Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.m68k.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.m68k.elf
Analysis ID:1579586
MD5:f7dd7631f27db5d890e5b72f0f1ee787
SHA1:c75675fa482da583e772d6a963a86b0e3a5cdfb8
SHA256:936b7a39d5a244b4914bb0c5d4781a548b7d2202c6e595de5eec62421fc877e8
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1579586
Start date and time:2024-12-23 03:26:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 43s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.m68k.elf
Detection:MAL
Classification:mal72.troj.linELF@0/0@0/0
Command:/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
PID:6218
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
ub8ehJSePAfc9FYqZIT6.m68k.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    ub8ehJSePAfc9FYqZIT6.m68k.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x151af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x151c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x151d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x151eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x151ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1523b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1524f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1528b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1529f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x152b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x152c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x152db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x152ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1532b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1533f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    SourceRuleDescriptionAuthorStrings
    6220.1.00007ff33c001000.00007ff33c019000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6220.1.00007ff33c001000.00007ff33c019000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x151af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x151c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x151d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x151eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x151ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1523b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1524f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1528b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1529f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x152b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x152c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x152db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x152ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1532b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1533f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6222.1.00007ff33c001000.00007ff33c019000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        6222.1.00007ff33c001000.00007ff33c019000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x151af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x151c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x151d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x151eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x151ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x15213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x15227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1523b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1524f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x15263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x15277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1528b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1529f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x152b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x152c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x152db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x152ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x15303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x15317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1532b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1533f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        6218.1.00007ff33c001000.00007ff33c019000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          Click to see the 10 entries
          No Suricata rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elfAvira: detected
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elfReversingLabs: Detection: 65%
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elfVirustotal: Detection: 61%Perma Link
          Source: global trafficTCP traffic: 192.168.2.23:45326 -> 195.26.252.19:3778
          Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
          Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
          Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownTCP traffic detected without corresponding DNS query: 195.26.252.19
          Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

          System Summary

          barindex
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6220.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6222.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6218.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6229.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6218, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6220, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6222, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6229, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Initial sampleString containing 'busybox' found: /bin/busybox
          Source: Initial sampleString containing 'busybox' found: /proc/net/tcp.x86.x86_64.arm.arm5.arm6.arm7.mips.mipsel.sh4.ppc/proc/proc/%d/exe/proc/%s/statusName:%s/bin/busybox/bin/systemd/usr/bintest/tmp/condi/tmp/zxcr9999/tmp/condinetwork/var/condibot/var/zxcr9999/var/CondiBot/var/condinet/bin/watchdog195.26.252.19
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6220.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6222.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6218.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6229.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6218, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6220, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6222, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6229, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: classification engineClassification label: mal72.troj.linELF@0/0@0/0
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1582/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/3088/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/230/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/110/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/231/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/111/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/232/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1579/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/112/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/233/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1699/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/113/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/234/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1335/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1698/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/114/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/235/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1334/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1576/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/2302/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/115/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/236/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/116/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/237/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/117/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/118/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/910/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/119/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/6226/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/912/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/10/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/2307/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/11/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/918/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/12/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/13/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/14/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/15/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/16/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/17/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/18/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1594/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/120/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/121/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