Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
garm.elf

Overview

General Information

Sample name:garm.elf
Analysis ID:1554846
MD5:eaf13720c7e9a394720513cf8651e285
SHA1:f76db016c3b02047d5f7e3548f6ef0d80af0c39d
SHA256:1eb1b349c68c6a7921102e3009c61d3c4d84982fcad3cb7f621373d93eea86e1
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1554846
Start date and time:2024-11-13 01:19:47 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 29s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:garm.elf
Detection:MAL
Classification:mal48.linELF@0/1@0/0

Runtime Messages

Command:/tmp/garm.elf
PID:5557
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Onboard the boat
Standard Error:

Process Tree

  • system is lnxubuntu20
  • garm.elf (PID: 5557, Parent: 5483, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/garm.elf
    • garm.elf New Fork (PID: 5559, Parent: 5557)
      • garm.elf New Fork (PID: 5561, Parent: 5559)
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: garm.elfReversingLabs: Detection: 44%
Source: garm.elfVirustotal: Detection: 34%Perma Link
Source: garm.elfString: wgettftpcurlftpget/proc/proc/%s/cmdliner/.
Source: global trafficTCP traffic: 192.168.2.15:49560 -> 154.213.187.125:51321
Source: /tmp/garm.elf (PID: 5557)Socket: 127.0.0.1:51101Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: unknownTCP traffic detected without corresponding DNS query: 154.213.187.125
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.linELF@0/1@0/0
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1333/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1695/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/911/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/914/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/917/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/5393/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/15/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/16/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/17/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/19/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1591/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/120/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/121/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/122/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/243/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/123/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/3/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/124/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/125/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/4/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/246/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/126/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/5/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/127/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/6/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1585/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/128/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/7/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/129/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/8/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/9/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/804/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/20/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/21/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/3407/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/22/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/23/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/24/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/25/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/26/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/27/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/28/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/29/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1484/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/250/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/130/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/251/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/131/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/132/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/133/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1479/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/378/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/258/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/259/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/931/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1595/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/812/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/933/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/3897/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/30/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/3419/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/35/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/3310/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/260/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/261/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/262/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/142/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/263/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/264/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/265/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/145/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/266/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/267/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/268/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/3303/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/269/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1486/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/1806/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5561)File opened: /proc/3440/cmdlineJump to behavior
Source: /tmp/garm.elf (PID: 5557)Queries kernel information via 'uname': Jump to behavior
Source: garm.elf, 5557.1.00007ffc8bc9f000.00007ffc8bcc0000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/garm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/garm.elf
Source: garm.elf, 5557.1.000055880f52b000.000055880f659000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: garm.elf, 5557.1.000055880f52b000.000055880f659000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: garm.elf, 5557.1.00007ffc8bc9f000.00007ffc8bcc0000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume Access1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1554846 Sample: garm.elf Startdate: 13/11/2024 Architecture: LINUX Score: 48 14 154.213.187.125, 49560, 49562, 49564 DDOSING-BGP-NETWORKUS Seychelles 2->14 16 Multi AV Scanner detection for submitted file 2->16 8 garm.elf 2->8         started        signatures3 process4 process5 10 garm.elf 8->10         started        process6 12 garm.elf 10->12         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
garm.elf45%ReversingLabsLinux.Trojan.Mirai
garm.elf34%VirustotalBrowse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
154.213.187.125
unknownSeychelles
22769DDOSING-BGP-NETWORKUSfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
154.213.187.125x86.elfGet hashmaliciousUnknownBrowse
    gmips.elfGet hashmaliciousUnknownBrowse
      arm.elfGet hashmaliciousUnknownBrowse
        gx86.elfGet hashmaliciousUnknownBrowse

          Domains

          No context

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          DDOSING-BGP-NETWORKUSx86.elfGet hashmaliciousUnknownBrowse
          • 154.213.187.125
          gmips.elfGet hashmaliciousUnknownBrowse
          • 154.213.187.125
          arm.elfGet hashmaliciousUnknownBrowse
          • 154.213.187.125
          gx86.elfGet hashmaliciousUnknownBrowse
          • 154.213.187.125
          mpsl.b.elfGet hashmaliciousMiraiBrowse
          • 154.213.187.68
          arm.b.elfGet hashmaliciousUnknownBrowse
          • 154.213.187.68
          mirai.m68k.elfGet hashmaliciousUnknownBrowse
          • 154.213.189.2
          mirai.arm7.elfGet hashmaliciousMiraiBrowse
          • 154.213.189.2
          mirai.sh4.elfGet hashmaliciousUnknownBrowse
          • 154.213.189.2
          mirai.spc.elfGet hashmaliciousUnknownBrowse
          • 154.213.189.2

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          /tmp/qemu-open.qIc2aJ (deleted)

          Download File
          Process:/tmp/garm.elf
          File Type:data
          Category:dropped
          Size (bytes):14
          Entropy (8bit):3.521640636343319
          Encrypted:false
          SSDEEP:3:TgHYC:TgH
          MD5:0F0D9627D0CE342681AADAA55BAC3F39
          SHA1:92BDADBBD60881ECBB50B7714C5D5AF7F036E329
          SHA-256:8B8CF3FC8E1EA8DB0CA13038E38F7F52A62C230265F37F9C590242FBC13032D2
          SHA-512:8BD64C91B2372BF612E7D319B2C5FEF16D62780EE558C492D3838933E93C5B50451F51AB86F5E1151DEDF1B51B6BE03FE9E6E5CFE9E3E8D718AA7753E93CDFA4
          Malicious:false
          Reputation:low
          Preview:/tmp/garm.elf.

