Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
.i.elf

Overview

General Information

Sample name:.i.elf
Analysis ID:1540367
MD5:65c96e565b1990d0741fed6bc3c9fb99
SHA1:19b04846121dd88eed2d441a3a5fcb0ad3e9365b
SHA256:a8eee45228616b39ed8273986993f9f990f8ef1b4f61fac48e8f2cb697074a97
Tags:elfuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
ELF contains segments with high entropy indicating compressed/encrypted content
Executes the "rm" command used to delete files or directories
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1540367
Start date and time:2024-10-23 17:42:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 33s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:.i.elf
Detection:MAL
Classification:mal56.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: .i.elf

Runtime Messages

Command:/tmp/.i.elf
PID:6204
Exit Code:139
Exit Code Info:SIGSEGV (11) Segmentation fault invalid memory reference
Killed:False
Standard Output:

Standard Error:qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Process Tree

  • system is lnxubuntu20
  • .i.elf (PID: 6204, Parent: 6128, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/.i.elf
  • dash New Fork (PID: 6261, Parent: 4333)
  • rm (PID: 6261, Parent: 4333, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.7DLQF7GCqO /tmp/tmp.sTLAcw9Ktx /tmp/tmp.5zYVV3nucA
  • dash New Fork (PID: 6262, Parent: 4333)
  • rm (PID: 6262, Parent: 4333, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.7DLQF7GCqO /tmp/tmp.sTLAcw9Ktx /tmp/tmp.5zYVV3nucA
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: .i.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: .i.elfReversingLabs: Detection: 57%
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33606
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33606 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: LOAD without section mappingsProgram segment: 0x100000
Source: classification engineClassification label: mal56.linELF@0/0@0/0
Source: /usr/bin/dash (PID: 6261)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.7DLQF7GCqO /tmp/tmp.sTLAcw9Ktx /tmp/tmp.5zYVV3nucAJump to behavior
Source: /usr/bin/dash (PID: 6262)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.7DLQF7GCqO /tmp/tmp.sTLAcw9Ktx /tmp/tmp.5zYVV3nucAJump to behavior
Source: .i.elfSubmission file: segment LOAD with 7.9891 entropy (max. 8.0)
Source: /tmp/.i.elf (PID: 6204)Queries kernel information via 'uname': Jump to behavior
Source: .i.elf, 6204.1.000056069bce3000.000056069bd6a000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/mips
Source: .i.elf, 6204.1.000056069bce3000.000056069bd6a000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: .i.elf, 6204.1.00007ffc30f0b000.00007ffc30f2c000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
Source: .i.elf, 6204.1.00007ffc30f0b000.00007ffc30f2c000.rw-.sdmpBinary or memory string: H~x86_64/usr/bin/qemu-mips/tmp/.i.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/.i.elf
Source: .i.elf, 6204.1.00007ffc30f0b000.00007ffc30f2c000.rw-.sdmpBinary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
File Deletion		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
.i.elf58%ReversingLabsLinux.Infostealer.Berbew
.i.elf100%AviraLINUX/Siggen.btuqu

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
54.171.230.55
unknownUnited States
16509AMAZON-02USfalse
109.202.202.202
unknownSwitzerland
13030INIT7CHfalse
91.189.91.43
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
91.189.91.42
unknownUnited Kingdom
41231CANONICAL-ASGBfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
54.171.230.55na.elfGet hashmaliciousUnknownBrowse
    sora.m68k.elfGet hashmaliciousMiraiBrowse
      iLoYpTmnHz.elfGet hashmaliciousUnknownBrowse
        zOSCVTuLxE.elfGet hashmaliciousGafgyt, MiraiBrowse
          rondo.i586.elfGet hashmaliciousUnknownBrowse
            InBM8iB3GY.elfGet hashmaliciousUnknownBrowse
              na.elfGet hashmaliciousUnknownBrowse
                na.elfGet hashmaliciousUnknownBrowse
                  na.elfGet hashmaliciousMirai, MoobotBrowse
                    na.elfGet hashmaliciousUnknownBrowse
                      109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                      • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                      91.189.91.43i.elfGet hashmaliciousUnknownBrowse
                        mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                          x86_64.elfGet hashmaliciousOkiruBrowse
                            mips.elfGet hashmaliciousUnknownBrowse
                              x86.elfGet hashmaliciousUnknownBrowse
                                .i.elfGet hashmaliciousUnknownBrowse
                                  na.elfGet hashmaliciousUnknownBrowse
                                    sshd.elfGet hashmaliciousUnknownBrowse
                                      la.bot.arc.elfGet hashmaliciousMiraiBrowse
                                        la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                          91.189.91.42i.elfGet hashmaliciousUnknownBrowse
                                            mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                              x86_64.elfGet hashmaliciousOkiruBrowse
                                                mips.elfGet hashmaliciousUnknownBrowse
                                                  x86.elfGet hashmaliciousUnknownBrowse
                                                    .i.elfGet hashmaliciousUnknownBrowse
                                                      na.elfGet hashmaliciousUnknownBrowse
                                                        sshd.elfGet hashmaliciousUnknownBrowse
                                                          la.bot.arc.elfGet hashmaliciousMiraiBrowse
                                                            la.bot.arm7.elfGet hashmaliciousUnknownBrowse

