Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
bot.x86_64.elf

Overview

General Information

Sample name:bot.x86_64.elf
Analysis ID:1579517
MD5:949645a3b626bed43c941e3f28d529e1
SHA1:7dbd12e0860813e87a7023fe44bd6b212ec2f9bf
SHA256:8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai, Gafgyt, Okiru
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Gafgyt
Yara detected Mirai
Yara detected Okiru
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1579517
Start date and time:2024-12-22 19:37:06 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 21s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:bot.x86_64.elf
Detection:MAL
Classification:mal100.troj.linELF@0/0@1/0
Command:/tmp/bot.x86_64.elf
PID:5434
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
done.
Standard Error:
  • system is lnxubuntu20
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite
SourceRuleDescriptionAuthorStrings
bot.x86_64.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    bot.x86_64.elfJoeSecurity_OkiruYara detected OkiruJoe Security
      bot.x86_64.elfJoeSecurity_Mirai_3Yara detected MiraiJoe Security
        bot.x86_64.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          bot.x86_64.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0x17480:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17494:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x174f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1750c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17520:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17534:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1755c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x175fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x17610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          Click to see the 15 entries
          SourceRuleDescriptionAuthorStrings
          5434.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_GafgytYara detected GafgytJoe Security
            5434.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
              5434.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_Mirai_3Yara detected MiraiJoe Security
                5434.1.0000000000400000.000000000041b000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
                  5434.1.0000000000400000.000000000041b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
                  • 0x17480:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17494:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x174f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x1750c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17520:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17534:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x1755c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x175fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  • 0x17610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
                  Click to see the 20 entries
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T19:37:57.045269+010020304901Malware Command and Control Activity Detected192.168.2.133736287.120.112.23447925TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T19:37:58.266111+010020304891Malware Command and Control Activity Detected87.120.112.23447925192.168.2.1337362TCP
                  2024-12-22T19:38:09.502199+010020304891Malware Command and Control Activity Detected87.120.112.23447925192.168.2.1337362TCP
                  2024-12-22T19:38:29.506226+010020304891Malware Command and Control Activity Detected87.120.112.23447925192.168.2.1337362TCP
                  2024-12-22T19:38:49.513268+010020304891Malware Command and Control Activity Detected87.120.112.23447925192.168.2.1337362TCP
                  2024-12-22T19:39:09.518198+010020304891Malware Command and Control Activity Detected87.120.112.23447925192.168.2.1337362TCP
                  2024-12-22T19:39:29.524498+010020304891Malware Command and Control Activity Detected87.120.112.23447925192.168.2.1337362TCP
                  2024-12-22T19:39:49.540338+010020304891Malware Command and Control Activity Detected87.120.112.23447925192.168.2.1337362TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: bot.x86_64.elfAvira: detected
                  Source: bot.x86_64.elfVirustotal: Detection: 38%Perma Link
                  Source: bot.x86_64.elfReversingLabs: Detection: 52%
                  Source: bot.x86_64.elfJoe Sandbox ML: detected
                  Source: bot.x86_64.elfString: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f

                  Networking

                  barindex
                  Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.13:37362 -> 87.120.112.234:47925
                  Source: Network trafficSuricata IDS: 2030489 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response : 87.120.112.234:47925 -> 192.168.2.13:37362
                  Source: global trafficTCP traffic: 87.120.112.234 ports 47925,2,4,5,7,9
                  Source: global trafficTCP traffic: 192.168.2.13:37362 -> 87.120.112.234:47925
                  Source: global trafficDNS traffic detected: DNS query: botnet.sharkcdn.net