          Static File Info

          General

          File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
          Entropy (8bit):6.047308493671198
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:garm.elf
          File size:56'652 bytes
          MD5:eaf13720c7e9a394720513cf8651e285
          SHA1:f76db016c3b02047d5f7e3548f6ef0d80af0c39d
          SHA256:1eb1b349c68c6a7921102e3009c61d3c4d84982fcad3cb7f621373d93eea86e1
          SHA512:2547b8cbfb7e407f9748bd7d8d21262e8cfcd6b3f166e5acefa32c857b8697c9bc1bc52774def47973938844a9b34a8f024e93d7f6fa82141a7a5fcc76b78e2a
          SSDEEP:768:tvJctZDg78GncRUz6N3uNyJNQE+GAsBMExuilEBCRRmM3QVhLgWvUI:gtZDkcRY65uNyn72ExL6gTxAXkWvU
          TLSH:02432A41BC829613C6C5127BFB5E428D372A13E8E2EA7303DE266F21378795B0DBB551
          File Content Preview:.ELF...a..........(.........4...........4. ...(.....................................................l...Pe..........Q.td..................................-...L."...T1..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, little endian
          Version:1 (current)
          Machine:ARM
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:ARM - ABI
          ABI Version:0
          Entry Point Address:0x8190
          Flags:0x202
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:56252
          Section Header Size:40
          Number of Section Headers:10
          Header String Table Index:9

