Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.x86.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.x86.elf
Analysis ID:1579575
MD5:fc32f8a67d1b0590d25d38c2614d72d9
SHA1:be2059efd5d4fcd999672caa7970019eb160bf13
SHA256:1bd4414e839b5d0be6d814d0d3daae5f64df063fb87865d32fbe815e02d587fa
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1579575
Start date and time:2024-12-23 01:32:05 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.x86.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@0/0
Command:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
PID:6218
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • cleanup
SourceRuleDescriptionAuthorStrings
6220.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x10874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1089c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10900:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10914:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10928:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1093c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10950:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10964:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10978:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1098c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6220.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x8f3b:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
6220.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_dab39a25unknownunknown
  • 0x7726:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
6220.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x7052:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6218.1.0000000008048000.000000000805b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x10874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1089c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x108ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10900:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10914:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10928:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1093c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10950:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10964:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10978:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1098c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x109f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 15 entries
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: ub8ehJSePAfc9FYqZIT6.x86.elfReversingLabs: Detection: 42%
Source: ub8ehJSePAfc9FYqZIT6.x86.elfVirustotal: Detection: 42%Perma Link
Source: ub8ehJSePAfc9FYqZIT6.x86.elfJoe Sandbox ML: detected
Source: global trafficTCP traffic: 192.168.2.23:45326 -> 195.26.252.19:3778
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
Source: ub8ehJSePAfc9FYqZIT6.x86.elfString found in binary or memory: http://upx.sf.net
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Source: 6220.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6220.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6220.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6220.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6218.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6218.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6218.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6218.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6224.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6224.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6224.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6224.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6219.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6219.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6219.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6219.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6218, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6219, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6220, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6224, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 6220.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6220.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6220.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6220.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6218.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6218.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6218.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6218.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6224.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6224.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6224.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6224.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6219.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6219.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6219.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6219.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6218, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6219, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6220, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86.elf PID: 6224, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1582/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/3088/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/230/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/110/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/231/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/111/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/232/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1579/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/112/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/233/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1699/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/113/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/234/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1335/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1698/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/114/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/235/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1334/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1576/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/2302/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/115/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/236/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/116/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/237/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/117/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/118/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/910/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/119/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/912/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/10/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/2307/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/11/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/918/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/12/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/13/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/14/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/15/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/16/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/17/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/18/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1594/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/120/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/121/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1349/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/122/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/243/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/123/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/2/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/124/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/3/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/4/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/125/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/126/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1344/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1465/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1586/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/127/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/6/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/248/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/128/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/249/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1463/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/800/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/9/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/801/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/20/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/21/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1900/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/22/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/23/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/24/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/25/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/26/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/27/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/28/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/29/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/491/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/250/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/130/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/251/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/252/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/132/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/253/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/254/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/255/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/256/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1599/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/257/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1477/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/379/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/258/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1476/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/259/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1475/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/936/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/30/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/2208/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/35/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1809/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/1494/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/260/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/261/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/141/statusJump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86.elf (PID: 6218)File opened: /proc/262/statusJump to behavior
