Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.mips.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.mips.elf
Analysis ID:1555201
MD5:ab7fc7c876a7b878a26aa66c9a2d30bf
SHA1:129f8c2efd2a6e9efa92e06f3372ca7fb76c3bef
SHA256:a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea
Tags:elfuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1555201
Start date and time:2024-11-13 15:32:12 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 48s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.mips.elf
Detection:MAL
Classification:mal56.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.mips.elf

Runtime Messages

Command:/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
PID:5524
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ub8ehJSePAfc9FYqZIT6.mips.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
ub8ehJSePAfc9FYqZIT6.mips.elfMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0x2c4ed:$x5: .mdebug.abi32
  • 0x29eb4:$s1: LCOGQGPTGP

Memory Dumps

SourceRuleDescriptionAuthorStrings
5524.1.00007f504c400000.00007f504c42c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5528.1.00007f504c400000.00007f504c42c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5526.1.00007f504c400000.00007f504c42c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5535.1.00007f504c400000.00007f504c42c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5524Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x7993:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x79a7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x79bb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x79cf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x79e3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x79f7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7a0b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7a1f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7a33:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7a47:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7a5b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7a6f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7a83:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7a97:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7aab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7abf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7ad3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7ae7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7afb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7b0f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x7b23:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: ub8ehJSePAfc9FYqZIT6.mips.elfAvira: detected
Source: global trafficTCP traffic: 192.168.2.15:39918 -> 45.137.70.156:3778
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156
Source: unknownTCP traffic detected without corresponding DNS query: 45.137.70.156

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5524.1.00007f504c400000.00007f504c42c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5528.1.00007f504c400000.00007f504c42c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5526.1.00007f504c400000.00007f504c42c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5535.1.00007f504c400000.00007f504c42c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5524, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5526, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Initial sampleString containing 'busybox' found: /bin/busybox
Source: Initial sampleString containing 'busybox' found: /proc/net/tcp/proc/proc/%d/exe/proc/%s/statusrName:%s/bin/busybox/bin/systemd/usr/bintest/tmp/condi/tmp/zxcr9999/tmp/condinetwork/var/condibot/var/zxcr9999/var/CondiBot/var/condinet/bin/watchdog.x86.x86_64.arm.arm5.arm6.arm7.mips.mipsel.sh4.ppc45.137.70.156
Source: ELF static info symbol of initial sample.symtab present: no
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5524.1.00007f504c400000.00007f504c42c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5528.1.00007f504c400000.00007f504c42c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5526.1.00007f504c400000.00007f504c42c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5535.1.00007f504c400000.00007f504c42c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5524, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5526, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal56.linELF@0/0@0/0
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/110/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/231/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/111/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/112/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/233/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/113/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/114/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/235/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/115/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1333/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/116/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1695/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/117/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/118/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/119/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/911/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/914/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/10/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/917/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/11/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/12/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/13/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/14/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/15/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/16/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/17/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/18/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/19/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1591/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/120/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/121/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/122/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/243/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/2/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/123/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/3/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/124/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1588/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/125/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/4/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/246/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/126/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/5/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/127/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/6/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1585/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/128/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/7/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/129/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/8/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/800/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/9/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/802/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/803/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/804/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/20/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/21/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/3407/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/22/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/23/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/24/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/25/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/26/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/27/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/28/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/29/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1484/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/490/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/250/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/130/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/251/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/131/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/132/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/133/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1479/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/378/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/258/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/259/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/931/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1595/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/812/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/933/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/30/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/3419/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/35/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/3310/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/260/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/261/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/262/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/142/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/263/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/264/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/265/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/145/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/266/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/267/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/268/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/3303/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/269/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1486/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/1806/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/3440/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/270/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)File opened: /proc/271/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5524)Queries kernel information via 'uname': Jump to behavior
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, 5524.1.00007ffd8b998000.00007ffd8b9b9000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5526.1.00007ffd8b998000.00007ffd8b9b9000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5528.1.00007ffd8b998000.00007ffd8b9b9000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5535.1.00007ffd8b998000.00007ffd8b9b9000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/ub8ehJSePAfc9FYqZIT6.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, 5524.1.000055bedd709000.000055bedd7b0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5526.1.000055bedd709000.000055bedd7b0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5528.1.000055bedd709000.000055bedd7b0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5535.1.000055bedd709000.000055bedd7b0000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, 5524.1.000055bedd709000.000055bedd7b0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5526.1.000055bedd709000.000055bedd7b0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5528.1.000055bedd709000.000055bedd7b0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5535.1.000055bedd709000.000055bedd7b0000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, 5524.1.00007ffd8b998000.00007ffd8b9b9000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5526.1.00007ffd8b998000.00007ffd8b9b9000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5528.1.00007ffd8b998000.00007ffd8b9b9000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5535.1.00007ffd8b998000.00007ffd8b9b9000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1555201 Sample: ub8ehJSePAfc9FYqZIT6.mips.elf Startdate: 13/11/2024 Architecture: LINUX Score: 56 20 45.137.70.156, 3778, 39918, 39920 GORACKUS Austria 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 8 ub8ehJSePAfc9FYqZIT6.mips.elf 2->8         started        signatures3 process4 process5 10 ub8ehJSePAfc9FYqZIT6.mips.elf 8->10         started        12 ub8ehJSePAfc9FYqZIT6.mips.elf 8->12         started        14 ub8ehJSePAfc9FYqZIT6.mips.elf 8->14         started        process6 16 ub8ehJSePAfc9FYqZIT6.mips.elf 10->16         started        18 ub8ehJSePAfc9FYqZIT6.mips.elf 10->18         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ub8ehJSePAfc9FYqZIT6.mips.elf100%AviraLINUX/Mirai.bonb

