Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.mips.elf

Overview

General Information

Sample name:	ub8ehJSePAfc9FYqZIT6.mips.elf
Analysis ID:	1581068
MD5:	64fa0599b70a18403044c5ead883bb4a
SHA1:	a36e9a7e4989cacce45ab21473fc96f450d1585a
SHA256:	036a4c6d7e77446c407820f59b351b834aa4cb0c7d3075aed5830474bc355f90
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Sample contains only a LOAD segment without any section mappings

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581068
Start date and time:	2024-12-26 22:06:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ub8ehJSePAfc9FYqZIT6.mips.elf
Detection:	MAL
Classification:	mal60.evad.linELF@0/0@0/0

Warnings

VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.mips.elf

Runtime Messages

Command:	/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
PID:	5445
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445, Parent: 5367, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf

ub8ehJSePAfc9FYqZIT6.mips.elf New Fork (PID: 5448, Parent: 5445)

ub8ehJSePAfc9FYqZIT6.mips.elf New Fork (PID: 5450, Parent: 5448)

ub8ehJSePAfc9FYqZIT6.mips.elf New Fork (PID: 5452, Parent: 5448)

ub8ehJSePAfc9FYqZIT6.mips.elf New Fork (PID: 5456, Parent: 5445)

ub8ehJSePAfc9FYqZIT6.mips.elf New Fork (PID: 5458, Parent: 5445)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
5448.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5445.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5456.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5450.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x28f4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28f9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x28fec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2903c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x29078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2908c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x290dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5445	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x3da6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3dba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3dce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3de2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3df6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3e0a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3e1e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3e32:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3e46:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3e5a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3e6e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3e82:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3e96:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3eaa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3ebe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3ed2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3ee6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3efa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3f0e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3f22:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3f36:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5448	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x300b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x301f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3033:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3047:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x305b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x306f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3083:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3097:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x30ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x30bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x30d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x30e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x30fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x310f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3123:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3137:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x314b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x315f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3173:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3187:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x319b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5450	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x768a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x769e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7702:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7716:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x772a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x773e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7752:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7766:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x777a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x778e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7806:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x781a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5456	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x19b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a03:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a17:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a67:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a7b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a8f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aa3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ab7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1acb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1adf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1af3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b07:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b1b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b2f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b43:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: ub8ehJSePAfc9FYqZIT6.mips.elf

ReversingLabs: Detection: 36%

Source: global traffic

TCP traffic: 192.168.2.13:33606 -> 92.118.56.167:3778

Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167

Source: ub8ehJSePAfc9FYqZIT6.mips.elf

String found in binary or memory: http://upx.sf.net

System Summary

Malicious sample detected (through community Yara rule)

Source: 5448.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5445.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5456.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5450.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5445, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5448, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5450, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5456, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0x100000

Source: 5448.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5445.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5456.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5450.1.00007ff2c8400000.00007ff2c842c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5445, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5448, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5450, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5456, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal60.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/5389/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/238/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/239/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/914/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/3634/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/917/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/19/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/240/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/3095/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/241/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/242/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/244/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/245/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/1588/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/246/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/5/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/247/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/7/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/129/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/8/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/1906/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/802/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/803/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/5286/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/3420/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/1482/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/490/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/1480/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/371/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/131/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/1238/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/134/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/378/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/3413/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/936/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)	File opened: /proc/30/status	Jump to behavior

Source: ub8ehJSePAfc9FYqZIT6.mips.elf

Submission file: segment LOAD with 7.9457 entropy (max. 8.0)

Source: /tmp/ub8ehJSePAfc9FYqZIT6.mips.elf (PID: 5445)

Queries kernel information via 'uname':