1349/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/122/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/243/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/123/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/2/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/124/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/3/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/4/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/125/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/126/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1344/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1465/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1586/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/127/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/6/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/248/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/128/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/249/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1463/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/800/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/9/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/801/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/20/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/21/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1900/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/22/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/23/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/24/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/25/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/26/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/27/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/28/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/29/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/491/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/250/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/130/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/251/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/252/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/132/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/253/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/254/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/255/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/256/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1599/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/257/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1477/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/379/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/258/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1476/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/259/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1475/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/4501/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/936/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/30/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/2208/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/35/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1809/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/1494/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/260/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)File opened: /proc/261/statusJump to behavior
          Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 6218)Queries kernel information via 'uname': Jump to behavior
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, 6218.1.00005571fe38f000.00005571fe417000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6220.1.00005571fe38f000.00005571fe3f3000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6222.1.00005571fe38f000.00005571fe3f3000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6229.1.00005571fe38f000.00005571fe417000.rw-.sdmpBinary or memory string: qU!/etc/qemu-binfmt/m68k
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, 6218.1.00007fffeca6f000.00007fffeca90000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6220.1.00007fffeca6f000.00007fffeca90000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6222.1.00007fffeca6f000.00007fffeca90000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6229.1.00007fffeca6f000.00007fffeca90000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, 6218.1.00005571fe38f000.00005571fe417000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6220.1.00005571fe38f000.00005571fe3f3000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6222.1.00005571fe38f000.00005571fe3f3000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6229.1.00005571fe38f000.00005571fe417000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
          Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, 6218.1.00007fffeca6f000.00007fffeca90000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6220.1.00007fffeca6f000.00007fffeca90000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6222.1.00007fffeca6f000.00007fffeca90000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 6229.1.00007fffeca6f000.00007fffeca90000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: ub8ehJSePAfc9FYqZIT6.m68k.elf, type: SAMPLE
          Source: Yara matchFile source: 6220.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6222.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6218.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6229.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6218, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6220, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6222, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: ub8ehJSePAfc9FYqZIT6.m68k.elf, type: SAMPLE
          Source: Yara matchFile source: 6220.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6222.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6218.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6229.1.00007ff33c001000.00007ff33c019000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6218, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6220, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 6222, type: MEMORYSTR
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
          OS Credential Dumping
          11
          Security Software Discovery
          Remote ServicesData from Local System1
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
          Non-Standard Port
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          No configs have been found
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          SourceDetectionScannerLabelLink
          ub8ehJSePAfc9FYqZIT6.m68k.elf66%ReversingLabsLinux.Trojan.Mirai
          ub8ehJSePAfc9FYqZIT6.m68k.elf62%VirustotalBrowse
          ub8ehJSePAfc9FYqZIT6.m68k.elf100%AviraLINUX/Mirai.bonb
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          No contacted domains info
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          109.202.202.202
          unknownSwitzerland
          13030INIT7CHfalse
          195.26.252.19
          unknownUnited Kingdom
          8897KCOM-SPNService-ProviderNetworkex-MistralGBfalse
          91.189.91.43
          unknownUnited Kingdom
          41231CANONICAL-ASGBfalse
          91.189.91.42
          unknownUnited Kingdom
          41231CANONICAL-ASGBfalse
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
          • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
          195.26.252.19ub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
            ub8ehJSePAfc9FYqZIT6.mips.elfGet hashmaliciousUnknownBrowse
              ub8ehJSePAfc9FYqZIT6.arm6.elfGet hashmaliciousUnknownBrowse
                ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
                  ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                    91.189.91.43ub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                      Mozi.m.elfGet hashmaliciousUnknownBrowse
                        ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                          bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                            bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                              bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                  bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                    bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                      loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                        91.189.91.42ub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                                          Mozi.m.elfGet hashmaliciousUnknownBrowse
                                            ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                                              bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                                  bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                    loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                      bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                        bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                          loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                                            No context