Source: ub8ehJSePAfc9FYqZIT6.x86.elfSubmission file: segment LOAD with 7.962 entropy (max. 8.0)
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information
1
OS Credential Dumping
System Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
ub8ehJSePAfc9FYqZIT6.x86.elf42%ReversingLabsLinux.Backdoor.Mirai
ub8ehJSePAfc9FYqZIT6.x86.elf43%VirustotalBrowse
ub8ehJSePAfc9FYqZIT6.x86.elf100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netub8ehJSePAfc9FYqZIT6.x86.elffalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    109.202.202.202
    unknownSwitzerland
    13030INIT7CHfalse
    195.26.252.19
    unknownUnited Kingdom
    8897KCOM-SPNService-ProviderNetworkex-MistralGBfalse
    91.189.91.43
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    91.189.91.42
    unknownUnited Kingdom
    41231CANONICAL-ASGBfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
    • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
    91.189.91.43bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
      bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
        bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
          loligang.m68k.elfGet hashmaliciousMiraiBrowse
            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
              bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                loligang.arm5.elfGet hashmaliciousMiraiBrowse
                  loligang.arm6.elfGet hashmaliciousMiraiBrowse
                    woega6.elfGet hashmaliciousMiraiBrowse
                      hidakibest.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
                        91.189.91.42bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                          bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                            bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                              loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                  bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                    loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                      loligang.arm6.elfGet hashmaliciousMiraiBrowse
                                        woega6.elfGet hashmaliciousMiraiBrowse
                                          hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            No context
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CANONICAL-ASGBbot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                            • 91.189.91.42
                                            bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 91.189.91.42
                                            bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 91.189.91.42
                                            loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 91.189.91.42
                                            bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                            • 91.189.91.42
                                            loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            loligang.arm6.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            woega6.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 91.189.91.42
                                            CANONICAL-ASGBbot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                            • 91.189.91.42
                                            bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 91.189.91.42
                                            bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 91.189.91.42
                                            loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 91.189.91.42
                                            bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                            • 91.189.91.42
                                            loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            loligang.arm6.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            woega6.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 91.189.91.42
                                            INIT7CHbot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                            • 109.202.202.202
                                            bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 109.202.202.202
                                            bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 109.202.202.202
                                            loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                            • 109.202.202.202
                                            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 109.202.202.202
                                            bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                            • 109.202.202.202
                                            loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                            • 109.202.202.202
                                            loligang.arm6.elfGet hashmaliciousMiraiBrowse
                                            • 109.202.202.202
                                            woega6.elfGet hashmaliciousMiraiBrowse
                                            • 109.202.202.202
                                            hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 109.202.202.202
                                            KCOM-SPNService-ProviderNetworkex-MistralGBla.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                            • 213.254.174.221
                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 193.108.169.23
                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 217.154.178.248
                                            ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                            • 159.15.89.185
                                            IGz.mpsl.elfGet hashmaliciousMiraiBrowse
                                            • 158.179.218.195
                                            TRC.ppc.elfGet hashmaliciousMiraiBrowse
                                            • 159.15.172.177
                                            zZ8OdFfZnb.exeGet hashmaliciousUnknownBrowse
                                            • 194.164.163.84
                                            pH6L2VWRbU.dllGet hashmaliciousUnknownBrowse
                                            • 194.164.163.84
                                            la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                            • 158.179.254.255
                                            QHLQyYBiH7.exeGet hashmaliciousAsyncRATBrowse
                                            • 195.26.255.81
                                            No context
                                            No context
                                            No created / dropped files found
                                            File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
                                            Entropy (8bit):7.9601025974562205
                                            TrID:
                                            • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                            • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                            File name:ub8ehJSePAfc9FYqZIT6.x86.elf
                                            File size:38'716 bytes
                                            MD5:fc32f8a67d1b0590d25d38c2614d72d9
                                            SHA1:be2059efd5d4fcd999672caa7970019eb160bf13
                                            SHA256:1bd4414e839b5d0be6d814d0d3daae5f64df063fb87865d32fbe815e02d587fa
                                            SHA512:b99e74e7b031a5f21b1fece80c6976718a33efb3da3c13949fa8053f1e47970f335766a4376f33edff2dfaf79b144669ef28387dc73e9ff34cb77c94b47b9047
                                            SSDEEP:768:dxaYe0syQ8V3uZJYDR+AGJyQlYuOwqakXzEp3Lj7CGyNGQG12nbcuyD7UrQRjJ:CYgBe3uZgR+zZiw807j7CGb2nouy8ryd
                                            TLSH:F503F16E98DC1ECFEE7903F05A7BF80F2F00D501C95AA5D68381702A246AB12F959753
                                            File Content Preview:.ELF....................P...4...........4. ...(.....................D...D...........................................Q.td.............................-..UPX!.........2...2......W..........?..k.I/.j....\.R......)..n.4go.|.>#.....{~o....8.F.^...MFL.f.5 ..I.r