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
45.137.70.156
unknownAustria
19844GORACKUSfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
45.137.70.156ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
    ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
      ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
        ub8ehJSePAfc9FYqZIT6.m68k.elfGet hashmaliciousMiraiBrowse
          ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
            ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
              ub8ehJSePAfc9FYqZIT6.arm6.elfGet hashmaliciousUnknownBrowse
                ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
                  ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                    ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      GORACKUSub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.m68k.elfGet hashmaliciousMiraiBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.arm6.elfGet hashmaliciousUnknownBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                      • 45.137.70.156
                      ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                      • 45.137.70.156

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      No created / dropped files found

                      Static File Info

                      General

                      File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                      Entropy (8bit):4.91996354697311
                      TrID:
                      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                      File name:ub8ehJSePAfc9FYqZIT6.mips.elf
                      File size:182'020 bytes
                      MD5:ab7fc7c876a7b878a26aa66c9a2d30bf
                      SHA1:129f8c2efd2a6e9efa92e06f3372ca7fb76c3bef
                      SHA256:a702b3ac12a3c27748a388408ca60b7a60475d0e34379f5211623b39b22572ea
                      SHA512:e30c82d7a2fdede468848e0ff3dafe0f6f1f03ad9e892b5563a0665039d26b30b998746bf0d14320bb0e6ca69cb88e0413b07cc1a62c48d838969cb5d1cc1b10
                      SSDEEP:3072:ADWRZYX74OslR4vkHgrU4690NkX83Dza7nnYSf1BuBWxJUtFb1liWCBfQ:AqROL4OslRykHgrU7B8X+nDuBWxcFb15
                      TLSH:D004945BBE509F29FA9C57340AF76D24835623B626D5EA4AC19FC6002D7132D2C0FEB1
                      File Content Preview:.ELF.....................@.`...4.........4. ...(.............@...@.........................<.C.<.C.<...h............dt.Q............................'...................<...'.?....!........'9... ......................<...'.?....!... ....'9.`. .............

