Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:na.elf
Analysis ID:1536990
MD5:9b2267f51ff14c38ec4bbc3078440bc0
SHA1:306583e6303803bc516e5899e1988e75207efaf9
SHA256:d30aa908c1b89f62142c7c0b51ebc9d82ad99b640f8c372884df2b1eed08c199
Tags:elfuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1536990
Start date and time:2024-10-18 13:41:00 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 29s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:na.elf
Detection:MAL
Classification:mal56.evad.linELF@0/0@0/0
  • VT rate limit hit for: na.elf
Command:/tmp/na.elf
PID:5452
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • na.elf (PID: 5452, Parent: 5376, MD5: 9b2267f51ff14c38ec4bbc3078440bc0) Arguments: /tmp/na.elf
    • na.elf New Fork (PID: 5453, Parent: 5452)
      • na.elf New Fork (PID: 5454, Parent: 5453)
      • na.elf New Fork (PID: 5455, Parent: 5453)
    • na.elf New Fork (PID: 5458, Parent: 5452)
    • na.elf New Fork (PID: 5459, Parent: 5452)
  • cleanup
SourceRuleDescriptionAuthorStrings
5458.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x10874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1089c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10900:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10914:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10928:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1093c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10950:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10964:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10978:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1098c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5458.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x8f3b:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5458.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_dab39a25unknownunknown
  • 0x7726:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5458.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x7052:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5452.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x10874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1089c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10900:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10914:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10928:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1093c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10950:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10964:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10978:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1098c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 15 entries
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: na.elfJoe Sandbox ML: detected
Source: global trafficTCP traffic: 192.168.2.13:51030 -> 45.86.155.23:3778
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: unknownTCP traffic detected without corresponding DNS query: 45.86.155.23
Source: na.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Source: 5458.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5458.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5458.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5458.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5452.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5452.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5452.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5452.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5453.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5453.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5453.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5453.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5454.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5454.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5454.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5454.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: Process Memory Space: na.elf PID: 5452, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: na.elf PID: 5453, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: na.elf PID: 5454, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: na.elf PID: 5458, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 5458.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5458.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5458.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5458.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5452.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5452.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5453.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5453.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5453.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5453.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5454.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5454.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5454.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5454.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: Process Memory Space: na.elf PID: 5452, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: na.elf PID: 5453, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: na.elf PID: 5454, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: na.elf PID: 5458, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal56.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/na.elf (PID: 5452)File opened: /proc/230/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/110/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/231/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/111/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/232/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/112/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/233/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/113/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/234/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/114/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/235/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/115/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/236/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/116/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/237/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/117/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/238/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/118/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/239/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/119/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/914/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/3634/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/10/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/917/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/11/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/12/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/13/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/14/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/15/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/16/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/17/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/18/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/19/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/240/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/3095/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/120/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/241/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/121/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/242/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/1/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/122/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/243/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/2/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/123/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/244/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/3/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/124/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/245/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/1588/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/125/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/4/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/246/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/126/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/5/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/247/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/127/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/6/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/248/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/128/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/7/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/249/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/129/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/8/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/800/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/9/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/1906/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/802/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/803/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/20/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/21/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/22/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/23/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/24/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/25/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/26/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/27/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/28/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/29/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/3420/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/1482/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/490/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/1480/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/250/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/371/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/130/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/251/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/131/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/252/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/132/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/253/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/254/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/1238/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/134/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/255/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/256/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/257/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/378/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/3413/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/258/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/259/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/1475/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/936/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/30/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/816/statusJump to behavior
Source: /tmp/na.elf (PID: 5452)File opened: /proc/5295/statusJump to behavior
Source: na.elfSubmission file: segment LOAD with 7.9648 entropy (max. 8.0)
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information
1
OS Credential Dumping
System Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1536990 Sample: na.elf Startdate: 18/10/2024 Architecture: LINUX Score: 56 20 45.86.155.23, 3778, 51030, 51032 EVERYONE-BANDWIDTH-INCDE Germany 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Machine Learning detection for sample 2->24 26 Sample is packed with UPX 2->26 8 na.elf 2->8         started        signatures3 process4 process5 10 na.elf 8->10         started        12 na.elf 8->12         started        14 na.elf 8->14         started        process6 16 na.elf 10->16         started        18 na.elf 10->18         started       
SourceDetectionScannerLabelLink
na.elf100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://upx.sf.net0%URL Reputationsafe

