Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.x86_64.elf

Overview

General Information

Sample name:	ub8ehJSePAfc9FYqZIT6.x86_64.elf
Analysis ID:	1555170
MD5:	ad7cf51c3a7814b58d8eb586f23bf0cc
SHA1:	2b92c49d7db83feb5f0acc5684b1fcc3aa3d0624
SHA256:	d1b8fe918f0baa5caa3261e64f22a5c680eab278c57fbedd3b990a27cf677bc1
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1555170
Start date and time:	2024-11-13 14:48:18 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ub8ehJSePAfc9FYqZIT6.x86_64.elf
Detection:	MAL
Classification:	mal68.linELF@0/0@0/0

Warnings

VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.x86_64.elf

Runtime Messages

Command:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
PID:	5444
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444, Parent: 5367, MD5: ad7cf51c3a7814b58d8eb586f23bf0cc) Arguments: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 5445, Parent: 5444)

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 5446, Parent: 5445)

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 5447, Parent: 5445)

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 5456, Parent: 5444)

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 5457, Parent: 5444)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ub8ehJSePAfc9FYqZIT6.x86_64.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
ub8ehJSePAfc9FYqZIT6.x86_64.elf	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01

Memory Dumps

Source	Rule	Description	Author	Strings
5445.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5445.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5446.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5446.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5444.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5444.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5456.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5456.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5444	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x191f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1933:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1947:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x195b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x196f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1983:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1997:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a0f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a23:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a37:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a4b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a5f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a73:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a87:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a9b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aaf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5445	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1106:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x112e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1142:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1156:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x117e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1192:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x120a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x121e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1232:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1246:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x125a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5446	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x52c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x540:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x554:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x568:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x57c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x590:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x61c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x66c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5456	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x196c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ac0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ad4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ae8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1afc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf

ReversingLabs: Detection: 63%

Machine Learning detection for sample

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.13:39930 -> 45.137.70.156:3778

Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.70.156

System Summary

Malicious sample detected (through community Yara rule)

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5445.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5445.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5446.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5446.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5444.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5444.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5456.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5456.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5444, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5445, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5446, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5456, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: /proc/net/tcp.x86.x86_64.arm.arm5.arm6.arm7.mips.mipsel.sh4.ppc/proc/proc/%d/exe/proc/%s/statusrName:%s/bin/busybox/bin/systemd/usr/bintest/tmp/condi/tmp/zxcr9999/tmp/condinetwork/var/condibot/var/zxcr9999/var/CondiBot/var/condinet/bin/watchdog45.137.70.156

Source: ELF static info symbol of initial sample

.symtab present: no

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5445.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5445.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5446.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5446.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5444.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5444.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5456.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5456.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5444, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5445, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5446, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5456, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal68.linELF@0/0@0/0

Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/238/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/239/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/914/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/917/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/3651/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/19/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/240/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/3095/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/5391/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/241/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/242/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/244/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/245/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/1588/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/246/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/5/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/247/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/7/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/129/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/8/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/1906/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/802/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/803/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/5284/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/3782/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/3420/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/1482/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/490/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/1480/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/371/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/131/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/1238/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/134/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/378/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/3413/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 5444)	File opened: /proc/936/status	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
ub8ehJSePAfc9FYqZIT6.x86_64.elf	63%	ReversingLabs	Linux.Backdoor.Mirai
ub8ehJSePAfc9FYqZIT6.x86_64.elf	100%	Avira	EXP/ELF.Mirai.M
ub8ehJSePAfc9FYqZIT6.x86_64.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.137.70.156	unknown	Austria		19844	GORACKUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
45.137.70.156	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.m68k.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.arm6.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.i686.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GORACKUS	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.m68k.elf	Get hash	malicious	Mirai	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.arm6.elf	Get hash	malicious	Unknown	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.i686.elf	Get hash	malicious	Unknown	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	45.137.70.156
	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse	45.137.70.156

