Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.mpsl.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.mpsl.elf
Analysis ID:1555168
MD5:800af0a07d2f5775f6d086e56cc1a0fd
SHA1:6f9c79e21e43084502f6bccf7c0622916f4d0743
SHA256:c1933dd1090dde433da1c2ec98e9069d58025ae009604e4b7ec37f688b53d3b2
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1555168
Start date and time:2024-11-13 14:47:24 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.mpsl.elf
Detection:MAL
Classification:mal64.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.mpsl.elf

Runtime Messages

Command:/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
PID:6234
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ub8ehJSePAfc9FYqZIT6.mpsl.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
ub8ehJSePAfc9FYqZIT6.mpsl.elfMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0x2a4ed:$x5: .mdebug.abi32
  • 0x28304:$s1: LCOGQGPTGP

Memory Dumps

SourceRuleDescriptionAuthorStrings
6234.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6244.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6236.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6238.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6234Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x3ba0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3bb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3bc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3bdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3bf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3c04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3c18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3c2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3c40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3c54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3c68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3c7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3c90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3ca4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3cb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3ccc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3ce0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3cf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3d08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3d1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x3d30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elfReversingLabs: Detection: 52%
Source: global trafficTCP traffic: 192.168.2.23:44482 -> 45.137.70.156:3778
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6234.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6244.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6236.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6238.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6236, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6238, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6244, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Initial sampleString containing 'busybox' found: /bin/busybox
Source: Initial sampleString containing 'busybox' found: /proc/net/tcp/proc/proc/%d/exe/proc/%s/statusrName:%s/bin/busybox/bin/systemd/usr/bintest/tmp/condi/tmp/zxcr9999/tmp/condinetwork/var/condibot/var/zxcr9999/var/CondiBot/var/condinet/bin/watchdog.x86.x86_64.arm.arm5.arm6.arm7.mips.mipsel.sh4.ppc45.137.70.156
Source: ELF static info symbol of initial sample.symtab present: no
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6234.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6244.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6236.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6238.1.00007f8fc4400000.00007f8fc442a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6236, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6238, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6244, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal64.linELF@0/0@0/0
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/6234/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1582/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/3088/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/230/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/110/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/231/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/111/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/232/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1579/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/112/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/233/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1699/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/113/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/234/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1335/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1698/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/114/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/235/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1334/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1576/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/2302/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/115/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/236/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/116/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/237/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/117/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/118/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/910/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/119/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/912/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/10/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/2307/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/11/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/918/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/12/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/13/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/14/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/15/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/16/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/17/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/18/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1594/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/120/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/121/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1349/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/122/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/243/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/123/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/2/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/124/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/3/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/4/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/125/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/126/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1344/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1465/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1586/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/127/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/6/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/248/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/128/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/249/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1463/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/800/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/9/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/801/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/6239/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/20/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/21/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1900/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/22/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/23/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/24/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/25/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/26/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/27/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/28/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/29/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/491/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/250/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/130/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/251/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/252/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/132/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/253/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/254/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/255/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/256/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1599/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/257/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1477/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/379/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/258/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1476/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/259/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1475/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/936/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/30/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/2208/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/35/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1809/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/1494/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/260/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)File opened: /proc/261/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6234)Queries kernel information via 'uname': Jump to behavior
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6234.1.000056357bd95000.000056357be3c000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6236.1.000056357bd95000.000056357be3c000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6238.1.000056357bd95000.000056357be3c000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6244.1.000056357bd95000.000056357be3c000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6234.1.000056357bd95000.000056357be3c000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6236.1.000056357bd95000.000056357be3c000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6238.1.000056357bd95000.000056357be3c000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6244.1.000056357bd95000.000056357be3c000.rw-.sdmpBinary or memory string: {5V!/etc/qemu-binfmt/mipsel
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6234.1.00007ffc500ab000.00007ffc500cc000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6236.1.00007ffc500ab000.00007ffc500cc000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6238.1.00007ffc500ab000.00007ffc500cc000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6244.1.00007ffc500ab000.00007ffc500cc000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6234.1.00007ffc500ab000.00007ffc500cc000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6236.1.00007ffc500ab000.00007ffc500cc000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6238.1.00007ffc500ab000.00007ffc500cc000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6244.1.00007ffc500ab000.00007ffc500cc000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1555168 Sample: ub8ehJSePAfc9FYqZIT6.mpsl.elf Startdate: 13/11/2024 Architecture: LINUX Score: 64 20 109.202.202.202, 80 INIT7CH Switzerland 2->20 22 45.137.70.156, 3778, 44482, 44484 GORACKUS Austria 2->22 24 2 other IPs or domains 2->24 26 Malicious sample detected (through community Yara rule) 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 Multi AV Scanner detection for submitted file 2->30 8 ub8ehJSePAfc9FYqZIT6.mpsl.elf 2->8         started        signatures3 process4 process5 10 ub8ehJSePAfc9FYqZIT6.mpsl.elf 8->10         started        12 ub8ehJSePAfc9FYqZIT6.mpsl.elf 8->12         started        14 ub8ehJSePAfc9FYqZIT6.mpsl.elf 8->14         started        process6 16 ub8ehJSePAfc9FYqZIT6.mpsl.elf 10->16         started        18 ub8ehJSePAfc9FYqZIT6.mpsl.elf 10->18         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ub8ehJSePAfc9FYqZIT6.mpsl.elf53%ReversingLabsLinux.Backdoor.Mirai
ub8ehJSePAfc9FYqZIT6.mpsl.elf100%AviraLINUX/Mirai.bonb