                  System Summary

                  barindex
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
                  Source: Process Memory Space: bot.x86_64.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
                  Source: Process Memory Space: bot.x86_64.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
                  Source: Initial sampleString containing 'busybox' found: /bin/busybox
                  Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f
                  Source: ELF static info symbol of initial sample.symtab present: no
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
                  Source: bot.x86_64.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
                  Source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
                  Source: Process Memory Space: bot.x86_64.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
                  Source: Process Memory Space: bot.x86_64.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
                  Source: classification engineClassification label: mal100.troj.linELF@0/0@1/0
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/230/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/110/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/231/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/111/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/232/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/3639/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/112/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/233/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/113/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/234/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/114/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/235/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/115/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/236/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/116/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/237/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/117/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/238/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/118/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/239/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/5379/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/119/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/914/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/10/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/917/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/11/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/12/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/13/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/5274/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/14/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/15/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/16/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/17/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/18/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/19/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/240/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/3095/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/120/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/241/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/121/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/242/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/1/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/122/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/243/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/2/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/123/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/244/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/3/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/124/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/245/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/1588/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/125/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/4/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/246/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/126/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/5/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/247/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/127/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/6/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/248/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/128/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/7/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/249/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/129/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/8/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/800/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/9/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/1906/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/802/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/803/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/20/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/21/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/22/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/23/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/24/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/25/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/26/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/27/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/28/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/29/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/3420/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/1482/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/490/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/1480/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/250/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/371/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/130/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/251/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/131/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/252/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/132/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/253/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/254/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/1238/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/134/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/255/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/256/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/257/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/378/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/3413/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/258/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/259/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/1475/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/936/cmdlineJump to behavior