                                            ELF header

                                            Class:ELF32
                                            Data:2's complement, little endian
                                            Version:1 (current)
                                            Machine:Intel 80386
                                            Version Number:0x1
                                            Type:EXEC (Executable file)
                                            OS/ABI:UNIX - Linux
                                            ABI Version:0
                                            Entry Point Address:0xc09450
                                            Flags:0x0
                                            ELF Header Size:52
                                            Program Header Offset:52
                                            Program Header Size:32
                                            Number of Program Headers:3
                                            Section Header Offset:0
                                            Section Header Size:40
                                            Number of Section Headers:0
                                            Header String Table Index:0
                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                            LOAD0x00xc010000xc010000x96440x96447.96200x5R E0x1000
                                            LOAD0xc080x805bc080x805bc080x00x00.00000x6RW 0x1000
                                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4
                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 23, 2024 01:32:43.535165071 CET453263778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:43.654809952 CET377845326195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:43.654871941 CET453263778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:43.654905081 CET453263778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:43.774440050 CET377845326195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:43.774509907 CET453263778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:43.894243956 CET377845326195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:44.394105911 CET43928443192.168.2.2391.189.91.42
                                            Dec 23, 2024 01:32:44.793503046 CET377845326195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:44.793692112 CET453263778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:44.793692112 CET453263778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:44.793718100 CET453283778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:44.913310051 CET377845328195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:44.913521051 CET453283778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:44.913521051 CET453283778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:45.033150911 CET377845328195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:45.033258915 CET453283778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:45.152867079 CET377845328195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:46.050942898 CET377845328195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:46.051070929 CET453283778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:46.051071882 CET453283778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:46.051120043 CET453303778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:46.170689106 CET377845330195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:46.170775890 CET453303778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:46.170795918 CET453303778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:46.290334940 CET377845330195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:46.290419102 CET453303778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:46.409950972 CET377845330195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:47.308016062 CET377845330195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:47.308161020 CET453303778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:47.308161020 CET453303778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:47.308245897 CET453323778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:47.427923918 CET377845332195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:47.428014994 CET453323778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:47.428051949 CET453323778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:47.547653913 CET377845332195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:47.547772884 CET453323778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:47.667264938 CET377845332195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:48.563385010 CET377845332195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:48.563669920 CET453323778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:48.563669920 CET453323778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:48.563669920 CET453343778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:48.683440924 CET377845334195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:48.683617115 CET453343778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:48.683617115 CET453343778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:48.804394960 CET377845334195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:48.804577112 CET453343778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:48.924362898 CET377845334195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:48.946918011 CET453363778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:49.067029953 CET377845336195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:49.067235947 CET453363778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:49.067235947 CET453363778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:49.187259912 CET377845336195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:49.187484026 CET453363778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:49.307218075 CET377845336195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:50.025427103 CET42836443192.168.2.2391.189.91.43
                                            Dec 23, 2024 01:32:50.206240892 CET377845336195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:50.206430912 CET453363778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:50.206430912 CET453363778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:50.206430912 CET453383778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:50.326183081 CET377845338195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:50.326387882 CET453383778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:50.326387882 CET453383778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:50.445974112 CET377845338195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:50.446139097 CET453383778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:50.566041946 CET377845338195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:51.465167999 CET377845338195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:51.465405941 CET453383778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:51.465406895 CET453383778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:51.465425014 CET453403778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:51.561207056 CET4251680192.168.2.23109.202.202.202
                                            Dec 23, 2024 01:32:51.585091114 CET377845340195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:51.585334063 CET453403778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:51.585334063 CET453403778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:51.705059052 CET377845340195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:51.705235004 CET453403778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:51.824871063 CET377845340195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:52.729178905 CET377845340195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:52.729357004 CET453403778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:52.729357004 CET453403778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:52.729396105 CET453423778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:52.849477053 CET377845342195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:52.849656105 CET453423778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:52.849656105 CET453423778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:52.969330072 CET377845342195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:52.969449043 CET453423778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:53.089165926 CET377845342195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:53.988363028 CET377845342195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:53.988583088 CET453443778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:53.988584042 CET453423778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:53.988584042 CET453423778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:54.108525038 CET377845344195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:54.108706951 CET453443778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:54.108706951 CET453443778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:54.229543924 CET377845344195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:54.229885101 CET453443778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:54.349503994 CET377845344195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:55.250983000 CET377845344195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:55.251285076 CET453443778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:55.251286030 CET453443778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:55.251286030 CET453463778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:55.371007919 