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
45.137.70.156
unknownAustria
19844GORACKUSfalse
109.202.202.202
unknownSwitzerland
13030INIT7CHfalse
91.189.91.43
unknownUnited Kingdom
41231CANONICAL-ASGBfalse
91.189.91.42
unknownUnited Kingdom
41231CANONICAL-ASGBfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
45.137.70.156ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
    ub8ehJSePAfc9FYqZIT6.m68k.elfGet hashmaliciousMiraiBrowse
      ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
        ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
          ub8ehJSePAfc9FYqZIT6.arm6.elfGet hashmaliciousUnknownBrowse
            ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
              ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                  ub8ehJSePAfc9FYqZIT6.mips.elfGet hashmaliciousUnknownBrowse
                    ub8ehJSePAfc9FYqZIT6.ppc.elfGet hashmaliciousUnknownBrowse
                      109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                      • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                      91.189.91.43ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                        dlr.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                          dlr.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                            tftp.elfGet hashmaliciousUnknownBrowse
                              m-i.p-s.ISIS.elfGet hashmaliciousGafgytBrowse
                                a-r.m-7.ISIS.elfGet hashmaliciousGafgytBrowse
                                  dlr.ppc.elfGet hashmaliciousUnknownBrowse
                                    powerpc.elfGet hashmaliciousMiraiBrowse
                                      armv5l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                        mips64.elfGet hashmaliciousGafgyt, MiraiBrowse

                                          Domains

                                          No context

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CANONICAL-ASGBub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          dlr.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                          • 91.189.91.42
                                          dlr.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                          • 91.189.91.42
                                          a-r.m-5.ISIS.elfGet hashmaliciousGafgytBrowse
                                          • 185.125.190.26
                                          tftp.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          m-i.p-s.ISIS.elfGet hashmaliciousGafgytBrowse
                                          • 91.189.91.42
                                          a-r.m-7.ISIS.elfGet hashmaliciousGafgytBrowse
                                          • 91.189.91.42
                                          x-8.6-.ISIS.elfGet hashmaliciousGafgytBrowse
                                          • 185.125.190.26
                                          dlr.ppc.elfGet hashmaliciousUnknownBrowse
                                          • 91.189.91.42
                                          powerpc.elfGet hashmaliciousMiraiBrowse
                                          • 91.189.91.42
                                          INIT7CHub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          dlr.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                          • 109.202.202.202
                                          dlr.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                          • 109.202.202.202
                                          tftp.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          m-i.p-s.ISIS.elfGet hashmaliciousGafgytBrowse
                                          • 109.202.202.202
                                          a-r.m-7.ISIS.elfGet hashmaliciousGafgytBrowse
                                          • 109.202.202.202
                                          dlr.ppc.elfGet hashmaliciousUnknownBrowse
                                          • 109.202.202.202
                                          powerpc.elfGet hashmaliciousMiraiBrowse
                                          • 109.202.202.202
                                          armv5l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 109.202.202.202
                                          mips64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 109.202.202.202
                                          GORACKUSub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.m68k.elfGet hashmaliciousMiraiBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.arm6.elfGet hashmaliciousUnknownBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.mips.elfGet hashmaliciousUnknownBrowse
                                          • 45.137.70.156
                                          ub8ehJSePAfc9FYqZIT6.ppc.elfGet hashmaliciousUnknownBrowse
                                          • 45.137.70.156

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          No created / dropped files found