Download Network PCAP: filteredfull

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netna.elftrue
  • URL Reputation: safe
unknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
45.86.155.23
unknownGermany
202322EVERYONE-BANDWIDTH-INCDEfalse
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
45.86.155.23na.elfGet hashmaliciousMiraiBrowse
    na.elfGet hashmaliciousUnknownBrowse
      na.elfGet hashmaliciousUnknownBrowse
        na.elfGet hashmaliciousUnknownBrowse
          na.elfGet hashmaliciousUnknownBrowse
            na.elfGet hashmaliciousUnknownBrowse
              na.elfGet hashmaliciousMiraiBrowse
                na.elfGet hashmaliciousUnknownBrowse
                  na.elfGet hashmaliciousUnknownBrowse
                    No context
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    EVERYONE-BANDWIDTH-INCDEna.elfGet hashmaliciousMiraiBrowse
                    • 45.86.155.23
                    na.elfGet hashmaliciousUnknownBrowse
                    • 45.86.155.23
                    na.elfGet hashmaliciousUnknownBrowse
                    • 45.86.155.23
                    na.elfGet hashmaliciousUnknownBrowse
                    • 45.86.155.23
                    na.elfGet hashmaliciousUnknownBrowse
                    • 45.86.155.23
                    na.elfGet hashmaliciousUnknownBrowse
                    • 45.86.155.23
                    na.elfGet hashmaliciousMiraiBrowse
                    • 45.86.155.23
                    na.elfGet hashmaliciousUnknownBrowse
                    • 45.86.155.23
                    na.elfGet hashmaliciousUnknownBrowse
                    • 45.86.155.23
                    http://qgasyntax.com/2753402WB7192675vw697764118Il17367cC38SJr190893GZGet hashmaliciousPhisherBrowse
                    • 45.13.225.215
                    No context
                    No context
                    No created / dropped files found
                    File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
                    Entropy (8bit):7.96294653976733
                    TrID:
                    • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                    • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                    File name:na.elf
                    File size:38'732 bytes
                    MD5:9b2267f51ff14c38ec4bbc3078440bc0
                    SHA1:306583e6303803bc516e5899e1988e75207efaf9
                    SHA256:d30aa908c1b89f62142c7c0b51ebc9d82ad99b640f8c372884df2b1eed08c199
                    SHA512:a0cc7f650789d635766020e4f0ca44c543fa19f0c6e168924cfdb1cda1c6075ebf0f3f34a9989e2993256f3b0d4fb6f3ee79acf4320f3766464dfbd5726c17c1
                    SSDEEP:768:xa+BWS+ZPwIIBPG/LxuBY3S6BsMbqcIP+B93GUakyzKTb83whnnbcuyD7UrQRj2:xa+BH+hKBwLUqS61qco+BRGP5K8glnoS
                    TLSH:0403F19810DE4C60F79991380ADFFD07B195F26AC815AAC7AE94341B4DD5FF30B2C296
                    File Content Preview:.ELF....................`...4...........4. ...(.....................T...T...........................................Q.td.............................-..UPX!.........2...2......W..........?..k.I/.j....\.R......)..n.4go.|.>#.....{~o....8.F.^...MFL.f.5 ..I.r

                    ELF header

                    Class:ELF32
                    Data:2's complement, little endian
                    Version:1 (current)
                    Machine:Intel 80386
                    Version Number:0x1
                    Type:EXEC (Executable file)
                    OS/ABI:UNIX - Linux
                    ABI Version:0
                    Entry Point Address:0xc09460
                    Flags:0x0
                    ELF Header Size:52
                    Program Header Offset:52
                    Program Header Size:32
                    Number of Program Headers:3
                    Section Header Offset:0
                    Section Header Size:40
                    Number of Section Headers:0
                    Header String Table Index:0
                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                    LOAD0x00xc010000xc010000x96540x96547.96480x5R E0x1000
                    LOAD0xc080x805bc080x805bc080x00x00.00000x6RW 0x1000
                    GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                    Download Network PCAP: filteredfull