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            CANONICAL-ASGBub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                                                            • 91.189.91.42
                                                            Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                            • 91.189.91.42
                                                            ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                                                            • 91.189.91.42
                                                            bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                            • 91.189.91.42
                                                            bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 91.189.91.42
                                                            bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 91.189.91.42
                                                            loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                            • 91.189.91.42
                                                            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 91.189.91.42
                                                            bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                            • 91.189.91.42
                                                            loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                                            • 91.189.91.42
                                                            CANONICAL-ASGBub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                                                            • 91.189.91.42
                                                            Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                            • 91.189.91.42
                                                            ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                                                            • 91.189.91.42
                                                            bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                            • 91.189.91.42
                                                            bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 91.189.91.42
                                                            bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 91.189.91.42
                                                            loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                            • 91.189.91.42
                                                            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 91.189.91.42
                                                            bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                            • 91.189.91.42
                                                            loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                                            • 91.189.91.42
                                                            INIT7CHub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                                                            • 109.202.202.202
                                                            Mozi.m.elfGet hashmaliciousUnknownBrowse
                                                            • 109.202.202.202
                                                            ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                                                            • 109.202.202.202
                                                            bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                            • 109.202.202.202
                                                            bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 109.202.202.202
                                                            bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 109.202.202.202
                                                            loligang.m68k.elfGet hashmaliciousMiraiBrowse
                                                            • 109.202.202.202
                                                            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 109.202.202.202
                                                            bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                            • 109.202.202.202
                                                            loligang.arm5.elfGet hashmaliciousMiraiBrowse
                                                            • 109.202.202.202
                                                            KCOM-SPNService-ProviderNetworkex-MistralGBub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                                                            • 195.26.252.19
                                                            ub8ehJSePAfc9FYqZIT6.mips.elfGet hashmaliciousUnknownBrowse
                                                            • 195.26.252.19
                                                            ub8ehJSePAfc9FYqZIT6.arm6.elfGet hashmaliciousUnknownBrowse
                                                            • 195.26.252.19
                                                            ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
                                                            • 195.26.252.19
                                                            ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                                                            • 195.26.252.19
                                                            la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                            • 213.254.174.221
                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 193.108.169.23
                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 217.154.178.248
                                                            ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 159.15.89.185
                                                            IGz.mpsl.elfGet hashmaliciousMiraiBrowse
                                                            • 158.179.218.195
                                                            No context
                                                            No context
                                                            No created / dropped files found
                                                            File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                                                            Entropy (8bit):6.2760814819209925
                                                            TrID:
                                                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                            File name:ub8ehJSePAfc9FYqZIT6.m68k.elf
                                                            File size:97'552 bytes
                                                            MD5:f7dd7631f27db5d890e5b72f0f1ee787
                                                            SHA1:c75675fa482da583e772d6a963a86b0e3a5cdfb8
                                                            SHA256:936b7a39d5a244b4914bb0c5d4781a548b7d2202c6e595de5eec62421fc877e8
                                                            SHA512:7ded4d1c3a67f94e39b0a2f2a3a7d7a3c5290d9eac40070604f06aaaed135496bab4678d21ddb1aef4cbd7341be59d2022d9931476f20a122eba00872e5d461f
                                                            SSDEEP:1536:ry9srCNMjSqaNElmnwzX8/EqXabQeuacWjcW0JcWcBl4rZpipI4WlV/N4zfVZoly:ryqrzjSq+OXqqbQeuacWjcW0JcWcBSrC
                                                            TLSH:D79329C7F811ED7EF80BD67748A34D0E7571F2A00A930A227767BA67EC760A5141BD82
                                                            File Content Preview:.ELF.......................D...4..{......4. ...(......................x...x....... .......x............x..*....... .dt.Q............................NV..a....da...P N^NuNV..J9...@f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........@N^NuNV..N^NuN

                                                            ELF header

                                                            Class:ELF32
                                                            Data:2's complement, big endian
                                                            Version:1 (current)
                                                            Machine:MC68000
                                                            Version Number:0x1
                                                            Type:EXEC (Executable file)