CET377845346195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:55.371247053 CET453463778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:55.371248007 CET453463778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:55.490901947 CET377845346195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:55.491079092 CET453463778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:55.610677004 CET377845346195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:56.513391018 CET377845346195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:56.513586044 CET453463778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:56.513586044 CET453463778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:56.513647079 CET453483778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:56.633260012 CET377845348195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:56.633487940 CET453483778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:56.633488894 CET453483778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:56.753432035 CET377845348195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:56.753673077 CET453483778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:56.873215914 CET377845348195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:57.771965981 CET377845348195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:57.772249937 CET453483778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:57.772250891 CET453483778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:57.772250891 CET453503778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:57.891949892 CET377845350195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:57.892183065 CET453503778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:57.892183065 CET453503778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:58.012020111 CET377845350195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:58.012204885 CET453503778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:58.132018089 CET377845350195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:58.692352057 CET453343778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:58.812021017 CET377845334195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:59.030879974 CET377845350195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:59.031061888 CET453503778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:59.031061888 CET453503778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:59.031099081 CET453523778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:59.032449961 CET377845334195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:59.032510996 CET453343778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:59.150847912 CET377845352195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:59.151133060 CET453523778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:59.151133060 CET453523778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:59.270956039 CET377845352195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:32:59.271192074 CET453523778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:32:59.391052008 CET377845352195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:00.289751053 CET377845352195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:00.290015936 CET453523778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:00.290035009 CET453523778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:00.290072918 CET453543778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:00.409653902 CET377845354195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:00.409931898 CET453543778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:00.409931898 CET453543778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:00.529624939 CET377845354195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:00.529779911 CET453543778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:00.649313927 CET377845354195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:01.548549891 CET377845354195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:01.548846006 CET453543778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:01.548872948 CET453543778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:01.548930883 CET453563778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:01.668504953 CET377845356195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:01.668598890 CET453563778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:01.668730021 CET453563778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:01.788358927 CET377845356195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:01.788499117 CET453563778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:01.908159018 CET377845356195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:02.806865931 CET377845356195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:02.807156086 CET453563778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:02.807156086 CET453563778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:02.807156086 CET453583778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:02.926871061 CET377845358195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:02.927017927 CET453583778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:02.927062035 CET453583778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:03.046669006 CET377845358195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:03.046806097 CET453583778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:03.166582108 CET377845358195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:04.066706896 CET377845358195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:04.066956043 CET453583778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:04.066956043 CET453583778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:04.066982985 CET453603778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:04.187138081 CET377845360195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:04.187412977 CET453603778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:04.187474012 CET453603778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:04.308942080 CET377845360195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:04.309151888 CET453603778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:04.428774118 CET377845360195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:04.871340990 CET43928443192.168.2.2391.189.91.42
                                            Dec 23, 2024 01:33:05.332504988 CET377845360195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:05.332634926 CET453603778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:05.332674026 CET453603778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:05.332701921 CET453623778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:05.452455997 CET377845362195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:05.452683926 CET453623778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:05.452824116 CET453623778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:05.572444916 CET377845362195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:05.572607994 CET453623778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:05.692393064 CET377845362195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:06.590965033 CET377845362195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:06.591222048 CET453623778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:06.591222048 CET453623778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:06.591229916 CET453643778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:06.710952044 CET377845364195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:06.711086988 CET453643778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:06.711087942 CET453643778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:06.830718994 CET377845364195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:06.830904961 CET453643778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:06.950644970 CET377845364195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:07.849319935 CET377845364195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:07.849546909 CET453643778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:07.849546909 CET453643778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:07.849548101 CET453663778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:07.969260931 CET377845366195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:07.969518900 CET453663778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:07.969679117 CET453663778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:08.089387894 CET377845366195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:08.089510918 CET453663778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:08.209229946 CET377845366195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:09.106834888 CET377845366195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:09.107050896 CET453663778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:09.107094049 CET453663778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:09.107188940 CET453683778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:09.226891041 CET377845368195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:09.227036953 CET453683778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:09.227185011 CET453683778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:09.346796036 CET377845368195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:09.346981049 CET453683778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:09.466607094 CET377845368195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:10.365797043 CET377845368195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:10.366046906 CET453683778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:10.366048098 CET453683778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:10.366137981 CET453703778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:10.485685110 