                                          Static File Info

                                          General

                                          File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                                          Entropy (8bit):4.9435008156574485
                                          TrID:
                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                          File name:ub8ehJSePAfc9FYqZIT6.mpsl.elf
                                          File size:173'828 bytes
                                          MD5:800af0a07d2f5775f6d086e56cc1a0fd
                                          SHA1:6f9c79e21e43084502f6bccf7c0622916f4d0743
                                          SHA256:c1933dd1090dde433da1c2ec98e9069d58025ae009604e4b7ec37f688b53d3b2
                                          SHA512:c478d4c05a133691ed891d3eef1e09b40e44b0e4e131f897e39fb05af4a6fcac9cc7a8401383c641a21211af06f6410abb265238e6f2afda13caf2b09d955310
                                          SSDEEP:1536:8Ib5UayVP3ODubf5fsOuQ1VbDrb2acdUgozxkq5sMElq0mr:8IxyP3R5fMOAa3zx158u
                                          TLSH:50047086BFA13FFFD81ECC364295DE05169D490A12A4BFB66A38D418B75B10E59C3C8C
                                          File Content Preview:.ELF....................`.@.4...........4. ...(...............@...@.....................<...<.C.<.C.h...............Q.td...............................'...................<...'!.............9'.. ........................<...'!... ........q9'.. ............

                                          Static ELF Info

                                          ELF header

                                          Class:ELF32
                                          Data:2's complement, little endian
                                          Version:1 (current)
                                          Machine:MIPS R3000
                                          Version Number:0x1
                                          Type:EXEC (Executable file)
                                          OS/ABI:UNIX - System V
                                          ABI Version:0
                                          Entry Point Address:0x400260
                                          Flags:0x1007
                                          ELF Header Size:52
                                          Program Header Offset:52
                                          Program Header Size:32
                                          Number of Program Headers:3
                                          Section Header Offset:173308
                                          Section Header Size:40
                                          Number of Section Headers:13
                                          Header String Table Index:12

                                          Sections

                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                          NULL0x00x00x00x00x0000
                                          .initPROGBITS0x4000940x940x7c0x00x6AX004
                                          .textPROGBITS0x4001100x1100x271100x00x6AX0016
                                          .finiPROGBITS0x4272200x272200x4c0x00x6AX004
                                          .rodataPROGBITS0x4272700x272700x29900x00x2A0016
                                          .ctorsPROGBITS0x43a03c0x2a03c0x80x00x3WA004
                                          .dtorsPROGBITS0x43a0440x2a0440x80x00x3WA004
                                          .dataPROGBITS0x43a0500x2a0500x180x00x3WA004
                                          .gotPROGBITS0x43a0700x2a0700x4340x40x10000003WAp0016
                                          .sbssNOBITS0x43a4a40x2a4a40x280x00x10000003WAp004
                                          .bssNOBITS0x43a4d00x2a4a40xb2c0x00x3WA0016
                                          .mdebug.abi32PROGBITS0x2880x2a4a40x00x00x0001
                                          .shstrtabSTRTAB0x00x2a4a40x570x00x0001