                                                            OS/ABI:UNIX - System V
                                                            ABI Version:0
                                                            Entry Point Address:0x80000144
                                                            Flags:0x0
                                                            ELF Header Size:52
                                                            Program Header Offset:52
                                                            Program Header Size:32
                                                            Number of Program Headers:3
                                                            Section Header Offset:97152
                                                            Section Header Size:40
                                                            Number of Section Headers:10
                                                            Header String Table Index:9
                                                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                            NULL0x00x00x00x00x0000
                                                            .initPROGBITS0x800000940x940x140x00x6AX002
                                                            .textPROGBITS0x800000a80xa80x1504a0x00x6AX004
                                                            .finiPROGBITS0x800150f20x150f20xe0x00x6AX002
                                                            .rodataPROGBITS0x800151000x151000x27c10x00x2A002
                                                            .ctorsPROGBITS0x800198c80x178c80x80x00x3WA004
                                                            .dtorsPROGBITS0x800198d00x178d00x80x00x3WA004
                                                            .dataPROGBITS0x800198dc0x178dc0x2640x00x3WA004
                                                            .bssNOBITS0x80019b400x17b400x28180x00x3WA004
                                                            .shstrtabSTRTAB0x00x17b400x3e0x00x0001
                                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                            LOAD0x00x800000000x800000000x178c10x178c16.29160x5R E0x2000.init .text .fini .rodata
                                                            LOAD0x178c80x800198c80x800198c80x2780x2a903.65170x6RW 0x2000.ctors .dtors .data .bss
                                                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 23, 2024 03:26:51.244654894 CET453263778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:51.364449024 CET377845326195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:51.364562988 CET453263778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:51.378035069 CET453263778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:51.388819933 CET43928443192.168.2.2391.189.91.42
                                                            Dec 23, 2024 03:26:51.497591972 CET377845326195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:51.497673035 CET453263778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:51.617249012 CET377845326195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:52.507339954 CET377845326195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:52.507574081 CET453263778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:52.507636070 CET453263778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:52.508507013 CET453283778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:52.627962112 CET377845328195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:52.628989935 CET453283778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:52.633044958 CET453283778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:52.752583981 CET377845328195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:52.752686977 CET453283778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:52.872199059 CET377845328195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:53.766757011 CET377845328195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:53.766896009 CET453283778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:53.766933918 CET453283778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:53.767458916 CET453303778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:53.886981010 CET377845330195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:53.887100935 CET453303778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:53.888000011 CET453303778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:54.007564068 CET377845330195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:54.007658005 CET453303778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:54.127399921 CET377845330195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:55.030997992 CET377845330195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:55.031253099 CET453303778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:55.031299114 CET453303778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:55.031929016 CET453323778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:55.151391029 CET377845332195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:55.151578903 CET453323778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:55.152540922 CET453323778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:55.272073030 CET377845332195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:55.272291899 CET453323778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:55.391827106 CET377845332195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:56.293168068 CET377845332195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:56.293477058 CET453323778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:56.293477058 CET453323778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:56.294023037 CET453343778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:56.413561106 CET377845334195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:56.413770914 CET453343778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:56.414588928 CET453343778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:56.534121037 CET377845334195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:56.534270048 CET453343778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:56.653851986 CET377845334195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:56.764117956 CET42836443192.168.2.2391.189.91.43
                                                            Dec 23, 2024 03:26:57.006992102 CET453363778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.126514912 CET377845336195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:57.126564980 CET453363778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.137033939 CET453363778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.256654978 CET377845336195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:57.256720066 CET453363778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.376326084 CET377845336195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:57.555912018 CET377845334195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:57.556060076 CET453343778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.556107998 CET453343778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.556658983 CET453383778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.677232027 CET377845338195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:57.677526951 CET453383778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.678699970 CET453383778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.798171043 CET377845338195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:57.798378944 CET453383778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:57.919393063 CET377845338195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:58.264399052 CET377845336195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:58.264667034 CET453363778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.264797926 CET453363778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.265482903 CET453403778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.299869061 CET4251680192.168.2.23109.202.202.202