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.0748092062522385
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	ub8ehJSePAfc9FYqZIT6.x86_64.elf
File size:	80'440 bytes
MD5:	ad7cf51c3a7814b58d8eb586f23bf0cc
SHA1:	2b92c49d7db83feb5f0acc5684b1fcc3aa3d0624
SHA256:	d1b8fe918f0baa5caa3261e64f22a5c680eab278c57fbedd3b990a27cf677bc1
SHA512:	b3e9ad817554cea0732d41819ba7eaaf6abf532464eabe874318f105e2691517d3814a719cad703e05b7bb1702310aee6a3fc18b1b661cbf34fed6d8e9b400e8
SSDEEP:	1536:gtQ59MwY2MhldlO+ttM98cKJdxZZxJ+BAQoEQ1It3R+yd5bUWarW8j0tZxH1c2Ym:gfwfsdlX/3AnmM
TLSH:	99730813FA8240FCC197D13446FEA476E932B9FE132876560794BE312A22E215F1DE99
File Content Preview:	.ELF..............>.......@.....@........7..........@.8...@.......................@.......@.....\|&......\|&........ ............. 7...... 7a..... 7a.....T................. .....Q.td....................................................P.b....M...X...........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	79800
Section Header Size:	64
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x4000e8	0xe8	0xd	0x0	0x6	AX	1
.text	PROGBITS	0x400100	0x100	0xfc72	0x0	0x6	AX	16
.fini	PROGBITS	0x40fd72	0xfd72	0x8	0x0	0x6	AX	1
.rodata	PROGBITS	0x40fd80	0xfd80	0x28fc	0x0	0x2	A	32
.ctors	PROGBITS	0x613720	0x13720	0x10	0x0	0x3	WA	8
.dtors	PROGBITS	0x613730	0x13730	0x10	0x0	0x3	WA	8
.data	PROGBITS	0x613748	0x13748	0x2c	0x0	0x3	WA	8
.bss	NOBITS	0x613780	0x13774	0x1380	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x13774	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1267c	0x1267c	6.3214	0x5	R E	0x200000	.init .text .fini .rodata
LOAD	0x13720	0x613720	0x613720	0x54	0x13e0	1.9506	0x6	RW	0x200000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 13, 2024 14:49:07.320278883 CET	39930	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:07.325390100 CET	3778	39930	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:07.325484991 CET	39930	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:07.331199884 CET	39930	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:07.336040974 CET	3778	39930	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:07.336086988 CET	39930	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:07.340976000 CET	3778	39930	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:08.229273081 CET	3778	39930	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:08.229326963 CET	3778	39930	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:08.229528904 CET	39930	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:08.229528904 CET	39930	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:08.229626894 CET	39930	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:08.231112957 CET	39932	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:08.236058950 CET	3778	39932	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:08.236170053 CET	39932	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:08.239438057 CET	39932	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:08.244385958 CET	3778	39932	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:08.244457006 CET	39932	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:08.249309063 CET	3778	39932	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:09.147922993 CET	3778	39932	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:09.147949934 CET	3778	39932	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:09.148155928 CET	39932	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:09.148155928 CET	39932	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:09.148211956 CET	39932	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:09.148751020 CET	39934	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:09.153613091 CET	3778	39934	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:09.153826952 CET	39934	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:09.154789925 CET	39934	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:09.159816980 CET	3778	39934	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:09.159912109 CET	39934	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:09.164768934 CET	3778	39934	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:10.058995962 CET	3778	39934	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:10.059279919 CET	39934	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.059281111 CET	39934	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.059890985 CET	39936	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.064663887 CET	3778	39936	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:10.064718962 CET	39936	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.065453053 CET	39936	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.070231915 CET	3778	39936	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:10.070297003 CET	39936	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.075155020 CET	3778	39936	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:10.968266964 CET	3778	39936	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:10.968513966 CET	39936	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.968513966 CET	39936	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.969084024 CET	39938	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.974822044 CET	3778	39938	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:10.975023031 CET	39938	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.975677967 CET	39938	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.980597019 CET	3778	39938	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:10.980721951 CET	39938	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:10.985790014 CET	3778	39938	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:11.880126953 CET	3778	39938	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:11.880145073 CET	3778	39938	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:11.880353928 CET	39938	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:11.880353928 CET	39938	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:11.880353928 CET	39938	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:11.880878925 CET	39940	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:11.885654926 CET	3778	39940	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:11.885749102 CET	39940	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:11.886511087 CET	39940	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:11.891591072 CET	3778	39940	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:11.891666889 CET	39940	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:11.896478891 CET	3778	39940	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.812355995 CET	3778	39940	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.812402964 CET	3778	39940	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.812441111 CET	3778	39940	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.812541008 CET	39940	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.812541008 CET	39940	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.812541008 CET	39940	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.812577009 CET	39940	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.813355923 CET	39942	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.818234921 CET	3778	39942	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.819003105 CET	39942	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.819351912 CET	39942	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.824269056 CET	3778	39942	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.824418068 CET	39942	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.829885960 CET	3778	39942	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.864367008 CET	39944	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.869488001 CET	3778	39944	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.869537115 CET	39944	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.870805979 CET	39944	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.875823975 CET	3778	39944	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:12.875864983 CET	39944	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:12.880770922 CET	3778	39944	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:22.827965975 CET	39942	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:22.833000898 CET	3778	39942	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:22.880891085 CET	39944	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:22.885812044 CET	3778	39944	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:23.108377934 CET	3778	39942	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:23.108549118 CET	39942	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:49:23.159403086 CET	3778	39944	45.137.70.156	192.168.2.13
Nov 13, 2024 14:49:23.159728050 CET	39944	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:50:23.162139893 CET	39942	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:50:23.167424917 CET	3778	39942	45.137.70.156	192.168.2.13
Nov 13, 2024 14:50:23.220287085 CET	39944	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:50:23.225317001 CET	3778	39944	45.137.70.156	192.168.2.13
Nov 13, 2024 14:50:23.443511963 CET	3778	39942	45.137.70.156	192.168.2.13
Nov 13, 2024 14:50:23.443933964 CET	39942	3778	192.168.2.13	45.137.70.156
Nov 13, 2024 14:50:23.502080917 CET	3778	39944	45.137.70.156	192.168.2.13
Nov 13, 2024 14:50:23.502286911 CET	39944	3778	192.168.2.13	45.137.70.156