                      Static ELF Info

                      ELF header

                      Class:ELF32
                      Data:2's complement, big endian
                      Version:1 (current)
                      Machine:MIPS R3000
                      Version Number:0x1
                      Type:EXEC (Executable file)
                      OS/ABI:UNIX - System V
                      ABI Version:0
                      Entry Point Address:0x400260
                      Flags:0x1007
                      ELF Header Size:52
                      Program Header Offset:52
                      Program Header Size:32
                      Number of Program Headers:3
                      Section Header Offset:181500
                      Section Header Size:40
                      Number of Section Headers:13
                      Header String Table Index:12

                      Sections

                      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                      NULL0x00x00x00x00x0000
                      .initPROGBITS0x4000940x940x7c0x00x6AX004
                      .textPROGBITS0x4001100x1100x28cc00x00x6AX0016
                      .finiPROGBITS0x428dd00x28dd00x4c0x00x6AX004
                      .rodataPROGBITS0x428e200x28e200x29900x00x2A0016
                      .ctorsPROGBITS0x43c03c0x2c03c0x80x00x3WA004
                      .dtorsPROGBITS0x43c0440x2c0440x80x00x3WA004
                      .dataPROGBITS0x43c0500x2c0500x180x00x3WA004
                      .gotPROGBITS0x43c0700x2c0700x4340x40x10000003WAp0016
                      .sbssNOBITS0x43c4a40x2c4a40x280x00x10000003WAp004
                      .bssNOBITS0x43c4d00x2c4a40xb2c0x00x3WA0016
                      .mdebug.abi32PROGBITS0x2880x2c4a40x00x00x0001
                      .shstrtabSTRTAB0x00x2c4a40x570x00x0001