                  Source: /tmp/bot.x86_64.elf (PID: 5436)File opened: /proc/30/cmdlineJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: bot.x86_64.elf PID: 5434, type: MEMORYSTR
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: bot.x86_64.elf PID: 5434, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
                  Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: bot.x86_64.elf PID: 5434, type: MEMORYSTR
                  Source: Yara matchFile source: bot.x86_64.elf, type: SAMPLE
                  Source: Yara matchFile source: 5434.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: bot.x86_64.elf PID: 5434, type: MEMORYSTR
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting
                  Valid AccountsWindows Management Instrumentation1
                  Scripting
                  Path InterceptionDirect Volume Access1
                  OS Credential Dumping
                  System Service DiscoveryRemote ServicesData from Local System1
                  Non-Standard Port
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
                  Non-Application Layer Protocol
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
                  Application Layer Protocol
                  Automated ExfiltrationData Encrypted for Impact
                  No configs have been found
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Number of created Files
                  • Is malicious
                  • Internet
                  SourceDetectionScannerLabelLink
                  bot.x86_64.elf38%VirustotalBrowse
                  bot.x86_64.elf53%ReversingLabsLinux.Backdoor.Mirai
                  bot.x86_64.elf100%AviraEXP/ELF.Mirai.Z.A
                  bot.x86_64.elf100%Joe Sandbox ML
                  No Antivirus matches
                  No Antivirus matches
                  No Antivirus matches
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  botnet.sharkcdn.net
                  87.120.112.234
                  truefalse
                    high
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    87.120.112.234
                    botnet.sharkcdn.netBulgaria
                    25206UNACS-AS-BG8000BurgasBGfalse
                    No context
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    botnet.sharkcdn.netbot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                    • 154.213.187.106
                    bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    • 154.213.187.106
                    bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    • 154.213.187.106
                    bot.m68k.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    • 154.213.187.106
                    bot.x86_64.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    • 154.213.187.106
                    bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    • 154.213.187.106
                    bot.ppc.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    • 154.213.187.106
                    bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    • 154.213.187.106
                    bot.mips.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                    • 154.213.187.106
                    bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                    • 154.213.187.106
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    UNACS-AS-BG8000BurgasBGt5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                    • 87.120.125.77
                    List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                    • 87.120.127.215
                    g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                    • 87.120.127.215
                    305iz8bs.exeGet hashmaliciousUnknownBrowse
                    • 87.120.125.214
                    305iz8bs.exeGet hashmaliciousUnknownBrowse
                    • 87.120.125.214
                    https://www.google.gr/url?url=https://pniuvlpkjqhdwff&exox=rvhqtix&eaydny=ysf&gzfds=lqrwiz&nci=qtwmzch&iccvb=yhwtsp&vtqs=avtajyu&oagvzgp=irlq&mvdoc=embwrj&yylmwei=tmn&mntt=qqcvuhkd&lkydbjfiod=izjcgyubqc&q=amp/anre6g6.j%c2%adh%c2%adhn%c2%adt%c2%addd%c2%adsm%c2%ado%c2%admcw%c2%adw%c2%adgu%c2%adno.com%e2%80%8b/99twfh3p8&gcyx=ncgobia&yfevoul=wtloixvv&hukl=qfkmtky&nlhwnbr=bwkoiopy&eqfw=bmcpntp&vlvegw=zdbpajeyq&ghrv=kcdfwrl&kyddme=myxsnvtxf&asco=mgumegd&dvvibf=hzfexefeg&osme=bdyguyp&njtjvd=bkelfwmxg&bxrb=ltpyjsv&girpat=lswjchrwc&qapj=wwwowde&vahefc=ghseyzgyf&ahaj=zfqmkuo&pfsfeu=ttucmtamu&sffs=oxaajjo&hbwhgy=mgfzglmmo&bdwl=oifsufx&befsmv=jskhtmnps&sfjy=powmsnr&zixjqp=jyttdwbmu&fzkp=hztiqjm&jmzuvc=ufyoeqgfi&zujr=jxtbdtg&plvxoh=fxumxxddw&nkin=ykbzrdh&lghzli=agvbttfta&suag=ioudcjc&zpptpx=dxacgdnox&hmfz=yueoymp&fnshpz=wgayslegy&gjtg=qcjjozv&rymask=thcxzfpca&zcgn=ywtonnx&kqrpog=kgfvcqswk&imwa=wlvocxf&ggqznt=budaflbgp&zjhr=zscgach&esrhmq=qjdngljnl&ppoz=nhwzlik&zejsqg=vnvpaymyl&dnqb=kjswpyt&kunwbg=pzauoqliz&bqlz=qabnsnu&dlfnsr=dakxdfzen&uffg=uwnswdr&ywjevz=bnvkfavcb&rrob=celdmvn&czdusr=sjfjazfqw&ipgr=exylggn&fltcvh=sdfsricvf&byfs=apntxot&javhwh=nyphchiee&owbh=haflpez&mbyvqw=pdzpxeedx&ejov=taakkyw&oylsfz=qnzuplrnz&hxrq=ovegslq&duqjcc=pjwdpyvec&uoec=pjouxrb&eiezwk=okbkttiao&knji=kcmfaqe&qmathj=vymnqrvxa&gajs=riewukz&czxhiu=uysriqpma&avwe=gssbenk&jnwgpb=iqkroelwx&sjyt=zhxfzpx&liqoqs=bbajxgpxm&dqqu=ztzooam&haagcu=gkijlwgjy&mnsq=uervedi&yckhpb=ngqrbrqpc&pkne=nwisdfz&eqsiqu=mlrhvpuavGet hashmaliciousUnknownBrowse
                    • 87.120.114.172
                    17.12.2024 ________.exeGet hashmaliciousRedLineBrowse
                    • 87.120.120.86
                    #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeGet hashmaliciousRedLineBrowse
                    • 87.120.120.86
                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                    • 87.120.127.228
                    file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, XmrigBrowse
                    • 87.120.127.228
                    No context
                    No context
                    No created / dropped files found
                    File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                    Entropy (8bit):5.285138854759949
                    TrID:
                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                    File name:bot.x86_64.elf
                    File size:143'832 bytes
                    MD5:949645a3b626bed43c941e3f28d529e1
                    SHA1:7dbd12e0860813e87a7023fe44bd6b212ec2f9bf
                    SHA256:8e004d7002aa63ba91910213768b7c40232a23871f14e1779f322d9eb30e4edd
                    SHA512:235e9c1d9a1c974c193178593cf511c8f21c75e2b30e60cccbfa6c9ea0c9fd4702a16fdf07791ff39850b7e3075d9ba563e69d42bf3c49c63e276d3b4d98fbb4
                    SSDEEP:3072:mTUTfCdO6FFto6z6EwKhc/t/ekNaogMewcgsK027uPOlM:mTUTfCdO6FFto6cwwQdAM
                    TLSH:FBE34A07B4C184FDC4DAC1B44B9FF53AED32B0AD1238B16B27D4AA222E59E215F1DA54
                    File Content Preview:.ELF..............>.......@.....@.......X/..........@.8...@.......................@.......@...............................................Q.......Q.....p.......................Q.td....................................................H...._....zk..H........