                                                              Domains

                                                              No context

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              CANONICAL-ASGBi.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              sshd.elfGet hashmaliciousUnknownBrowse
                                                              • 185.125.190.26
                                                              pozY1lq94j.elfGet hashmaliciousOkiruBrowse
                                                              • 185.125.190.26
                                                              mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                              • 91.189.91.42
                                                              x86_64.elfGet hashmaliciousOkiruBrowse
                                                              • 91.189.91.42
                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              arm4.elfGet hashmaliciousUnknownBrowse
                                                              • 185.125.190.26
                                                              x86.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              .i.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              na.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              CANONICAL-ASGBi.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              sshd.elfGet hashmaliciousUnknownBrowse
                                                              • 185.125.190.26
                                                              pozY1lq94j.elfGet hashmaliciousOkiruBrowse
                                                              • 185.125.190.26
                                                              mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                              • 91.189.91.42
                                                              x86_64.elfGet hashmaliciousOkiruBrowse
                                                              • 91.189.91.42
                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              arm4.elfGet hashmaliciousUnknownBrowse
                                                              • 185.125.190.26
                                                              x86.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              .i.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              na.elfGet hashmaliciousUnknownBrowse
                                                              • 91.189.91.42
                                                              AMAZON-02UShttps://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                              • 143.204.215.81
                                                              https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                              • 44.225.139.105
                                                              https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                                                              • 99.86.8.175
                                                              https://c4hbh789.caspio.com/dp/32a4e0002a1934bee62047dd94d1Get hashmaliciousUnknownBrowse
                                                              • 52.30.137.16
                                                              https://t.ly/ZPR23.10Get hashmaliciousUnknownBrowse
                                                              • 185.166.143.48
                                                              https://us-west-2.protection.sophos.com/?d=site.pro&u=aHR0cHM6Ly9jbGF1ZGlha3J1ZWdlci5zaXRlLnByby8=&i=NThlN2NjYzYyOTljZjkxNGY4YmM1Njkz&t=QTRyTlRXbysvd3IyNERLT1pJYVNuNlAvU0FLMVAyb2pCN053UGFJSWtBST0=&h=dd65eaa7298b4ffebbd13b01dcbd3434&s=AVNPUEhUT0NFTkNSWVBUSVYfWTd0VrJEAZ1PFPx8UNdDDkWk4HVuGeVZrBnJzV7IfgGet hashmaliciousUnknownBrowse
