork.symtab0x4073d421FUNC<unknown>DEFAULT2
        vseattack.symtab0x402e9d1417FUNC<unknown>DEFAULT2
        vsnprintf.symtab0x4078f4189FUNC<unknown>DEFAULT2
        vsnprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        w.symtab0x61c2d44OBJECT<unknown>DEFAULT10
        wait4.symtab0x40b87047FUNC<unknown>DEFAULT2
        wait4.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        waitpid.symtab0x4077d07FUNC<unknown>DEFAULT2
        waitpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        watchdog_maintain.symtab0x4003f0276FUNC<unknown>DEFAULT2
        watchdog_pid.symtab0x6182a44OBJECT<unknown>DEFAULT10
        wcrtomb.symtab0x40be9068FUNC<unknown>DEFAULT2
        wcrtomb.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        wcsnrtombs.symtab0x40bee4123FUNC<unknown>DEFAULT2
        wcsnrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        wcsrtombs.symtab0x40bed415FUNC<unknown>DEFAULT2
        wcsrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        wildString.symtab0x401532304FUNC<unknown>DEFAULT2
        write.symtab0x4077d842FUNC<unknown>DEFAULT2
        write.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        x.symtab0x61c2c84OBJECT<unknown>DEFAULT10
        xdigits.3743.symtab0x414d8017OBJECT<unknown>DEFAULT4
        xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        y.symtab0x61c2cc4OBJECT<unknown>DEFAULT10
        z.symtab0x61c2d04OBJECT<unknown>DEFAULT10
        zprintf.symtab0x400e6d203FUNC<unknown>DEFAULT2

        Network Behavior

        Snort IDS Alerts

        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
        05/27/24-09:03:03.347505TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654260176.123.4.187192.168.2.14
        05/27/24-09:04:28.789486TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654270176.123.4.187192.168.2.14
        05/27/24-09:05:33.545041TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54276666192.168.2.14176.123.4.187
        05/27/24-09:04:28.202525TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54270666192.168.2.14176.123.4.187
        05/27/24-09:05:16.454179TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54274666192.168.2.14176.123.4.187
        05/27/24-09:03:20.153870TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654262176.123.4.187192.168.2.14
        05/27/24-09:03:19.466753TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54262666192.168.2.14176.123.4.187
        05/27/24-09:03:52.587779TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654266176.123.4.187192.168.2.14
        05/27/24-09:04:45.193826TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54272666192.168.2.14176.123.4.187
        05/27/24-09:05:17.165921TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654274176.123.4.187192.168.2.14
        05/27/24-09:04:11.051134TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54268666192.168.2.14176.123.4.187
        05/27/24-09:03:35.814726TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654264176.123.4.187192.168.2.14
        05/27/24-09:04:11.772776TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654268176.123.4.187192.168.2.14
        05/27/24-09:03:02.716784TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54260666192.168.2.14176.123.4.187
        05/27/24-09:04:45.899895TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654272176.123.4.187192.168.2.14
        05/27/24-09:05:34.229486TCP2839489ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response66654276176.123.4.187192.168.2.14
        05/27/24-09:03:52.723818TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54266666192.168.2.14176.123.4.187
        05/27/24-09:03:35.170860TCP2839490ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)54264666192.168.2.14176.123.4.187