                    ELF header

                    Class:ELF64
                    Data:2's complement, little endian
                    Version:1 (current)
                    Machine:Advanced Micro Devices X86-64
                    Version Number:0x1
                    Type:EXEC (Executable file)
                    OS/ABI:UNIX - System V
                    ABI Version:0
                    Entry Point Address:0x400194
                    Flags:0x0
                    ELF Header Size:64
                    Program Header Offset:64
                    Program Header Size:56
                    Number of Program Headers:3
                    Section Header Offset:143192
                    Section Header Size:64
                    Number of Section Headers:10
                    Header String Table Index:9
                    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                    NULL0x00x00x00x00x0000
                    .initPROGBITS0x4000e80xe80x130x00x6AX001
                    .textPROGBITS0x4001000x1000x16ba60x00x6AX0016
                    .finiPROGBITS0x416ca60x16ca60xe0x00x6AX001
                    .rodataPROGBITS0x416cc00x16cc00x33e00x00x2A0032
                    .ctorsPROGBITS0x51a0a80x1a0a80x180x00x3WA008
                    .dtorsPROGBITS0x51a0c00x1a0c00x100x00x3WA008
                    .dataPROGBITS0x51a0e00x1a0e00x8e380x00x3WA0032
                    .bssNOBITS0x522f200x22f180x72a00x00x3WA0032
                    .shstrtabSTRTAB0x00x22f180x3e0x00x0001
                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                    LOAD0x00x4000000x4000000x1a0a00x1a0a06.41970x5R E0x100000.init .text .fini .rodata
                    LOAD0x1a0a80x51a0a80x51a0a80x8e700x101180.22800x6RW 0x100000.ctors .dtors .data .bss
                    GNU_STACK0x00x00x00x00x00.00000x6RW 0x8
                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-12-22T19:37:57.045269+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.133736287.120.112.23447925TCP
                    2024-12-22T19:37:58.266111+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.112.23447925192.168.2.1337362TCP
                    2024-12-22T19:38:09.502199+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.112.23447925192.168.2.1337362TCP
                    2024-12-22T19:38:29.506226+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.112.23447925192.168.2.1337362TCP
                    2024-12-22T19:38:49.513268+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.112.23447925192.168.2.1337362TCP
                    2024-12-22T19:39:09.518198+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.112.23447925192.168.2.1337362TCP
                    2024-12-22T19:39:29.524498+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.112.23447925192.168.2.1337362TCP
                    2024-12-22T19:39:49.540338+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.112.23447925192.168.2.1337362TCP
                    TimestampSource PortDest PortSource IPDest IP
                    Dec 22, 2024 19:37:56.924339056 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:37:57.044287920 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:37:57.044378996 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:37:57.045269012 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:37:57.204164028 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:37:58.266110897 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:37:58.266338110 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:38:08.275774002 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:38:08.398530960 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:38:09.502198935 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:38:09.502454996 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:38:29.506226063 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:38:29.506402016 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:38:49.513267994 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:38:49.513619900 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:39:09.518198013 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:39:09.518352985 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:39:29.524497986 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:39:29.524622917 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:39:49.540338039 CET479253736287.120.112.234192.168.2.13
                    Dec 22, 2024 19:39:49.540482044 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:39:59.547074080 CET3736247925192.168.2.1387.120.112.234
                    Dec 22, 2024 19:39:59.686392069 CET479253736287.120.112.234192.168.2.13
                    TimestampSource PortDest PortSource IPDest IP
                    Dec 22, 2024 19:37:56.416815042 CET4531153192.168.2.138.8.8.8
                    Dec 22, 2024 19:37:56.923854113 CET53453118.8.8.8192.168.2.13
                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Dec 22, 2024 19:37:56.416815042 CET192.168.2.138.8.8.80xaa13Standard query (0)botnet.sharkcdn.netA (IP address)IN (0x0001)false
                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Dec 22, 2024 19:37:56.923854113 CET8.8.8.8192.168.2.130xaa13No error (0)botnet.sharkcdn.net87.120.112.234A (IP address)IN (0x0001)false

                    System Behavior

                    Start time (UTC):18:37:55
                    Start date (UTC):22/12/2024
                    Path:/tmp/bot.x86_64.elf
                    Arguments:/tmp/bot.x86_64.elf
                    File size:143832 bytes
                    MD5 hash:949645a3b626bed43c941e3f28d529e1

                    Start time (UTC):18:37:55
                    Start date (UTC):22/12/2024
                    Path:/tmp/bot.x86_64.elf
                    Arguments:-
                    File size:143832 bytes
                    MD5 hash:949645a3b626bed43c941e3f28d529e1

                    Start time (UTC):18:37:55
                    Start date (UTC):22/12/2024
                    Path:/tmp/bot.x86_64.elf
                    Arguments:-
                    File size:143832 bytes
                    MD5 hash:949645a3b626bed43c941e3f28d529e1