                      Program Segments

                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                      LOAD0x00x4000000x4000000x2b7b00x2b7b04.96230x5R E0x10000.init .text .fini .rodata
                      LOAD0x2c03c0x43c03c0x43c03c0x4680xfc04.45670x6RW 0x10000.ctors .dtors .data .got .sbss .bss
                      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Nov 13, 2024 15:33:08.228179932 CET399183778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:08.233227968 CET37783991845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:08.233339071 CET399183778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:08.275993109 CET399183778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:08.280941010 CET37783991845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:08.280992985 CET399183778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:08.285882950 CET37783991845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:13.858156919 CET399203778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:13.863295078 CET37783992045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:13.863383055 CET399203778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:13.921575069 CET399203778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:13.926944017 CET37783992045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:13.926996946 CET399203778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:13.931803942 CET37783992045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:14.796632051 CET37783992045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:14.796883106 CET399203778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:14.797110081 CET399203778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:14.797909021 CET399223778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:14.802793980 CET37783992245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:14.802875042 CET399223778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:14.803580046 CET399223778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:14.808480978 CET37783992245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:14.808542967 CET399223778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:14.813349009 CET37783992245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:15.719362974 CET37783992245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:15.719626904 CET399223778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:15.719674110 CET399223778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:15.720312119 CET399243778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:15.725296974 CET37783992445.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:15.725455046 CET399243778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:15.726089001 CET399243778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:15.730988979 CET37783992445.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:15.731045961 CET399243778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:15.736044884 CET37783992445.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.232110023 CET37783991845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.232132912 CET37783991845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.232338905 CET399183778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.232338905 CET399183778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.232413054 CET399183778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.232945919 CET399263778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.237963915 CET37783992645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.238028049 CET399263778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.238729000 CET399263778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.243586063 CET37783992645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.243654966 CET399263778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.248574972 CET37783992645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.638513088 CET37783992445.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.638768911 CET399243778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.638904095 CET399243778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.639471054 CET399283778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.644494057 CET37783992845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.644567966 CET399283778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.645246983 CET399283778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.649996996 CET37783992845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:16.650048018 CET399283778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:16.655765057 CET37783992845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.133519888 CET37783992645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.133539915 CET37783992645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.133696079 CET399263778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.133696079 CET399263778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.133739948 CET399263778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.134361029 CET399303778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.139210939 CET37783993045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.139276028 CET399303778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.139960051 CET399303778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.144676924 CET37783993045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.144722939 CET399303778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.149585962 CET37783993045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.558314085 CET37783992845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.558423042 CET399283778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.558473110 CET399283778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.558974028 CET399323778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.564389944 CET37783993245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.564449072 CET399323778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.565175056 CET399323778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.570019960 CET37783993245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:17.570094109 CET399323778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:17.574883938 CET37783993245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.061964989 CET37783993045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.062187910 CET37783993045.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.062308073 CET399303778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.062309027 CET399303778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.062395096 CET399303778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.063149929 CET399343778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.068416119 CET37783993445.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.068480968 CET399343778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.069080114 CET399343778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.075052023 CET37783993445.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.075109005 CET399343778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.080140114 CET37783993445.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.495400906 CET37783993245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.495492935 CET37783993245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.495544910 CET399323778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.495544910 CET399323778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.495594025 CET399323778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.495964050 CET37783993245.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.496017933 CET399323778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.496197939 CET399363778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.501132011 CET37783993645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.501229048 CET399363778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.501827002 CET399363778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.508480072 CET37783993645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.508538961 CET399363778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.513605118 CET37783993645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.989566088 CET37783993445.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.989703894 CET399343778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.989826918 CET399343778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.990629911 CET399383778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.995774031 CET37783993845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:18.995871067 CET399383778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:18.996678114 CET399383778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:19.001456022 CET37783993845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:19.001507998 CET399383778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:19.006509066 CET37783993845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:28.513855934 CET399363778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:28.518806934 CET37783993645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:28.794045925 CET37783993645.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:28.794188023 CET399363778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:29.007013083 CET399383778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:33:29.012099028 CET37783993845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:29.285222054 CET37783993845.137.70.156192.168.2.15
                      Nov 13, 2024 15:33:29.285515070 CET399383778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:34:28.842438936 CET399363778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:34:28.847285032 CET37783993645.137.70.156192.168.2.15
                      Nov 13, 2024 15:34:29.122545004 CET37783993645.137.70.156192.168.2.15
                      Nov 13, 2024 15:34:29.122684956 CET399363778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:34:29.342773914 CET399383778192.168.2.1545.137.70.156
                      Nov 13, 2024 15:34:29.347995043 CET37783993845.137.70.156192.168.2.15
                      Nov 13, 2024 15:34:29.745922089 CET37783993845.137.70.156192.168.2.15
                      Nov 13, 2024 15:34:29.746047974 CET399383778192.168.2.1545.137.70.156

                      System Behavior

                      General

                      Start time (UTC):14:33:06
                      Start date (UTC):13/11/2024
                      Path:/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
                      Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
                      File size:5777432 bytes
                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                      Chronological Activities


                      General

                      Start time (UTC):14:33:06
                      Start date (UTC):13/11/2024
                      Path:/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
                      Arguments:-
                      File size:5777432 bytes
                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                      Chronological Activities


                      General

                      Start time (UTC):14:33:06
                      Start date (UTC):13/11/2024
                      Path:/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
                      Arguments:-
                      File size:5777432 bytes
                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                      Chronological Activities


                      General

                      Start time (UTC):14:33:06
                      Start date (UTC):13/11/2024
                      Path:/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
                      Arguments:-
                      File size:5777432 bytes
                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                      Chronological Activities


                      General

                      Start time (UTC):14:33:12
                      Start date (UTC):13/11/2024
                      Path:/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
                      Arguments:-
                      File size:5777432 bytes
                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                      Chronological Activities


                      General

                      Start time (UTC):14:33:12
                      Start date (UTC):13/11/2024
                      Path:/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
                      Arguments:-
                      File size:5777432 bytes
                      MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                      Chronological Activities