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        May 27, 2024 09:03:02.455303907 CEST54260666192.168.2.14176.123.4.187
        May 27, 2024 09:03:02.716485023 CEST66654260176.123.4.187192.168.2.14
        May 27, 2024 09:03:02.716660023 CEST54260666192.168.2.14176.123.4.187
        May 27, 2024 09:03:02.716784000 CEST54260666192.168.2.14176.123.4.187
        May 27, 2024 09:03:02.721568108 CEST66654260176.123.4.187192.168.2.14
        May 27, 2024 09:03:03.347505093 CEST66654260176.123.4.187192.168.2.14
        May 27, 2024 09:03:03.347645044 CEST66654260176.123.4.187192.168.2.14
        May 27, 2024 09:03:03.347678900 CEST54260666192.168.2.14176.123.4.187
        May 27, 2024 09:03:03.347744942 CEST54260666192.168.2.14176.123.4.187
        May 27, 2024 09:03:03.352590084 CEST66654260176.123.4.187192.168.2.14
        May 27, 2024 09:03:18.347712040 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:19.373229980 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:19.466567039 CEST66654262176.123.4.187192.168.2.14
        May 27, 2024 09:03:19.466722012 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:19.466753006 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:19.528698921 CEST66654262176.123.4.187192.168.2.14
        May 27, 2024 09:03:20.153870106 CEST66654262176.123.4.187192.168.2.14
        May 27, 2024 09:03:20.153985977 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:20.157416105 CEST66654262176.123.4.187192.168.2.14
        May 27, 2024 09:03:20.157476902 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:20.286520004 CEST66654262176.123.4.187192.168.2.14
        May 27, 2024 09:03:20.286617041 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:20.461280107 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:20.781433105 CEST54262666192.168.2.14176.123.4.187
        May 27, 2024 09:03:20.839428902 CEST66654262176.123.4.187192.168.2.14
        May 27, 2024 09:03:35.157403946 CEST54264666192.168.2.14176.123.4.187
        May 27, 2024 09:03:35.170603037 CEST66654264176.123.4.187192.168.2.14
        May 27, 2024 09:03:35.170860052 CEST54264666192.168.2.14176.123.4.187
        May 27, 2024 09:03:35.170860052 CEST54264666192.168.2.14176.123.4.187
        May 27, 2024 09:03:35.179012060 CEST66654264176.123.4.187192.168.2.14
        May 27, 2024 09:03:35.814726114 CEST66654264176.123.4.187192.168.2.14
        May 27, 2024 09:03:35.814846039 CEST54264666192.168.2.14176.123.4.187
        May 27, 2024 09:03:35.817643881 CEST66654264176.123.4.187192.168.2.14
        May 27, 2024 09:03:35.817764044 CEST54264666192.168.2.14176.123.4.187
        May 27, 2024 09:03:35.838517904 CEST66654264176.123.4.187192.168.2.14
        May 27, 2024 09:03:35.838598013 CEST54264666192.168.2.14176.123.4.187
        May 27, 2024 09:03:36.036529064 CEST54264666192.168.2.14176.123.4.187
        May 27, 2024 09:03:36.062566042 CEST66654264176.123.4.187192.168.2.14
        May 27, 2024 09:03:36.062691927 CEST54264666192.168.2.14176.123.4.187
        May 27, 2024 09:03:36.131943941 CEST66654264176.123.4.187192.168.2.14
        May 27, 2024 09:03:50.817658901 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:51.819856882 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:51.872879028 CEST66654266176.123.4.187192.168.2.14
        May 27, 2024 09:03:51.872945070 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:51.872987986 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:52.203963041 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:52.587779045 CEST66654266176.123.4.187192.168.2.14
        May 27, 2024 09:03:52.587910891 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:52.591197014 CEST66654266176.123.4.187192.168.2.14
        May 27, 2024 09:03:52.591279984 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:52.710628986 CEST66654266176.123.4.187192.168.2.14
        May 27, 2024 09:03:52.710752010 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:52.723818064 CEST54266666192.168.2.14176.123.4.187
        May 27, 2024 09:03:52.808525085 CEST66654266176.123.4.187192.168.2.14
        May 27, 2024 09:04:07.591320038 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:08.619268894 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:10.635114908 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:10.702140093 CEST66654268176.123.4.187192.168.2.14
        May 27, 2024 09:04:10.702337980 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:10.702392101 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:11.051134109 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:11.132752895 CEST66654268176.123.4.187192.168.2.14
        May 27, 2024 09:04:11.772775888 CEST66654268176.123.4.187192.168.2.14
        May 27, 2024 09:04:11.773137093 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:11.776555061 CEST66654268176.123.4.187192.168.2.14
        May 27, 2024 09:04:11.776719093 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:12.083255053 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:12.651082993 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:12.842638969 CEST66654268176.123.4.187192.168.2.14