CET377845370195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:10.485976934 CET453703778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:10.485976934 CET453703778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:10.605606079 CET377845370195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:10.605822086 CET453703778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:10.725363970 CET377845370195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:11.625118017 CET377845370195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:11.625293016 CET453703778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:11.625293016 CET453703778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:11.625334978 CET453723778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:11.745052099 CET377845372195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:11.745333910 CET453723778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:11.745423079 CET453723778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:11.865046024 CET377845372195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:11.865257978 CET453723778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:11.984863043 CET377845372195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:12.884144068 CET377845372195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:12.884316921 CET453723778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:12.884398937 CET453723778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:12.884427071 CET453743778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:13.004018068 CET377845374195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:13.004271030 CET453743778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:13.004271984 CET453743778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:13.123938084 CET377845374195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:13.124207973 CET453743778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:13.243834972 CET377845374195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:14.142160892 CET377845374195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:14.142586946 CET453763778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:14.142637968 CET453743778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:14.142637968 CET453743778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:14.262284994 CET377845376195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:14.262554884 CET453763778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:14.262659073 CET453763778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:14.382148027 CET377845376195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:14.382432938 CET453763778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:14.501966953 CET377845376195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:15.401684999 CET377845376195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:15.401963949 CET453763778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:15.401963949 CET453763778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:15.402007103 CET453783778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:15.521568060 CET377845378195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:15.521894932 CET453783778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:15.522068977 CET453783778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:15.641556978 CET377845378195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:15.641828060 CET453783778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:15.761344910 CET377845378195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:16.662620068 CET377845378195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:16.662925005 CET453783778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:16.663001060 CET453783778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:16.663058996 CET453803778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:16.782824039 CET377845380195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:16.782984972 CET453803778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:16.783044100 CET453803778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:16.902637959 CET377845380195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:16.902879953 CET453803778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:17.022408962 CET377845380195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:17.157663107 CET42836443192.168.2.2391.189.91.43
                                            Dec 23, 2024 01:33:17.920057058 CET377845380195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:17.920214891 CET453803778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:17.920214891 CET453803778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:17.920214891 CET453823778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:18.040025949 CET377845382195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:18.040196896 CET453823778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:18.040196896 CET453823778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:18.159939051 CET377845382195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:18.160022974 CET453823778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:18.279608011 CET377845382195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:19.178926945 CET377845382195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:19.179121971 CET453823778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:19.179122925 CET453823778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:19.179132938 CET453843778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:19.298748970 CET377845384195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:19.298949003 CET453843778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:19.298990965 CET453843778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:19.418663979 CET377845384195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:19.418755054 CET453843778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:19.538439035 CET377845384195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:21.253171921 CET4251680192.168.2.23109.202.202.202
                                            Dec 23, 2024 01:33:29.307771921 CET453843778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:29.427917004 CET377845384195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:29.648196936 CET377845384195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:29.648627996 CET453843778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:45.825824976 CET43928443192.168.2.2391.189.91.42
                                            Dec 23, 2024 01:33:59.085172892 CET453343778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:33:59.205106974 CET377845334195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:59.427504063 CET377845334195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:33:59.427663088 CET453343778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:34:29.698030949 CET453843778192.168.2.23195.26.252.19
                                            Dec 23, 2024 01:34:29.817856073 CET377845384195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:34:30.096898079 CET377845384195.26.252.19192.168.2.23
                                            Dec 23, 2024 01:34:30.097085953 CET453843778192.168.2.23195.26.252.19

                                            System Behavior

                                            Start time (UTC):00:32:42
                                            Start date (UTC):23/12/2024
                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                            Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                            File size:38716 bytes
                                            MD5 hash:fc32f8a67d1b0590d25d38c2614d72d9

                                            Start time (UTC):00:32:42
                                            Start date (UTC):23/12/2024
                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                            Arguments:-
                                            File size:38716 bytes
                                            MD5 hash:fc32f8a67d1b0590d25d38c2614d72d9

                                            Start time (UTC):00:32:42
                                            Start date (UTC):23/12/2024
                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                            Arguments:-
                                            File size:38716 bytes
                                            MD5 hash:fc32f8a67d1b0590d25d38c2614d72d9

                                            Start time (UTC):00:32:42
                                            Start date (UTC):23/12/2024
                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                            Arguments:-
                                            File size:38716 bytes
                                            MD5 hash:fc32f8a67d1b0590d25d38c2614d72d9
                                            Start time (UTC):00:32:48
                                            Start date (UTC):23/12/2024
                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                            Arguments:-
                                            File size:38716 bytes
                                            MD5 hash:fc32f8a67d1b0590d25d38c2614d72d9

                                            Start time (UTC):00:32:48
                                            Start date (UTC):23/12/2024
                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.x86.elf
                                            Arguments:-
                                            File size:38716 bytes
                                            MD5 hash:fc32f8a67d1b0590d25d38c2614d72d9