Jump to behavior

Source: ub8ehJSePAfc9FYqZIT6.mips.elf, 5445.1.00007ffd26faa000.00007ffd26fcb000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5448.1.00007ffd26faa000.00007ffd26fcb000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5450.1.00007ffd26faa000.00007ffd26fcb000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5456.1.00007ffd26faa000.00007ffd26fcb000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/ub8ehJSePAfc9FYqZIT6.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, 5445.1.0000559cb564d000.0000559cb56f5000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5448.1.0000559cb564d000.0000559cb56f5000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5450.1.0000559cb564d000.0000559cb56f5000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5456.1.0000559cb564d000.0000559cb56f5000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, 5445.1.0000559cb564d000.0000559cb56f5000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5448.1.0000559cb564d000.0000559cb56f5000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5450.1.0000559cb564d000.0000559cb56f5000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5456.1.0000559cb564d000.0000559cb56f5000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: ub8ehJSePAfc9FYqZIT6.mips.elf, 5445.1.00007ffd26faa000.00007ffd26fcb000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5448.1.00007ffd26faa000.00007ffd26fcb000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5450.1.00007ffd26faa000.00007ffd26fcb000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mips.elf, 5456.1.00007ffd26faa000.00007ffd26fcb000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ub8ehJSePAfc9FYqZIT6.mips.elf	37%	ReversingLabs	Linux.Trojan.Gafgyt

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	ub8ehJSePAfc9FYqZIT6.mips.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
92.118.56.167	unknown	Germany		9009	M247GB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
92.118.56.167	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.m68k.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.i686.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.m68k.elf	Get hash	malicious	Mirai	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.i686.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	http://au.kirmalk.com/watch.php?vid=7750fd3c8	Get hash	malicious	Unknown	Browse	38.132.109.126
	nklppc.elf	Get hash	malicious	Unknown	Browse	193.160.72.174
	https://en.newsnowbangla.com/archives/69912	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse	45.10.162.162
	arm.elf	Get hash	malicious	Unknown	Browse	92.249.48.36
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	38.204.189.65

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.943500284939222
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	ub8ehJSePAfc9FYqZIT6.mips.elf
File size:	44'148 bytes
MD5:	64fa0599b70a18403044c5ead883bb4a
SHA1:	a36e9a7e4989cacce45ab21473fc96f450d1585a
SHA256:	036a4c6d7e77446c407820f59b351b834aa4cb0c7d3075aed5830474bc355f90
SHA512:	5b8738b611cf774d494dec0703e19c5fc54a246eb27e08c6f7a1a1be72aeccd5ee8bdb6916c0676a3bc6625954a91a6f02441ecc2903d7d5a5db072d2f323b85
SSDEEP:	768:57ph1LjFGpx652lJXasyEk6JGbr6MWiNIx8FwEEosJgGlzDpbuR1JXK:5zA65yk6JGbrbNwQ6okVJug
TLSH:	F113E16D550488EEE4858C7547E80B507F320BB0F463D843E50DB497EAAA9F93E235AD
File Content Preview:	.ELF...........................4.........4. ...(.......................D...D.................C...C......................UPX!.h.....................V.......?.E.h4...@b..) ..]....E..`..........@4#.Y..~.9....b...Q".\|.H.%Q.z....6u.."....cLw.........b.........

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x109800
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	2
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x100000	0x100000	0xab44	0xab44	7.9457	0x5	R E	0x10000
LOAD	0xcffc	0x43cffc	0x43cffc	0x0	0x0	0.0000	0x6	RW	0x10000