                                                            Dec 23, 2024 03:26:58.385835886 CET377845340195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:58.386089087 CET453403778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.387458086 CET453403778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.506983042 CET377845340195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:58.507168055 CET453403778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.626744032 CET377845340195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:58.815665960 CET377845338195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:58.816037893 CET453383778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.816037893 CET453383778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.816601038 CET453423778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.936172009 CET377845342195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:58.936408997 CET453423778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:58.937506914 CET453423778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:59.057101965 CET377845342195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:59.057250977 CET453423778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:59.176986933 CET377845342195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:59.523189068 CET377845340195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:59.523458958 CET453403778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:59.523488045 CET453403778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:59.524108887 CET453443778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:59.643589973 CET377845344195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:59.643738985 CET453443778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:59.644726038 CET453443778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:59.764276028 CET377845344195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:26:59.764409065 CET453443778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:26:59.884139061 CET377845344195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:00.074886084 CET377845342195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:00.074992895 CET453423778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.074992895 CET453423778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.075392008 CET453463778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.195108891 CET377845346195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:00.195334911 CET453463778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.196544886 CET453463778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.316085100 CET377845346195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:00.316170931 CET453463778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.435640097 CET377845346195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:00.789264917 CET377845344195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:00.789463043 CET453443778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.789592981 CET453443778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.790179014 CET453483778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.909701109 CET377845348195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:00.909898996 CET453483778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:00.910788059 CET453483778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:01.030213118 CET377845348195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:01.030433893 CET453483778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:01.149944067 CET377845348195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:01.331712961 CET377845346195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:01.331949949 CET453463778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:01.332027912 CET453463778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:01.332801104 CET453503778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:01.452296019 CET377845350195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:01.452564001 CET453503778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:01.453785896 CET453503778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:01.573321104 CET377845350195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:01.573645115 CET453503778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:01.693231106 CET377845350195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:02.049200058 CET377845348195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:02.049379110 CET453483778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:02.049413919 CET453483778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:02.050132036 CET453523778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:02.169840097 CET377845352195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:02.170020103 CET453523778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:02.171154022 CET453523778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:02.290602922 CET377845352195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:02.290842056 CET453523778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:02.410362959 CET377845352195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:03.307585001 CET377845352195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:03.307686090 CET453523778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:03.307758093 CET453523778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:03.308357000 CET453543778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:03.427871943 CET377845354195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:03.427939892 CET453543778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:03.428939104 CET453543778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:03.548389912 CET377845354195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:03.548470020 CET453543778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:03.668112993 CET377845354195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:04.568110943 CET377845354195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:04.568392038 CET453543778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:04.568392038 CET453543778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:04.568934917 CET453563778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:04.688353062 CET377845356195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:04.688580036 CET453563778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:05.595058918 CET453563778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:05.714648962 CET377845356195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:05.714893103 CET453563778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:05.716676950 CET453563778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:05.836277962 CET377845356195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:05.836429119 CET453563778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:05.956000090 CET377845356195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:06.853527069 CET377845356195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:06.853888035 CET453563778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:06.853888035 CET453563778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:06.854744911 CET453583778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:06.974370003 CET377845358195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:06.974504948 CET453583778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:06.976113081 CET453583778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:07.095581055 CET377845358195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:07.095851898 CET453583778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:07.215461969 CET377845358195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:08.114152908 CET377845358195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:08.114599943 CET453583778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:08.114696026 CET453583778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:08.115689039 CET453603778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:08.235230923 CET377845360195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:08.235541105 CET453603778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:08.237370968 CET453603778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:08.356874943 CET377845360195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:08.357067108 CET453603778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:08.477679968 CET377845360195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:09.373722076 CET377845360195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:09.374191999 CET453603778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:09.374192953 CET453603778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:09.375253916 CET453623778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:09.494787931 CET377845362195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:09.495115995 CET453623778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:09.496539116 CET453623778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:09.616195917 CET377845362195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:09.616534948 CET453623778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:09.736031055 CET377845362195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:10.633248091 CET377845362195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:10.633404016 CET453623778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:10.633585930 CET453623778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:10.634377003 CET453643778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:10.753855944 CET377845364195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:10.754226923 CET453643778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:10.755556107 CET453643778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:10.875149012 CET377845364195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:10.875400066 CET453643778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:10.995306015 CET377845364195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:11.462857962 CET453503778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:11.582452059 CET377845350195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:11.802927017 CET377845350195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:11.803086996 CET453503778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:11.866091013 CET43928443192.168.2.2391.189.91.42