                                                              • 13.32.121.106
                                                              https://app.oneflow.com/api/agreements/8821185/assets/b81e65c04f5acdc6369b89fe6d9aba378483abd6.pdf?at=490c38a4784c740c75de3531f3291888226b3acdGet hashmaliciousUnknownBrowse
                                                              • 143.204.98.62
                                                              phish_alert_sp2_2.0.0.0 - 2024-10-23T084901.360.emlGet hashmaliciousHTMLPhisherBrowse
                                                              • 52.37.41.40
                                                              https://u47792559.ct.sendgrid.net/ls/click?upn=u001.MTqDMK6JtN7-2FTdEWJaqfzKd0v6-2F2UOuEVy1BEbPOuF5keILEyv5G4zc7bYwMOjtQyDtk5ATinrPUw-2BgvaOWXHUf0WlANxRqRsC5bgIMsz92EI66c0h8LCsmVnWVsmrPpI9KQ1Av0wtymoWWp-2BKFae4c01wwTj4-2Bc4-2FShOuIMz-2FF27tFVz2F5x4MDQuxXoA4x-2Fcu5H-2Fg77L7jEH4g0Omwq5aK4Y93In2x8xkZN6RxAIHUAnsHSbv9dNDyMDxCYBpt8R83TA5F1J7zglSD-2FSW-2Fd0a8tRp-2BNOUEOuA6djXly5D90m0euJkmiQYtQdEfHSvFPkVrrFqe1nEZHhVloJzR8g5hLEAmRxDgSEFZK-2FqXqnJbl-2BhglFaTEl1wDvxHLUD1uO-2BTuQv6sNuFEeqs2cPheEWcAIXIzMhwOblNbCnyhCV7uIXv-2BFvLbplDjtKpe4BajklPEPnUOiLZHOZLqihj5rKl5QPX7eEc-2FNLKdxSbgeN6u9b-2FwUFYOEhm9BI4B0QB15u2_3kQhj-2Fx94AB656OfV1IXWVEpnawaSuVFYzZeIwKhrRxgV074ZsGZajrnF1U9GVvs6wJ3XBbA3C0q1Y56Q0AQRaWXh1LuzRLTE6iprhcEL7NrcuYjYDUm4vP90-2Bbj-2FhImYDtdIzFtzpuFA5WHpxfUL2yud9dV-2BDWDKpQXCYbpaPnNLCBzkbwUPBcNlUhkSGcYZOYh0eM13-2FQcBNO5FowRb8IXahZEeipzh9UlrLYhGMMEnA7-2FXj615c7jkys6xxIys08fJcymaARJFIlGVEZZIF-2BOZauL7nzVYt76SvvMjlOZShNBXavLnj35TUiU94p3hnTyULCHEKTNYpJWZhAYDMS7oO-2F1YN-2BGIX9GshP8SzvBn7iRk-2BEuMHNjQZSKm5nguAu4ENmR5Hg1doZby47RzA35RD-2BbHOJrasEoXA41le9LsvYyvJEzgXJ-2FiCTBWNoB2BfMGl-2BNVHQi18yc3h-2FOJYtN4eiiAdtc4eggH10ZDuSCfZ49kUepPeatorVmepe7HyIFRvSaHufZxfuRde01mg-3D-3DGet hashmaliciousUnknownBrowse
                                                              • 3.161.82.67
                                                              MglAEOjknh.elfGet hashmaliciousOkiruBrowse
                                                              • 52.196.129.211
                                                              INIT7CHi.elfGet hashmaliciousUnknownBrowse
                                                              • 109.202.202.202
                                                              mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                              • 109.202.202.202
                                                              x86_64.elfGet hashmaliciousOkiruBrowse
                                                              • 109.202.202.202
                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                              • 109.202.202.202
                                                              x86.elfGet hashmaliciousUnknownBrowse
                                                              • 109.202.202.202
                                                              .i.elfGet hashmaliciousUnknownBrowse
                                                              • 109.202.202.202
                                                              na.elfGet hashmaliciousUnknownBrowse
                                                              • 109.202.202.202
                                                              sshd.elfGet hashmaliciousUnknownBrowse
                                                              • 109.202.202.202
                                                              la.bot.arc.elfGet hashmaliciousMiraiBrowse
                                                              • 109.202.202.202
                                                              la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                                              • 109.202.202.202

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              No created / dropped files found