        May 27, 2024 09:04:12.842772007 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:13.771013021 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:14.122565031 CEST66654268176.123.4.187192.168.2.14
        May 27, 2024 09:04:14.122720003 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:15.978952885 CEST54268666192.168.2.14176.123.4.187
        May 27, 2024 09:04:16.050076962 CEST66654268176.123.4.187192.168.2.14
        May 27, 2024 09:04:26.776724100 CEST54270666192.168.2.14176.123.4.187
        May 27, 2024 09:04:27.786451101 CEST54270666192.168.2.14176.123.4.187
        May 27, 2024 09:04:27.858153105 CEST66654270176.123.4.187192.168.2.14
        May 27, 2024 09:04:27.858309984 CEST54270666192.168.2.14176.123.4.187
        May 27, 2024 09:04:27.858422041 CEST54270666192.168.2.14176.123.4.187
        May 27, 2024 09:04:28.202524900 CEST54270666192.168.2.14176.123.4.187
        May 27, 2024 09:04:28.269745111 CEST66654270176.123.4.187192.168.2.14
        May 27, 2024 09:04:28.789485931 CEST66654270176.123.4.187192.168.2.14
        May 27, 2024 09:04:28.789627075 CEST54270666192.168.2.14176.123.4.187
        May 27, 2024 09:04:28.793627024 CEST66654270176.123.4.187192.168.2.14
        May 27, 2024 09:04:28.793700933 CEST54270666192.168.2.14176.123.4.187
        May 27, 2024 09:04:28.860974073 CEST66654270176.123.4.187192.168.2.14
        May 27, 2024 09:04:43.793607950 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:44.809787035 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:44.866151094 CEST66654272176.123.4.187192.168.2.14
        May 27, 2024 09:04:44.866328001 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:44.866328001 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:45.193825960 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:45.274132013 CEST66654272176.123.4.187192.168.2.14
        May 27, 2024 09:04:45.899894953 CEST66654272176.123.4.187192.168.2.14
        May 27, 2024 09:04:45.900074959 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:45.901315928 CEST66654272176.123.4.187192.168.2.14
        May 27, 2024 09:04:45.901448011 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:46.193692923 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:46.729696035 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:46.734566927 CEST66654272176.123.4.187192.168.2.14
        May 27, 2024 09:04:46.734654903 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:47.785738945 CEST54272666192.168.2.14176.123.4.187
        May 27, 2024 09:04:47.845769882 CEST66654272176.123.4.187192.168.2.14
        May 27, 2024 09:05:00.901596069 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:01.929219961 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:03.945027113 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:08.200905085 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:16.392447948 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:16.454036951 CEST66654274176.123.4.187192.168.2.14
        May 27, 2024 09:05:16.454150915 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:16.454179049 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:16.528031111 CEST66654274176.123.4.187192.168.2.14
        May 27, 2024 09:05:17.165920973 CEST66654274176.123.4.187192.168.2.14
        May 27, 2024 09:05:17.166167974 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:17.168770075 CEST66654274176.123.4.187192.168.2.14
        May 27, 2024 09:05:17.168869972 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:17.326656103 CEST66654274176.123.4.187192.168.2.14
        May 27, 2024 09:05:17.326780081 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:17.448430061 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:17.736486912 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:18.280433893 CEST54274666192.168.2.14176.123.4.187
        May 27, 2024 09:05:18.348567009 CEST66654274176.123.4.187192.168.2.14
        May 27, 2024 09:05:33.192878008 CEST54276666192.168.2.14176.123.4.187
        May 27, 2024 09:05:33.232377052 CEST66654276176.123.4.187192.168.2.14
        May 27, 2024 09:05:33.233298063 CEST54276666192.168.2.14176.123.4.187
        May 27, 2024 09:05:33.233489990 CEST54276666192.168.2.14176.123.4.187
        May 27, 2024 09:05:33.545041084 CEST54276666192.168.2.14176.123.4.187
        May 27, 2024 09:05:33.604341984 CEST66654276176.123.4.187192.168.2.14
        May 27, 2024 09:05:34.229485989 CEST66654276176.123.4.187192.168.2.14
        May 27, 2024 09:05:34.230391979 CEST54276666192.168.2.14176.123.4.187
        May 27, 2024 09:05:34.232685089 CEST66654276176.123.4.187192.168.2.14
        May 27, 2024 09:05:34.233577013 CEST54276666192.168.2.14176.123.4.187
        May 27, 2024 09:05:34.265260935 CEST66654276176.123.4.187192.168.2.14
        May 27, 2024 09:05:49.232937098 CEST54278666192.168.2.14176.123.4.187
        May 27, 2024 09:05:50.247313023 CEST54278666192.168.2.14176.123.4.187
        May 27, 2024 09:05:52.263595104 CEST54278666192.168.2.14176.123.4.187
        May 27, 2024 09:05:56.327058077 CEST54278666192.168.2.14176.123.4.187
        May 27, 2024 09:06:04.518656015 CEST54278666192.168.2.14176.123.4.187
        May 27, 2024 09:06:20.646070004 CEST54278666192.168.2.14176.123.4.187