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 18, 2024 13:41:46.483175993 CEST510303778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:46.488478899 CEST37785103045.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:46.488543987 CEST510303778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:46.488581896 CEST510303778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:46.493714094 CEST37785103045.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:46.493757963 CEST510303778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:46.498728991 CEST37785103045.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:47.338205099 CEST37785103045.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:47.338247061 CEST37785103045.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:47.338298082 CEST510303778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:47.338298082 CEST510303778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:47.338331938 CEST510303778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:47.338399887 CEST510323778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:47.343450069 CEST37785103245.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:47.343521118 CEST510323778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:47.343569994 CEST510323778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:47.348678112 CEST37785103245.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:47.348758936 CEST510323778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:47.353568077 CEST37785103245.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:48.188290119 CEST37785103245.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:48.188548088 CEST510343778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:48.188550949 CEST510323778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:48.188550949 CEST510323778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:48.193519115 CEST37785103445.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:48.193677902 CEST510343778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:48.193677902 CEST510343778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:48.198893070 CEST37785103445.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:48.199022055 CEST510343778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:48.203851938 CEST37785103445.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:49.028399944 CEST37785103445.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:49.028580904 CEST510343778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:49.028613091 CEST510343778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:49.028650999 CEST510363778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:49.033565998 CEST37785103645.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:49.033674002 CEST510363778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:49.033706903 CEST510363778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:49.038552999 CEST37785103645.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:49.038628101 CEST510363778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:49.043821096 CEST37785103645.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:52.262129068 CEST510383778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:52.341864109 CEST37785103845.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:52.341943026 CEST510383778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:52.341988087 CEST510383778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:52.347091913 CEST37785103845.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:52.347174883 CEST510383778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:52.352005005 CEST37785103845.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:59.036545992 CEST510363778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:41:59.041788101 CEST37785103645.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:59.288364887 CEST37785103645.86.155.23192.168.2.13
                    Oct 18, 2024 13:41:59.288486958 CEST510363778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:42:02.343158007 CEST510383778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:42:02.348226070 CEST37785103845.86.155.23192.168.2.13
                    Oct 18, 2024 13:42:02.585026979 CEST37785103845.86.155.23192.168.2.13
                    Oct 18, 2024 13:42:02.585138083 CEST510383778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:42:59.335248947 CEST510363778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:42:59.340313911 CEST37785103645.86.155.23192.168.2.13
                    Oct 18, 2024 13:42:59.580691099 CEST37785103645.86.155.23192.168.2.13
                    Oct 18, 2024 13:42:59.580827951 CEST510363778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:43:02.641340971 CEST510383778192.168.2.1345.86.155.23
                    Oct 18, 2024 13:43:02.646328926 CEST37785103845.86.155.23192.168.2.13
                    Oct 18, 2024 13:43:02.884501934 CEST37785103845.86.155.23192.168.2.13
                    Oct 18, 2024 13:43:02.884731054 CEST510383778192.168.2.1345.86.155.23

                    System Behavior

                    Start time (UTC):11:41:45
                    Start date (UTC):18/10/2024
                    Path:/tmp/na.elf
                    Arguments:/tmp/na.elf
                    File size:38732 bytes
                    MD5 hash:9b2267f51ff14c38ec4bbc3078440bc0

                    Start time (UTC):11:41:45
                    Start date (UTC):18/10/2024
                    Path:/tmp/na.elf
                    Arguments:-
                    File size:38732 bytes
                    MD5 hash:9b2267f51ff14c38ec4bbc3078440bc0

                    Start time (UTC):11:41:45
                    Start date (UTC):18/10/2024
                    Path:/tmp/na.elf
                    Arguments:-
                    File size:38732 bytes
                    MD5 hash:9b2267f51ff14c38ec4bbc3078440bc0

                    Start time (UTC):11:41:45
                    Start date (UTC):18/10/2024
                    Path:/tmp/na.elf
                    Arguments:-
                    File size:38732 bytes
                    MD5 hash:9b2267f51ff14c38ec4bbc3078440bc0
                    Start time (UTC):11:41:51
                    Start date (UTC):18/10/2024
                    Path:/tmp/na.elf
                    Arguments:-
                    File size:38732 bytes
                    MD5 hash:9b2267f51ff14c38ec4bbc3078440bc0

                    Start time (UTC):11:41:51
                    Start date (UTC):18/10/2024
                    Path:/tmp/na.elf
                    Arguments:-
                    File size:38732 bytes
                    MD5 hash:9b2267f51ff14c38ec4bbc3078440bc0