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5444, Parent PID: 5367

General

Start time (UTC):	13:49:06
Start date (UTC):	13/11/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
File size:	80440 bytes
MD5 hash:	ad7cf51c3a7814b58d8eb586f23bf0cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5445, Parent PID: 5444

General

Start time (UTC):	13:49:06
Start date (UTC):	13/11/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	80440 bytes
MD5 hash:	ad7cf51c3a7814b58d8eb586f23bf0cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5446, Parent PID: 5445

General

Start time (UTC):	13:49:06
Start date (UTC):	13/11/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	80440 bytes
MD5 hash:	ad7cf51c3a7814b58d8eb586f23bf0cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5447, Parent PID: 5445

General

Start time (UTC):	13:49:06
Start date (UTC):	13/11/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	80440 bytes
MD5 hash:	ad7cf51c3a7814b58d8eb586f23bf0cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5456, Parent PID: 5444

General

Start time (UTC):	13:49:12
Start date (UTC):	13/11/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	80440 bytes
MD5 hash:	ad7cf51c3a7814b58d8eb586f23bf0cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5457, Parent PID: 5444

General

Start time (UTC):	13:49:12
Start date (UTC):	13/11/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	80440 bytes
MD5 hash:	ad7cf51c3a7814b58d8eb586f23bf0cc

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ub8ehJSePAfc9FYqZIT6.x86_64.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5444, Parent PID: 5367

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5445, Parent PID: 5444

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5446, Parent PID: 5445

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5447, Parent PID: 5445

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5456, Parent PID: 5444

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 5457, Parent PID: 5444

General

Chronological Activities

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.x86_64.elf