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 22:07:11.626250029 CET	33606	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:11.745815992 CET	3778	33606	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:11.745887995 CET	33606	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:11.781708956 CET	33606	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:11.901293039 CET	3778	33606	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:11.901340008 CET	33606	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:12.020904064 CET	3778	33606	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:12.980007887 CET	3778	33606	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:12.980618000 CET	33606	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:12.980618000 CET	33606	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:12.981193066 CET	33608	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:13.100682020 CET	3778	33608	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:13.100764990 CET	33608	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:13.102355957 CET	33608	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:13.221831083 CET	3778	33608	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:13.221920967 CET	33608	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:13.341774940 CET	3778	33608	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:14.329773903 CET	3778	33608	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:14.329988003 CET	33608	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:14.330045938 CET	33608	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:14.330595016 CET	33610	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:14.450041056 CET	3778	33610	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:14.450193882 CET	33610	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:14.451030970 CET	33610	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:14.570504904 CET	3778	33610	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:14.570662022 CET	33610	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:14.690130949 CET	3778	33610	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:16.172131062 CET	3778	33610	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:16.172316074 CET	33610	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:16.172346115 CET	33610	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:16.172395945 CET	3778	33610	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:16.172422886 CET	3778	33610	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:16.172466040 CET	33610	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:16.172466040 CET	33610	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:16.172925949 CET	33612	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:16.292340994 CET	3778	33612	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:16.292417049 CET	33612	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.204334021 CET	33612	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.323895931 CET	3778	33612	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:17.323997974 CET	33612	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.325158119 CET	33612	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.382666111 CET	33614	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.444967031 CET	3778	33612	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:17.445013046 CET	33612	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.502259970 CET	3778	33614	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:17.502334118 CET	33614	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.521253109 CET	33614	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.564548969 CET	3778	33612	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:17.640769005 CET	3778	33614	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:17.640842915 CET	33614	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:17.760312080 CET	3778	33614	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:18.572926998 CET	3778	33612	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:18.573271036 CET	33612	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.573364019 CET	33612	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.574027061 CET	33616	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.693532944 CET	3778	33616	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:18.693707943 CET	33616	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.694762945 CET	33616	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.732407093 CET	3778	33614	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:18.732476950 CET	33614	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.732893944 CET	33614	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.733444929 CET	33618	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.814357042 CET	3778	33616	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:18.814414978 CET	33616	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.853091002 CET	3778	33618	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:18.853275061 CET	33618	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.854424953 CET	33618	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:18.934029102 CET	3778	33616	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:18.973912954 CET	3778	33618	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:18.974193096 CET	33618	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:19.093755960 CET	3778	33618	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:19.923718929 CET	3778	33616	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:19.923831940 CET	33616	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:19.923885107 CET	33616	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:19.924439907 CET	33620	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.043986082 CET	3778	33620	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:20.044147015 CET	33620	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.045166016 CET	33620	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.082882881 CET	3778	33618	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:20.082966089 CET	33618	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.083003044 CET	33618	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.083420992 CET	33622	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.164679050 CET	3778	33620	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:20.164860964 CET	33620	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.202826023 CET	3778	33622	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:20.202958107 CET	33622	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.204015017 CET	33622	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.284569025 CET	3778	33620	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:20.323548079 CET	3778	33622	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:20.323685884 CET	33622	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:20.443428993 CET	3778	33622	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:21.274275064 CET	3778	33620	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:21.274502993 CET	33620	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.274560928 CET	33620	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.275204897 CET	33624	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.394768953 CET	3778	33624	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:21.395066023 CET	33624	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.429158926 CET	3778	33622	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:21.429409027 CET	33622	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.429578066 CET	33622	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.430248022 CET	33626	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.549877882 CET	3778	33626	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:21.550010920 CET	33626	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.551075935 CET	33626	