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        May 27, 2024 09:05:46.164670944 CEST5963253192.168.2.141.1.1.1
        May 27, 2024 09:05:46.164670944 CEST5554753192.168.2.141.1.1.1
        May 27, 2024 09:05:47.804250956 CEST53555471.1.1.1192.168.2.14
        May 27, 2024 09:05:47.804375887 CEST53596321.1.1.1192.168.2.14

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        May 27, 2024 09:05:46.164670944 CEST192.168.2.141.1.1.10xda89Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
        May 27, 2024 09:05:46.164670944 CEST192.168.2.141.1.1.10x6206Standard query (0)daisy.ubuntu.com28IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        May 27, 2024 09:05:47.804375887 CEST1.1.1.1192.168.2.140xda89No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
        May 27, 2024 09:05:47.804375887 CEST1.1.1.1192.168.2.140xda89No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

        System Behavior

        General

        Start time (UTC):07:02:50
        Start date (UTC):27/05/2024
        Path:/usr/bin/dash
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        Chronological Activities


        General

        Start time (UTC):07:02:50
        Start date (UTC):27/05/2024
        Path:/usr/bin/rm
        Arguments:rm -f /tmp/tmp.RQPeLR8yM9 /tmp/tmp.Sq3TDDT9f8 /tmp/tmp.RjYTqvNaPY
        File size:72056 bytes
        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

        Chronological Activities


        General

        Start time (UTC):07:02:50
        Start date (UTC):27/05/2024
        Path:/usr/bin/dash
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        Chronological Activities


        General

        Start time (UTC):07:02:50
        Start date (UTC):27/05/2024
        Path:/usr/bin/rm
        Arguments:rm -f /tmp/tmp.RQPeLR8yM9 /tmp/tmp.Sq3TDDT9f8 /tmp/tmp.RjYTqvNaPY
        File size:72056 bytes
        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

        Chronological Activities


        General

        Start time (UTC):07:03:01
        Start date (UTC):27/05/2024
        Path:/tmp/rV97CNwo30.elf
        Arguments:/tmp/rV97CNwo30.elf
        File size:132185 bytes
        MD5 hash:ca4b1ae481fa3903228f9ece7122b4d4

        Chronological Activities


        General

        Start time (UTC):07:03:01
        Start date (UTC):27/05/2024
        Path:/tmp/rV97CNwo30.elf
        Arguments:-
        File size:132185 bytes
        MD5 hash:ca4b1ae481fa3903228f9ece7122b4d4

        Chronological Activities


        General

        Start time (UTC):07:03:01
        Start date (UTC):27/05/2024
        Path:/tmp/rV97CNwo30.elf
        Arguments:-
        File size:132185 bytes
        MD5 hash:ca4b1ae481fa3903228f9ece7122b4d4

        Chronological Activities


        General

        Start time (UTC):07:03:01
        Start date (UTC):27/05/2024
        Path:/tmp/rV97CNwo30.elf
        Arguments:-
        File size:132185 bytes
        MD5 hash:ca4b1ae481fa3903228f9ece7122b4d4