                                                              Static File Info

                                                              General

                                                              File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
                                                              Entropy (8bit):7.989110155271004
                                                              TrID:
                                                              • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                              • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                              File name:.i.elf
                                                              File size:22'848 bytes
                                                              MD5:65c96e565b1990d0741fed6bc3c9fb99
                                                              SHA1:19b04846121dd88eed2d441a3a5fcb0ad3e9365b
                                                              SHA256:a8eee45228616b39ed8273986993f9f990f8ef1b4f61fac48e8f2cb697074a97
                                                              SHA512:5630716705317dbf7ee0015e1ec91a3fa66f645f4f9c92abb76735000f632e3254ee2085eb8024fce022cb86ff915c6d3404db8ebbbc02ba26c176baa006b371
                                                              SSDEEP:384:YTYXvQDuYY2xZ6VTgDK4mpwTl5yejHSDeWBbo7hcXBOo3g1qs9Lc:YTYIDfYG6ZmewZ59+Nw1qsG
                                                              TLSH:CAA2F187279D3743A46255F4F27C7F8972026EADAF7F582B4045316330A311FA64887B
                                                              File Content Preview:.ELF....................../....4.........4. ...(......................Bd..Bd.................G...G.................................................^.......?.E.h4...@b..) ..]..0...a.t<..mc.zy/..>..!c...gM\<j..W`xD'..}...\..].j.L.u...S..i...../..F...@`..'k.

                                                              Static ELF Info

                                                              ELF header

                                                              Class:ELF32
                                                              Data:2's complement, big endian
                                                              Version:1 (current)
                                                              Machine:MIPS R3000
                                                              Version Number:0x1
                                                              Type:EXEC (Executable file)
                                                              OS/ABI:UNIX - System V
                                                              ABI Version:0
                                                              Entry Point Address:0x112fe8
                                                              Flags:0x1007
                                                              ELF Header Size:52
                                                              Program Header Offset:52
                                                              Program Header Size:32
                                                              Number of Program Headers:2
                                                              Section Header Offset:0
                                                              Section Header Size:40
                                                              Number of Section Headers:0
                                                              Header String Table Index:0

                                                              Program Segments

                                                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                              LOAD0x00x1000000x1000000x142640x142647.98910x5R E0x10000
                                                              LOAD0xa6c00x47a6c00x47a6c00x00x00.00000x6RW 0x10000

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 23, 2024 17:42:49.397012949 CEST43928443192.168.2.2391.189.91.42
                                                              Oct 23, 2024 17:42:54.772259951 CEST42836443192.168.2.2391.189.91.43
                                                              Oct 23, 2024 17:42:55.540191889 CEST4251680192.168.2.23109.202.202.202
                                                              Oct 23, 2024 17:43:11.154086113 CEST43928443192.168.2.2391.189.91.42
                                                              Oct 23, 2024 17:43:19.447607994 CEST33606443192.168.2.2354.171.230.55
                                                              Oct 23, 2024 17:43:19.454003096 CEST4433360654.171.230.55192.168.2.23
                                                              Oct 23, 2024 17:43:19.454117060 CEST33606443192.168.2.2354.171.230.55
                                                              Oct 23, 2024 17:43:21.392652035 CEST42836443192.168.2.2391.189.91.43
                                                              Oct 23, 2024 17:43:25.488013983 CEST4251680192.168.2.23109.202.202.202
                                                              Oct 23, 2024 17:43:52.108968973 CEST43928443192.168.2.2391.189.91.42

                                                              System Behavior

                                                              General

                                                              Start time (UTC):15:42:50
                                                              Start date (UTC):23/10/2024
                                                              Path:/tmp/.i.elf
                                                              Arguments:/tmp/.i.elf
                                                              File size:5777432 bytes
                                                              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):15:43:18
                                                              Start date (UTC):23/10/2024
                                                              Path:/usr/bin/dash
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):15:43:18
                                                              Start date (UTC):23/10/2024
                                                              Path:/usr/bin/rm
                                                              Arguments:rm -f /tmp/tmp.7DLQF7GCqO /tmp/tmp.sTLAcw9Ktx /tmp/tmp.5zYVV3nucA
                                                              File size:72056 bytes
                                                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):15:43:18
                                                              Start date (UTC):23/10/2024
                                                              Path:/usr/bin/dash
                                                              Arguments:-
                                                              File size:129816 bytes
                                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                              Chronological Activities


                                                              General

                                                              Start time (UTC):15:43:18
                                                              Start date (UTC):23/10/2024
                                                              Path:/usr/bin/rm
                                                              Arguments:rm -f /tmp/tmp.7DLQF7GCqO /tmp/tmp.sTLAcw9Ktx /tmp/tmp.5zYVV3nucA
                                                              File size:72056 bytes
                                                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                              Chronological Activities