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x80940x940x180x00x6AX004
          .textPROGBITS0x80b00xb00xc5880x00x6AX0016
          .finiPROGBITS0x146380xc6380x140x00x6AX004
          .rodataPROGBITS0x1464c0xc64c0x11c00x00x2A004
          .ctorsPROGBITS0x1d8100xd8100x80x00x3WA004
          .dtorsPROGBITS0x1d8180xd8180x80x00x3WA004
          .dataPROGBITS0x1d8240xd8240x3580x00x3WA004
          .bssNOBITS0x1db7c0xdb7c0x61e40x00x3WA004
          .shstrtabSTRTAB0x00xdb7c0x3e0x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x80000x80000xd80c0xd80c6.08740x5R E0x8000.init .text .fini .rodata
          LOAD0xd8100x1d8100x1d8100x36c0x65502.67110x6RW 0x8000.ctors .dtors .data .bss
          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Nov 13, 2024 01:20:42.322334051 CET4956051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:42.327172995 CET5132149560154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:42.327229023 CET4956051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:42.359081984 CET4956051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:42.364021063 CET5132149560154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:42.364109993 CET4956051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:42.368879080 CET5132149560154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:43.338819981 CET5132149560154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:43.339006901 CET4956051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:43.343806982 CET5132149560154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:44.359740973 CET4956251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:44.364624977 CET5132149562154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:44.364670992 CET4956251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:44.398797989 CET4956251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:44.404582024 CET5132149562154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:44.404627085 CET4956251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:44.409478903 CET5132149562154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:45.394109964 CET5132149562154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:45.394218922 CET4956251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:45.399049997 CET5132149562154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:46.395423889 CET4956451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:46.400302887 CET5132149564154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:46.400373936 CET4956451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:46.401266098 CET4956451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:46.406054974 CET5132149564154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:46.406097889 CET4956451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:46.410871029 CET5132149564154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:47.402539015 CET5132149564154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:47.402765989 CET4956451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:47.407547951 CET5132149564154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:48.403974056 CET4956651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:48.412003040 CET5132149566154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:48.412096977 CET4956651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:48.412961006 CET4956651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:48.417921066 CET5132149566154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:48.417973042 CET4956651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:48.422872066 CET5132149566154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:49.414238930 CET5132149566154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:49.414333105 CET4956651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:49.419272900 CET5132149566154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:50.415627003 CET4956851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:50.420691967 CET5132149568154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:50.420831919 CET4956851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:50.421704054 CET4956851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:50.426511049 CET5132149568154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:50.426577091 CET4956851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:50.431432962 CET5132149568154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:51.435739994 CET5132149568154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:51.435959101 CET4956851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:51.440876961 CET5132149568154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:52.437011003 CET4957051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:52.441978931 CET5132149570154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:52.442027092 CET4957051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:52.442656040 CET4957051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:52.447630882 CET5132149570154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:52.447670937 CET4957051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:52.452673912 CET5132149570154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:53.427298069 CET5132149570154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:53.427423000 CET4957051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:53.432343960 CET5132149570154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:54.428659916 CET4957251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:54.433612108 CET5132149572154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:54.433669090 CET4957251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:54.434374094 CET4957251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:54.439148903 CET5132149572154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:54.439189911 CET4957251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:54.443979025 CET5132149572154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:55.444614887 CET5132149572154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:55.444762945 CET4957251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:55.449829102 CET5132149572154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:56.446218014 CET4957451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:56.451406002 CET5132149574154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:56.451471090 CET4957451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:56.452236891 CET4957451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:56.457000971 CET5132149574154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:56.457067013 CET4957451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:56.461874962 CET5132149574154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:57.454361916 CET5132149574154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:57.454511881 CET4957451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:57.459331036 CET5132149574154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:58.455790043 CET4957651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:58.460701942 CET5132149576154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:58.460794926 CET4957651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:58.461493015 CET4957651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:58.466382027 CET5132149576154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:58.466454029 CET4957651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:58.471275091 CET5132149576154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:59.461419106 CET5132149576154.213.187.125192.168.2.15
          Nov 13, 2024 01:20:59.461586952 CET4957651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:20:59.466387033 CET5132149576154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:00.462889910 CET4957851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:00.468192101 CET5132149578154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:00.468278885 CET4957851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:00.468976021 CET4957851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:00.475368023 CET5132149578154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:00.475420952 CET4957851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:00.481700897 CET5132149578154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:01.463588953 CET5132149578154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:01.463785887 CET4957851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:01.468863964 CET5132149578154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:02.465542078 CET4958051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:02.470596075 CET5132149580154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:02.470679998 CET4958051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:02.471560001 CET4958051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:02.476376057 CET5132149580154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:02.476430893 CET4958051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:02.481323004 CET5132149580154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:03.469563961 CET5132149580154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:03.469716072 CET4958051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:03.474600077 CET5132149580154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:04.470941067 CET4958251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:04.475969076 CET5132149582154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:04.476033926 CET4958251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:04.476681948 CET4958251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:04.481537104 CET5132149582154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:04.481620073 CET4958251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:04.486500025 CET5132149582154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:05.462531090 CET5132149582154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:05.462673903 CET4958251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:05.467653036 CET5132149582154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:06.464042902 CET4958451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:06.468967915 CET5132149584154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:06.469037056 CET4958451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:06.469645023 CET4958451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:06.474380016 CET5132149584154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:06.474425077 CET4958451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:06.479307890 CET5132149584154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:07.469152927 CET5132149584154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:07.469290972 CET4958451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:07.474109888 CET5132149584154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:08.470937014 CET4958651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:08.475786924 CET5132149586154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:08.475857019 CET4958651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:08.476809978 CET4958651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:08.482315063 CET5132149586154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:08.482366085 CET4958651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:08.488221884 CET5132149586154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:09.511540890 CET5132149586154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:09.511750937 CET4958651321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:09.516616106 CET5132149586154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:10.512742043 CET4958851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:10.517720938 CET5132149588154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:10.517777920 CET4958851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:10.518377066 CET4958851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:10.523317099 CET5132149588154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:10.523384094 CET4958851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:10.528146982 CET5132149588154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:11.529277086 CET5132149588154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:11.529426098 CET4958851321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:11.534259081 CET5132149588154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:12.530718088 CET4959051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:12.535725117 CET5132149590154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:12.535794020 CET4959051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:12.536406040 CET4959051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:12.541259050 CET5132149590154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:12.541302919 CET4959051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:12.546112061 CET5132149590154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:13.523524046 CET5132149590154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:13.523767948 CET4959051321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:13.529915094 CET5132149590154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:14.525234938 CET4959251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:14.530138016 CET5132149592154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:14.530211926 CET4959251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:14.531267881 CET4959251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:14.536029100 CET5132149592154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:14.536098003 CET4959251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:14.540874004 CET5132149592154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:15.516486883 CET5132149592154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:15.516614914 CET4959251321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:15.521517992 CET5132149592154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:16.518054962 CET4959451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:16.522964001 CET5132149594154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:16.523040056 CET4959451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:16.523921013 CET4959451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:16.528734922 CET5132149594154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:16.528808117 CET4959451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:16.533629894 CET5132149594154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:26.531979084 CET4959451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:21:26.536989927 CET5132149594154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:26.797326088 CET5132149594154.213.187.125192.168.2.15
          Nov 13, 2024 01:21:26.797385931 CET4959451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:22:26.848145008 CET4959451321192.168.2.15154.213.187.125
          Nov 13, 2024 01:22:26.853048086 CET5132149594154.213.187.125192.168.2.15
          Nov 13, 2024 01:22:27.113487005 CET5132149594154.213.187.125192.168.2.15
          Nov 13, 2024 01:22:27.113709927 CET4959451321192.168.2.15154.213.187.125

          System Behavior

          General

          Start time (UTC):00:20:41
          Start date (UTC):13/11/2024
          Path:/tmp/garm.elf
          Arguments:/tmp/garm.elf
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          Chronological Activities


          General

          Start time (UTC):00:20:41
          Start date (UTC):13/11/2024
          Path:/tmp/garm.elf
          Arguments:-
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          Chronological Activities


          General

          Start time (UTC):00:20:41
          Start date (UTC):13/11/2024
          Path:/tmp/garm.elf
          Arguments:-
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          Chronological Activities