                                          Program Segments

                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                          LOAD0x00x4000000x4000000x29c000x29c004.96600x5R E0x10000.init .text .fini .rodata
                                          LOAD0x2a03c0x43a03c0x43a03c0x4680xfc04.39350x6RW 0x10000.ctors .dtors .data .got .sbss .bss
                                          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 13, 2024 14:48:15.413815975 CET444823778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:15.418982983 CET37784448245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:15.419048071 CET444823778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:15.464226961 CET444823778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:15.469419956 CET37784448245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:15.469471931 CET444823778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:15.474489927 CET37784448245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:16.351640940 CET37784448245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:16.351696014 CET37784448245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:16.354121923 CET444823778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:16.354121923 CET444823778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:16.354121923 CET444823778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:16.363030910 CET444843778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:16.368213892 CET37784448445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:16.368266106 CET444843778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:16.389023066 CET444843778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:16.394148111 CET37784448445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:16.395010948 CET444843778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:16.399970055 CET37784448445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:17.289160967 CET37784448445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:17.289378881 CET444843778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:17.289378881 CET444843778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:17.289861917 CET444863778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:17.294693947 CET37784448645.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:17.294770002 CET444863778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:17.295384884 CET444863778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:17.300643921 CET37784448645.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:17.300689936 CET444863778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:17.305605888 CET37784448645.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:17.662565947 CET42836443192.168.2.2391.189.91.43
                                          Nov 13, 2024 14:48:18.211992025 CET37784448645.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:18.212244034 CET444863778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:18.212244034 CET444863778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:18.212994099 CET444883778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:18.219741106 CET37784448845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:18.219810009 CET444883778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:18.220407009 CET444883778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:18.225507975 CET37784448845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:18.225567102 CET444883778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:18.230573893 CET37784448845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:18.430483103 CET4251680192.168.2.23109.202.202.202
                                          Nov 13, 2024 14:48:19.132174969 CET37784448845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:19.132220984 CET37784448845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:19.132230043 CET37784448845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:19.132239103 CET37784448845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:19.132473946 CET444883778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:19.132473946 CET444883778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:19.132473946 CET444883778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:19.132529020 CET444883778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:19.132998943 CET444903778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:19.137799978 CET37784449045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:19.137872934 CET444903778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:19.138614893 CET444903778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:19.143413067 CET37784449045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:19.143492937 CET444903778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:19.148336887 CET37784449045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.050287008 CET37784449045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.050311089 CET37784449045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.050545931 CET444903778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.050545931 CET444903778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.050545931 CET444903778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.051151991 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.055948019 CET37784449245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.055994034 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.056529999 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.061388969 CET37784449245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.061522007 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.066565990 CET37784449245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.963140965 CET444943778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.968332052 CET37784449445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.968406916 CET444943778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.969192982 CET37784449245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.969244957 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.969249964 CET37784449245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.969288111 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.969341993 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.969357014 CET37784449245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.969408035 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.969547987 CET37784449245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.969590902 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:20.969767094 CET37784449245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:20.969824076 CET444923778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.002316952 CET444963778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.007426023 CET37784449645.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.007492065 CET444963778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.020354033 CET444943778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.025640011 CET37784449445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.025702000 CET444943778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.030565023 CET37784449445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.034929991 CET444963778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.039855003 CET37784449645.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.039975882 CET444963778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.044966936 CET37784449645.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.865036011 CET37784449445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.865065098 CET37784449445.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.865206957 CET444943778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.865206957 CET444943778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.865605116 CET444943778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.867436886 CET444983778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.872649908 CET37784449845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.872716904 CET444983778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.873529911 CET444983778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.879702091 CET37784449845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.879745960 CET444983778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.887325048 CET37784449845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.910096884 CET37784449645.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.910264015 CET444963778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.910264015 CET444963778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.911343098 CET445003778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.916243076 CET37784450045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.916320086 CET445003778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.919534922 CET445003778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.924407005 CET37784450045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:21.924464941 CET445003778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:21.929358959 CET37784450045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:22.823843956 CET37784450045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:22.823901892 CET37784450045.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:22.824012995 CET445003778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:22.824012995 CET445003778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:22.824100971 CET445003778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:22.827275038 CET445023778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:22.835977077 CET37784450245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:22.836050987 CET445023778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:22.841451883 CET445023778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:22.846462965 CET37784450245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:22.846530914 CET445023778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:22.851459980 CET37784450245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:31.882822990 CET444983778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:31.888401031 CET37784449845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:32.167294025 CET37784449845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:32.167557955 CET444983778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:32.850301981 CET445023778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:32.855542898 CET37784450245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:33.138436079 CET37784450245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:48:33.138638973 CET445023778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:48:33.788225889 CET43928443192.168.2.2391.189.91.42
                                          Nov 13, 2024 14:48:44.026854038 CET42836443192.168.2.2391.189.91.43
                                          Nov 13, 2024 14:48:48.122164965 CET4251680192.168.2.23109.202.202.202
                                          Nov 13, 2024 14:49:14.742436886 CET43928443192.168.2.2391.189.91.42
                                          Nov 13, 2024 14:49:32.220122099 CET444983778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:49:32.225090981 CET37784449845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:49:32.626713037 CET37784449845.137.70.156192.168.2.23
                                          Nov 13, 2024 14:49:32.626892090 CET444983778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:49:33.184676886 CET445023778192.168.2.2345.137.70.156
                                          Nov 13, 2024 14:49:33.192092896 CET37784450245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:49:33.474212885 CET37784450245.137.70.156192.168.2.23
                                          Nov 13, 2024 14:49:33.474340916 CET445023778192.168.2.2345.137.70.156

                                          System Behavior

                                          General

                                          Start time (UTC):13:48:13
                                          Start date (UTC):13/11/2024
                                          Path:/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
                                          Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
                                          File size:5773336 bytes
                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                          Chronological Activities


                                          General

                                          Start time (UTC):13:48:14
                                          Start date (UTC):13/11/2024
                                          Path:/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
                                          Arguments:-
                                          File size:5773336 bytes
                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                          Chronological Activities


                                          General

                                          Start time (UTC):13:48:14
                                          Start date (UTC):13/11/2024
                                          Path:/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
                                          Arguments:-
                                          File size:5773336 bytes
                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                          Chronological Activities


                                          General

                                          Start time (UTC):13:48:14
                                          Start date (UTC):13/11/2024
                                          Path:/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
                                          Arguments:-
                                          File size:5773336 bytes
                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                          Chronological Activities


                                          General

                                          Start time (UTC):13:48:19
                                          Start date (UTC):13/11/2024
                                          Path:/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
                                          Arguments:-
                                          File size:5773336 bytes
                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                          Chronological Activities


                                          General

                                          Start time (UTC):13:48:19
                                          Start date (UTC):13/11/2024
                                          Path:/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
                                          Arguments:-
                                          File size:5773336 bytes
                                          MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                          Chronological Activities