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.671416998 CET	3778	33626	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:21.671488047 CET	33626	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:21.791075945 CET	3778	33626	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:22.292311907 CET	33624	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:22.411967993 CET	3778	33624	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:22.412164927 CET	33624	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:22.413178921 CET	33624	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:22.532871008 CET	3778	33624	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:22.533057928 CET	33624	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:22.652710915 CET	3778	33624	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:22.785238028 CET	3778	33626	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:22.785365105 CET	33626	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:22.785444975 CET	33626	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:22.786058903 CET	33628	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:22.905936003 CET	3778	33628	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:22.906069040 CET	33628	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:22.907027960 CET	33628	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:23.026742935 CET	3778	33628	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:23.026840925 CET	33628	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:23.146655083 CET	3778	33628	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:23.641881943 CET	3778	33624	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:23.642014027 CET	33624	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:23.642081976 CET	33624	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:23.642621040 CET	33630	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:23.762377024 CET	3778	33630	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:23.762469053 CET	33630	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:23.763195992 CET	33630	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:23.882673025 CET	3778	33630	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:23.883018017 CET	33630	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.002652884 CET	3778	33630	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:24.139302015 CET	3778	33628	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:24.139457941 CET	33628	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.139477015 CET	33628	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.140129089 CET	33632	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.259742022 CET	3778	33632	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:24.259890079 CET	33632	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.261166096 CET	33632	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.380909920 CET	3778	33632	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:24.381047964 CET	33632	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.500858068 CET	3778	33632	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:24.991729975 CET	3778	33630	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:24.992158890 CET	33630	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.992223978 CET	33630	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:24.992976904 CET	33634	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.112658024 CET	3778	33634	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:25.112834930 CET	33634	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.114003897 CET	33634	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.233601093 CET	3778	33634	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:25.233748913 CET	33634	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.354409933 CET	3778	33634	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:25.490247011 CET	3778	33632	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:25.490657091 CET	33632	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.490657091 CET	33632	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.491275072 CET	33636	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.611049891 CET	3778	33636	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:25.611232042 CET	33636	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.612413883 CET	33636	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.732014894 CET	3778	33636	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:25.732247114 CET	33636	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:25.851999998 CET	3778	33636	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:26.472670078 CET	3778	33634	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:26.472882986 CET	33634	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:26.473006010 CET	33634	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:26.473737001 CET	33638	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:26.593373060 CET	3778	33638	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:26.593488932 CET	33638	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:26.594810009 CET	33638	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:26.714560032 CET	3778	33638	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:26.714776993 CET	33638	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:26.834438086 CET	3778	33638	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:35.622874022 CET	33636	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:35.742816925 CET	3778	33636	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:35.981456041 CET	3778	33636	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:35.981574059 CET	33636	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:36.596518040 CET	33638	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:07:36.716145992 CET	3778	33638	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:36.956094027 CET	3778	33638	92.118.56.167	192.168.2.13
Dec 26, 2024 22:07:36.956367970 CET	33638	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:08:36.025927067 CET	33636	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:08:36.147207975 CET	3778	33636	92.118.56.167	192.168.2.13
Dec 26, 2024 22:08:36.388101101 CET	3778	33636	92.118.56.167	192.168.2.13
Dec 26, 2024 22:08:36.388420105 CET	33636	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:08:37.011234045 CET	33638	3778	192.168.2.13	92.118.56.167
Dec 26, 2024 22:08:37.131055117 CET	3778	33638	92.118.56.167	192.168.2.13
Dec 26, 2024 22:08:37.370872021 CET	3778	33638	92.118.56.167	192.168.2.13
Dec 26, 2024 22:08:37.371157885 CET	33638	3778	192.168.2.13	92.118.56.167

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5445, Parent PID: 5367

General

Start time (UTC):	21:07:10
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
Arguments:	/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5448, Parent PID: 5445

General

Start time (UTC):	21:07:10
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5450, Parent PID: 5448

General

Start time (UTC):	21:07:10
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5452, Parent PID: 5448

General

Start time (UTC):	21:07:10
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5456, Parent PID: 5445

General

Start time (UTC):	21:07:16
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5458, Parent PID: 5445

General

Start time (UTC):	21:07:16
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ub8ehJSePAfc9FYqZIT6.mips.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5445, Parent PID: 5367

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5448, Parent PID: 5445

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5450, Parent PID: 5448

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5452, Parent PID: 5448

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5456, Parent PID: 5445

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mips.elf PID: 5458, Parent PID: 5445

General

Chronological Activities

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.mips.elf