                                                            Dec 23, 2024 03:27:11.892107010 CET377845364195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:11.892433882 CET453643778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:11.892433882 CET453643778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:11.893241882 CET453663778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:12.012681007 CET377845366195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:12.013063908 CET453663778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:12.014545918 CET453663778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:12.134233952 CET377845366195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:12.134660959 CET453663778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:12.254132032 CET377845366195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:13.155504942 CET377845366195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:13.155822039 CET453663778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:13.155924082 CET453663778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:13.156802893 CET453683778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:13.276359081 CET377845368195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:13.276508093 CET453683778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:13.278021097 CET453683778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:13.397972107 CET377845368195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:13.398241043 CET453683778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:13.517780066 CET377845368195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:14.427308083 CET377845368195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:14.427622080 CET453683778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:14.427697897 CET453683778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:14.428504944 CET453703778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:14.548115969 CET377845370195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:14.548547983 CET453703778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:14.550045013 CET453703778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:14.669583082 CET377845370195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:14.669867039 CET453703778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:14.789549112 CET377845370195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:15.686273098 CET377845370195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:15.686636925 CET453703778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:15.686856031 CET453703778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:15.688019037 CET453723778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:15.807594061 CET377845372195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:15.807862997 CET453723778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:15.809516907 CET453723778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:15.929061890 CET377845372195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:15.929382086 CET453723778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:16.049123049 CET377845372195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:16.949012041 CET377845372195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:16.949398041 CET453723778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:16.949398041 CET453723778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:16.950150013 CET453743778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:17.069638014 CET377845374195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:17.069907904 CET453743778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:17.071502924 CET453743778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:17.190927029 CET377845374195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:17.191167116 CET453743778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:17.310759068 CET377845374195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:18.212843895 CET377845374195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:18.213146925 CET453743778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:18.213224888 CET453743778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:18.214174986 CET453763778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:18.333631039 CET377845376195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:18.333729982 CET453763778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:18.335335970 CET453763778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:18.454813004 CET377845376195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:18.454907894 CET453763778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:18.574475050 CET377845376195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:19.471343040 CET377845376195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:19.471518993 CET453763778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:19.471715927 CET453763778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:19.472908974 CET453783778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:19.592376947 CET377845378195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:19.592489958 CET453783778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:19.594269991 CET453783778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:19.713680983 CET377845378195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:19.713762045 CET453783778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:19.833225965 CET377845378195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:24.152491093 CET42836443192.168.2.2391.189.91.43
                                                            Dec 23, 2024 03:27:28.247912884 CET4251680192.168.2.23109.202.202.202
                                                            Dec 23, 2024 03:27:29.593789101 CET453783778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:29.713397026 CET377845378195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:29.934297085 CET377845378195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:27:29.934422016 CET453783778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:27:52.820693970 CET43928443192.168.2.2391.189.91.42
                                                            Dec 23, 2024 03:28:11.856192112 CET453503778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:28:11.976300955 CET377845350195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:28:12.196619987 CET377845350195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:28:12.197017908 CET453503778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:28:29.981745005 CET453783778192.168.2.23195.26.252.19
                                                            Dec 23, 2024 03:28:30.101768970 CET377845378195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:28:30.322630882 CET377845378195.26.252.19192.168.2.23
                                                            Dec 23, 2024 03:28:30.322727919 CET453783778192.168.2.23195.26.252.19

                                                            System Behavior

                                                            Start time (UTC):02:26:50
                                                            Start date (UTC):23/12/2024
                                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
                                                            Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):02:26:50
                                                            Start date (UTC):23/12/2024
                                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):02:26:50
                                                            Start date (UTC):23/12/2024
                                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):02:26:50
                                                            Start date (UTC):23/12/2024
                                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):02:26:56
                                                            Start date (UTC):23/12/2024
                                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):02:26:56
                                                            Start date (UTC):23/12/2024
                                                            Path:/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc