Edit tour

Linux Analysis Report
llklllklld.x86.elf

Overview

General Information

Sample name:	llklllklld.x86.elf
Analysis ID:	1581341
MD5:	cd1f2ab2770e4df72de2961c607f8a65
SHA1:	1828a0f3b6255ca5f429ef6c0aa56567a77b69c1
SHA256:	4a99f6d83b34c4fd3ff38b50d95be19c44aed21f16a18c10abe2df7f67aed1ae
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai, Okiru

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample tries to kill a massive number of system processes

Yara detected Mirai

Yara detected Okiru

Machine Learning detection for sample

Reads system files that contain records of logged in users

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Executes the "rm" command used to delete files or directories

Found strings indicative of a multi-platform dropper

HTTP GET or POST without a user agent

Reads CPU information from /sys indicative of miner or evasive malware

Reads system version information

Reads the 'hosts' file potentially containing internal network hosts

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581341
Start date and time:	2024-12-27 13:02:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	llklllklld.x86.elf
Detection:	MAL
Classification:	mal100.spre.troj.linELF@0/21@5/0

Warnings

Connection to analysis system has been lost, crash info: Unknown
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: tstasktdkksjdssd.o-r.kr

Runtime Messages

Command:	/tmp/llklllklld.x86.elf
PID:	6252
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

dash New Fork (PID: 6222, Parent: 4331)

rm (PID: 6222, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.EWwoj7pzHf /tmp/tmp.duUEaShBXn /tmp/tmp.NWZ3dTrTnG

dash New Fork (PID: 6223, Parent: 4331)

rm (PID: 6223, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.EWwoj7pzHf /tmp/tmp.duUEaShBXn /tmp/tmp.NWZ3dTrTnG

llklllklld.x86.elf (PID: 6252, Parent: 6154, MD5: cd1f2ab2770e4df72de2961c607f8a65) Arguments: /tmp/llklllklld.x86.elf

llklllklld.x86.elf New Fork (PID: 6253, Parent: 6252)

llklllklld.x86.elf New Fork (PID: 6254, Parent: 6252)

llklllklld.x86.elf New Fork (PID: 6255, Parent: 6252)

llklllklld.x86.elf New Fork (PID: 6256, Parent: 6255)

llklllklld.x86.elf New Fork (PID: 6257, Parent: 6255)

systemd New Fork (PID: 6280, Parent: 1)

dbus-daemon (PID: 6280, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6290, Parent: 1)

rsyslogd (PID: 6290, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6291, Parent: 1860)

pulseaudio (PID: 6291, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

gvfsd-fuse New Fork (PID: 6292, Parent: 2038)

fusermount (PID: 6292, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd New Fork (PID: 6304, Parent: 1)

rtkit-daemon (PID: 6304, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon

systemd New Fork (PID: 6307, Parent: 1)

systemd-logind (PID: 6307, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind

systemd New Fork (PID: 6367, Parent: 1)

polkitd (PID: 6367, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug

systemd New Fork (PID: 6371, Parent: 1)

agetty (PID: 6371, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux

gdm3 New Fork (PID: 6372, Parent: 1320)

Default (PID: 6372, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6373, Parent: 1320)

Default (PID: 6373, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6375, Parent: 1320)

Default (PID: 6375, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6378, Parent: 1)

gpu-manager (PID: 6378, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6379, Parent: 6378)

sh (PID: 6379, Parent: 6378, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6380, Parent: 6379)

grep (PID: 6380, Parent: 6379, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6382, Parent: 6378)

sh (PID: 6382, Parent: 6378, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6383, Parent: 6382)

grep (PID: 6383, Parent: 6382, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6384, Parent: 6378)

sh (PID: 6384, Parent: 6378, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6385, Parent: 6384)

grep (PID: 6385, Parent: 6384, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6386, Parent: 6378)

sh (PID: 6386, Parent: 6378, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6388, Parent: 6386)

grep (PID: 6388, Parent: 6386, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6390, Parent: 6378)

sh (PID: 6390, Parent: 6378, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6391, Parent: 6390)

grep (PID: 6391, Parent: 6390, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6392, Parent: 6378)

sh (PID: 6392, Parent: 6378, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6393, Parent: 6392)

grep (PID: 6393, Parent: 6392, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6394, Parent: 6378)

sh (PID: 6394, Parent: 6378, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6395, Parent: 6394)

grep (PID: 6395, Parent: 6394, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6396, Parent: 6378)

sh (PID: 6396, Parent: 6378, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6397, Parent: 6396)

grep (PID: 6397, Parent: 6396, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

systemd New Fork (PID: 6389, Parent: 1860)

dbus-daemon (PID: 6389, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6398, Parent: 1)

generate-config (PID: 6398, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6399, Parent: 6398)

pkill (PID: 6399, Parent: 6398, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6400, Parent: 1)

gdm-wait-for-drm (PID: 6400, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm

systemd New Fork (PID: 6406, Parent: 1)

gdm3 (PID: 6406, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3

gdm3 New Fork (PID: 6410, Parent: 6406)

plymouth (PID: 6410, Parent: 6406, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping

gdm3 New Fork (PID: 6426, Parent: 6406)

gdm-session-worker (PID: 6426, Parent: 6406, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"

gdm-session-worker New Fork (PID: 6432, Parent: 6426)

gdm-wayland-session (PID: 6432, Parent: 6426, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

gdm-wayland-session New Fork (PID: 6434, Parent: 6432)

dbus-daemon (PID: 6434, Parent: 6432, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session

dbus-daemon New Fork (PID: 6436, Parent: 6434)

dbus-daemon New Fork (PID: 6437, Parent: 6436)

false (PID: 6437, Parent: 6436, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

gdm-wayland-session New Fork (PID: 6438, Parent: 6432)

dbus-run-session (PID: 6438, Parent: 6432, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

dbus-run-session New Fork (PID: 6439, Parent: 6438)

dbus-daemon (PID: 6439, Parent: 6438, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session

gdm3 New Fork (PID: 6440, Parent: 6406)

Default (PID: 6440, Parent: 6406, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6441, Parent: 6406)

Default (PID: 6441, Parent: 6406, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6412, Parent: 1)

accounts-daemon (PID: 6412, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon

accounts-daemon New Fork (PID: 6421, Parent: 6412)

language-validate (PID: 6421, Parent: 6412, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8

language-validate New Fork (PID: 6422, Parent: 6421)

language-options (PID: 6422, Parent: 6421, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options

language-options New Fork (PID: 6423, Parent: 6422)

sh (PID: 6423, Parent: 6422, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "

sh New Fork (PID: 6424, Parent: 6423)

locale (PID: 6424, Parent: 6423, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a

sh New Fork (PID: 6425, Parent: 6423)

grep (PID: 6425, Parent: 6423, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
llklllklld.x86.elf	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
llklllklld.x86.elf	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
llklllklld.x86.elf	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x11aa:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
llklllklld.x86.elf	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x7180:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
llklllklld.x86.elf	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x1235:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
llklllklld.x86.elf	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x10db:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
llklllklld.x86.elf	Linux_Trojan_Mirai_99d78950	unknown	unknown	0x1d01:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1de1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1eb6:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x2161:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x25e3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
llklllklld.x86.elf	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0xff3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
llklllklld.x86.elf	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x96e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
llklllklld.x86.elf	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2ff2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
llklllklld.x86.elf	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xccab:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
llklllklld.x86.elf	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb5b0:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
llklllklld.x86.elf	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x96b2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
llklllklld.x86.elf	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xea80:$x1: POST /cdn-cgi/ 0xfdbc:$s1: LCOGQGPTGP
Click to see the 9 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6257.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6257.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x11aa:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x7180:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x1235:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x10db:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0x1d01:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1de1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1eb6:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x2161:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x25e3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0xff3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x96e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2ff2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xccab:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb5b0:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x96b2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6257.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xea80:$x1: POST /cdn-cgi/ 0xfdbc:$s1: LCOGQGPTGP
6252.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6252.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x11aa:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x7180:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x1235:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x10db:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0x1d01:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1de1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1eb6:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x2161:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x25e3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0xff3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x96e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2ff2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xccab:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb5b0:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x96b2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6252.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xea80:$x1: POST /cdn-cgi/ 0xfdbc:$s1: LCOGQGPTGP
6256.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6256.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x11aa:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x7180:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x1235:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x10db:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0x1d01:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1de1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1eb6:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x2161:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x25e3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0xff3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x96e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2ff2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xccab:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb5b0:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x96b2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6256.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xea80:$x1: POST /cdn-cgi/ 0xfdbc:$s1: LCOGQGPTGP
6255.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6255.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x11aa:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x7180:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x1235:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x10db:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0x1d01:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1de1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1eb6:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x2161:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x25e3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0xff3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x96e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2ff2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xccab:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb5b0:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x96b2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6255.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xea80:$x1: POST /cdn-cgi/ 0xfdbc:$s1: LCOGQGPTGP
6253.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6253.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x11aa:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x7180:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x1235:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x10db:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0x1d01:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1de1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1eb6:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x2161:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x25e3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0xff3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x96e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2ff2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xccab:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb5b0:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x96b2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6253.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xea80:$x1: POST /cdn-cgi/ 0xfdbc:$s1: LCOGQGPTGP
6254.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6254.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x11aa:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x7180:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x1235:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x10db:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0x1d01:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1de1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1eb6:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x2161:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x25e3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0xff3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x96e2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x2ff2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xccab:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb5b0:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x96b2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6254.1.0000000008048000.000000000805a000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xea80:$x1: POST /cdn-cgi/ 0xfdbc:$s1: LCOGQGPTGP
Process Memory Space: llklllklld.x86.elf PID: 6252	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6252	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6253	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6253	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6254	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6254	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6255	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6255	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6256	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6256	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6257	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: llklllklld.x86.elf PID: 6257	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Click to see the 91 entries

String: byte/proc//proc/%s/exe/proc/self/exe/proc/proc/%d/cmdlinenetstatwgettftpcurlreboot/bin/busyboxvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/soraJoshohajime902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer0GbA1onry0v03FortniteDownLOLZY0urM0mGaypussyfartlmaojkGrAcEnIgGeRaNnYvdGkqndCOqGeoRBe6BEGuiltyCrownZEuS69s4beBsEQhdHOHO-KSNDOZEuz69sat1234aj93hJ23scanHAalie293z0k2LscanJoshoARMHellInSideayyyGangShitscanJoshoARM5HighFryb1glscanJoshoARM6IWhPyucDbJboatnetzscanJoshoARM7IuYgujeIqnbtbatrtahzexsexscanJoshoM68KJJDUHEWBBBIBscanJoshoMIPSJSDGIEVIVAVIGcKbVkzGOPascanJoshoMPSLccADscanJoshoPPCKAZEN-OIU97chickenxingsscanJoshoSH4yakuskzm8KAZEN-PO78HcleanerscanJoshoSPCKAZEN-U79OLdbeefscanJoshoX86yakuz4c24KETASHI32ddrwelperscanarm5zPnr6HpQj2Kaishi-Iz90Ydeexecscanarm6zdrtfxcgyKatrina32doCP3fVjscanarm7zxcfhuioKsif91je39scanm68kKuasadvrhelperl33t_feetl33tl33tfeetscanmipsKuasaBinsMateeQnOhRk85rscanmpslLOLHHHOHOHBUIeXK20CL12ZnyamezyQBotBladeSPOOKYhikariwasherep4029x91xx32uhj4gbejhwizardzhra.outboatnetcondiheroshimaskid.dbglzrdPownedSecurity69.aresfxlyazsxhyUNSTABLEmoobotjnsd9sdoilayourmomgaeissdfjiougsiojOasisSEGRJIJHFVNHSNHEIHFOSapep999KOWAI-BAdAsVKOWAI-SADjHKipU7Ylairdropmalwareyour_verry_fucking_gayBig-Bro-Brightsefaexecshirololieagle.For-Gai-Mezy0x6axNLcloqkisvspookymythSwergjmioGKILLEJW(IU(JIWERGFJGJWJRGHetrhwewrtheIuFdKssCxzjSDFJIjioOnrYoXd666ewrtkjokethajbdf89wu823AAaasrdgsWsGA4@F6FGhostWuzHere666BOGOMIPSbeastmodedvrHelperbestmodesfc6aJfIuYDemon.xeno-is-godICY-P-0ODIJgSHUIHIfhwrgLhu87VhvQPzlunadakuexecbinTacoBellGodYololigangExecutionorbitclientAmnesiaOwariUnHAnaAWz3hirobbomiorieagledoxxRollielessie.hax.yakuzawordminerminerwordSinixV4hohog0dbu7tuorphicfurasshuhorizonassailantAresKawaiihelperECHOBOTDEMONS

Source: global traffic

TCP traffic: 192.168.2.23:48444 -> 154.213.190.246:9999

Source: global traffic

HTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue

Source: /usr/sbin/rsyslogd (PID: 6290)

Reads hosts file: /etc/hosts

Jump to behavior

Source: /usr/sbin/gdm3 (PID: 6406)	Socket: unknown address family			Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6434)	Socket: unknown address family			Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: tstasktdkksjdssd.o-r.kr
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Source: unknown

Source: syslog.27.dr

String found in binary or memory: https://www.rsyslog.com

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37614
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37614 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth

Sample tries to kill a massive number of system processes

Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 2, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 3, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 4, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 6, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 9, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 10, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 11, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 12, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 13, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 14, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 15, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 16, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 17, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 18, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 20, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 21, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 22, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 23, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 24, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 25, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 26, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 27, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 28, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 29, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 30, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 35, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 77, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 78, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 79, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 80, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 81, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 82, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 83, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 84, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 85, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 88, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 89, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 91, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 92, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 93, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 94, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 95, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 96, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 97, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 98, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 99, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 100, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 101, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 102, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 103, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 104, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 105, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 106, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 107, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 108, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 109, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 110, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 111, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 112, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 113, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 114, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 115, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 116, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 117, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 118, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 119, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 120, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 121, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 122, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 123, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 124, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 125, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 126, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 127, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 128, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 130, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 132, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 141, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 144, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 157, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 201, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 202, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 203, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 204, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 205, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 206, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 208, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 209, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 210, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 211, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 212, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 213, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 214, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 215, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 216, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 217, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 218, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 219, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 220, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 221, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 222, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 223, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 224, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 225, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 226, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 227, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 228, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 229, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 230, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 231, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 232, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 233, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 234, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 235, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 236, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 237, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 243, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 248, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 249, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 250, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 251, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 252, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 253, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 254, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 255, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 256, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 257, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 258, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 259, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 260, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 261, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 262, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 263, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 264, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 265, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 266, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 267, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 269, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 270, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 272, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 274, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 278, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 281, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 286, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 322, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 324, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 326, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 327, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 328, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 333, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 346, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 379, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 419, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 420, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 658, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 667, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 670, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 674, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 675, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 676, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 677, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 720, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 772, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 785, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 793, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent to PID below 1000: pid: 936, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 2, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 3, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 4, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 6, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 9, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 10, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 11, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 12, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 13, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 14, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 15, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 16, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 17, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 18, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 20, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 21, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 22, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 23, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 24, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 25, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 26, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 27, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 28, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 29, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 30, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 35, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 77, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 78, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 79, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 80, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 81, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 82, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 83, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 84, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 85, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 88, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 89, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 91, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 92, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 93, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 94, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 95, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 96, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 97, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 98, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 99, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 100, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 101, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 102, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 103, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 104, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 105, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 106, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 107, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 108, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 109, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 110, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 111, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 112, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 113, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 114, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 115, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 116, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 117, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 118, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 119, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 120, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 121, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 122, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 123, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 124, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 125, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 126, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 127, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 128, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 130, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 132, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 141, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 144, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 157, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 201, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 202, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 203, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 204, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 205, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 206, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 208, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 209, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 210, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 211, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 212, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 213, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 214, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 215, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 216, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 217, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 218, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 219, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 220, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 221, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 222, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 223, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 224, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 225, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 226, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 227, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 228, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 229, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 230, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 231, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 232, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 233, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 234, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 235, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 236, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 237, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 243, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 248, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 249, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 250, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 251, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 252, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 253, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 254, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 255, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 256, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 257, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 258, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 259, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 260, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 261, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 262, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 263, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 264, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 265, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 266, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 267, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 269, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 270, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 272, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 274, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 278, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 281, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 286, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 322, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 324, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 326, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 327, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 328, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 333, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 346, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 379, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 419, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 420, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 658, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 667, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 670, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 674, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 675, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 676, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 677, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 720, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 721, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 772, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 777, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent to PID below 1000: pid: 936, result: successful	Jump to behavior

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 3, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 6, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 9, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 10, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 11, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 12, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 13, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 14, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 15, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 16, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 17, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 18, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 20, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 21, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 22, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 23, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 24, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 25, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 26, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 27, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 28, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 29, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 30, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 35, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 77, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 78, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 79, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 80, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 81, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 82, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 83, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 84, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 85, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 88, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 89, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 91, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 92, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 93, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 94, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 95, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 96, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 97, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 98, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 99, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 100, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 101, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 102, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 103, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 104, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 105, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 106, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 107, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 108, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 109, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 110, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 111, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 112, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 113, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 114, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 115, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 116, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 117, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 118, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 119, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 120, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 121, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 122, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 123, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 124, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 125, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 126, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 127, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 128, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 130, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 132, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 141, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 144, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 157, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 201, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 202, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 203, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 204, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 205, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 206, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 208, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 209, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 210, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 211, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 212, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 213, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 214, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 215, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 216, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 217, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 218, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 219, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 220, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 221, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 222, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 223, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 224, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 225, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 226, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 227, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 228, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 229, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 230, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 231, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 232, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 233, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 234, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 235, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 236, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 237, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 243, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 248, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 249, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 250, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 251, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 252, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 253, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 254, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 255, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 256, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 257, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 258, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 259, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 260, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 261, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 262, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 263, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 264, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 265, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 266, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 267, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 269, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 270, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 272, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 274, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 278, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 281, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 286, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 322, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 324, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 326, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 327, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 328, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 333, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 346, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 379, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 419, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 420, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 667, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 670, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 674, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 675, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 676, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 677, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2746, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2749, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2761, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2882, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 3021, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 3088, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4348, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4444, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4445, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4446, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4447, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4478, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4482, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4486, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 6214, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 6253, result: unknown	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 3, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 6, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 9, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 10, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 11, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 12, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 13, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 14, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 15, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 16, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 17, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 18, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 20, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 21, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 22, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 23, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 24, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 25, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 26, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 27, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 28, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 29, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 30, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 35, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 77, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 78, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 79, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 80, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 81, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 82, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 83, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 84, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 85, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 88, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 89, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 91, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 92, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 93, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 94, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 95, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 96, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 97, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 98, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 99, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 100, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 101, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 102, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 103, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 104, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 105, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 106, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 107, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 108, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 109, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 110, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 111, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 112, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 113, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 114, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 115, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 116, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 117, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 118, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 119, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 120, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 121, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 122, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 123, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 124, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 125, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 126, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 127, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 128, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 130, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 132, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 141, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 144, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 157, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 201, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 202, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 203, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 204, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 205, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 206, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 208, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 209, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 210, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 211, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 212, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 213, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 214, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 215, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 216, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 217, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 218, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 219, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 220, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 221, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 222, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 223, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 224, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 225, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 226, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 227, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 228, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 229, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 230, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 231, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 232, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 233, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 234, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 235, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 236, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 237, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 243, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 248, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 249, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 250, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 251, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 252, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 253, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 254, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 255, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 256, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 257, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 258, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 259, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 260, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 261, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 262, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 263, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 264, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 265, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 266, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 267, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 269, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 270, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 272, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 274, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 278, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 281, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 286, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 322, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 324, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 326, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 327, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 328, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 333, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 346, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 379, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 419, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 420, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 667, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 670, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 674, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 675, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 676, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 677, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2746, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2749, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2761, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2882, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 3021, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 3088, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4348, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4444, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4445, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4446, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4447, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4478, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4482, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4486, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 6255, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 6256, result: unknown	Jump to behavior

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: busyboxxx
Source: Initial sample	String containing 'busybox' found: busyboxx
Source: Initial sample	String containing 'busybox' found: byte/proc//proc/%s/exe/proc/self/exe/proc/proc/%d/cmdlinenetstatwgettftpcurlreboot/bin/busyboxvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/soraJoshohajime902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 3, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 6, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 9, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 10, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 11, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 12, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 13, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 14, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 15, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 16, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 17, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 18, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 20, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 21, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 22, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 23, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 24, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 25, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 26, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 27, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 28, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 29, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 30, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 35, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 77, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 78, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 79, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 80, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 81, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 82, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 83, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 84, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 85, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 88, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 89, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 91, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 92, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 93, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 94, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 95, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 96, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 97, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 98, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 99, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 100, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 101, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 102, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 103, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 104, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 105, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 106, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 107, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 108, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 109, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 110, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 111, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 112, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 113, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 114, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 115, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 116, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 117, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 118, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 119, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 120, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 121, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 122, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 123, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 124, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 125, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 126, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 127, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 128, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 130, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 132, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 141, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 144, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 157, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 201, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 202, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 203, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 204, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 205, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 206, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 208, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 209, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 210, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 211, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 212, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 213, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 214, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 215, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 216, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 217, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 218, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 219, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 220, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 221, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 222, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 223, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 224, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 225, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 226, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 227, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 228, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 229, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 230, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 231, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 232, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 233, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 234, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 235, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 236, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 237, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 243, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 248, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 249, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 250, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 251, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 252, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 253, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 254, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 255, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 256, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 257, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 258, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 259, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 260, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 261, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 262, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 263, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 264, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 265, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 266, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 267, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 269, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 270, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 272, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 274, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 278, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 281, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 286, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 322, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 324, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 326, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 327, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 328, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 333, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 346, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 379, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 419, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 420, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 667, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 670, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 674, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 675, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 676, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 677, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2746, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2749, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2761, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 2882, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 3021, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 3088, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4348, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4444, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4445, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4446, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4447, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4478, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4482, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 4486, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 6214, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	SIGKILL sent: pid: 6253, result: unknown	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 3, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 6, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 9, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 10, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 11, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 12, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 13, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 14, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 15, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 16, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 17, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 18, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 20, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 21, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 22, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 23, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 24, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 25, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 26, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 27, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 28, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 29, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 30, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 35, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 77, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 78, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 79, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 80, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 81, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 82, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 83, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 84, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 85, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 88, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 89, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 91, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 92, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 93, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 94, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 95, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 96, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 97, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 98, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 99, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 100, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 101, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 102, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 103, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 104, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 105, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 106, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 107, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 108, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 109, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 110, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 111, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 112, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 113, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 114, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 115, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 116, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 117, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 118, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 119, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 120, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 121, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 122, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 123, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 124, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 125, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 126, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 127, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 128, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 130, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 132, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 141, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 144, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 157, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 201, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 202, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 203, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 204, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 205, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 206, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 208, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 209, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 210, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 211, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 212, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 213, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 214, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 215, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 216, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 217, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 218, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 219, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 220, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 221, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 222, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 223, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 224, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 225, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 226, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 227, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 228, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 229, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 230, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 231, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 232, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 233, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 234, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 235, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 236, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 237, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 243, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 248, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 249, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 250, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 251, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 252, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 253, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 254, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 255, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 256, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 257, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 258, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 259, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 260, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 261, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 262, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 263, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 264, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 265, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 266, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 267, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 269, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 270, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 272, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 274, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 278, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 281, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 286, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 322, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 324, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 326, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 327, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 328, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 333, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 346, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 379, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 419, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 420, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 667, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 670, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 674, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 675, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 676, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 677, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1207, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2746, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2749, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2761, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 2882, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 3021, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 3088, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4348, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4444, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4445, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4446, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4447, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4478, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4482, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 4486, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 6255, result: successful	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6256)	SIGKILL sent: pid: 6256, result: unknown	Jump to behavior

Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: llklllklld.x86.elf, type: SAMPLE	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b

Source: classification engine

Classification label: mal100.spre.troj.linELF@0/21@5/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 6280)	File: /proc/6280/mounts	Jump to behavior
Source: /bin/fusermount (PID: 6292)	File: /proc/6292/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6389)	File: /proc/6389/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6434)	File: /proc/6434/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6439)	File: /proc/6439/mounts	Jump to behavior

Source: /lib/systemd/systemd-logind (PID: 6307)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	File: /run/systemd/seats/.#seat07XEAH5	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	File: /run/systemd/users/.#127wRrLt7	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	File: /run/systemd/users/.#127TCwId8	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	File: /run/systemd/seats/.#seat07lT166	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	File: /run/systemd/users/.#127KuYBa6	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	File: /run/systemd/users/.#1271JKQY6	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	File: /run/systemd/users/.#127sFqsy7	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6307)	File: /run/systemd/users/.#127U8knD7	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6367)	Directory: /root/.cache	Jump to behavior
Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6432)	Directory: /var/lib/gdm3/.cache	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6412)	Directory: /var/lib/gdm3/.pam_environment	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6412)	Directory: /root/.cache	Jump to behavior

Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1582/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/3088/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/230/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/232/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1579/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1335/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1334/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1576/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/2302/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/236/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/237/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/910/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/912/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/2307/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/918/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1594/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1349/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1344/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1465/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1586/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/248/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/249/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1463/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/801/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/20/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/21/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/23/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/24/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/25/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/6253/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/26/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/27/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/28/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/29/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/491/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/250/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/130/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/251/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/252/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/132/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/253/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/254/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/255/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/256/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1599/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/257/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1477/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/379/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/258/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1476/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/259/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1475/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/30/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/2208/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/35/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1809/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/1494/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/260/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/261/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/141/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/262/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/263/cmdline	Jump to behavior
Source: /tmp/llklllklld.x86.elf (PID: 6253)	File opened: /proc/264/cmdline	Jump to behavior

Source: /usr/bin/gpu-manager (PID: 6379)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6382)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6384)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6386)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6390)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6392)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6394)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6396)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 6423)	Shell command executed: sh -c "locale -a \| grep -F .utf8 "	Jump to behavior

Source: /bin/sh (PID: 6380)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6383)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6385)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6388)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6391)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6393)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6395)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6397)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6425)	Grep executable: /usr/bin/grep -> grep -F .utf8	Jump to behavior

Source: /usr/share/gdm/generate-config (PID: 6399)

Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Jump to behavior

Source: /usr/bin/dash (PID: 6222)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.EWwoj7pzHf /tmp/tmp.duUEaShBXn /tmp/tmp.NWZ3dTrTnG			Jump to behavior
Source: /usr/bin/dash (PID: 6223)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.EWwoj7pzHf /tmp/tmp.duUEaShBXn /tmp/tmp.NWZ3dTrTnG			Jump to behavior

Source: /sbin/agetty (PID: 6371)

Reads version info: /etc/issue

Jump to behavior

Source: /usr/sbin/gdm3 (PID: 6406)	File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)	Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6406)	File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6412)	File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6412)	File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)	Jump to behavior

Source: /usr/sbin/rsyslogd (PID: 6290)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6290)	Log file created: /var/log/kern.log	Jump to dropped file
Source: /usr/bin/gpu-manager (PID: 6378)	Log file created: /var/log/gpu-manager.log	Jump to dropped file

Source: /usr/bin/gpu-manager (PID: 6378)

Truncated file: /var/log/gpu-manager.log

Jump to behavior

Source: /usr/bin/pulseaudio (PID: 6291)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6399)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior

Source: /usr/sbin/rsyslogd (PID: 6290)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6291)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6371)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6378)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6426)	Queries kernel information via 'uname':	Jump to behavior

Source: kern.log.27.dr	Binary or memory string: Dec 27 06:02:53 galassia kernel: [ 416.862354] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
Source: syslog.27.dr	Binary or memory string: Dec 27 06:02:52 galassia /usr/lib/gdm3/gdm-x-session[1890]: (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: syslog.27.dr	Binary or memory string: Dec 27 06:02:52 galassia /usr/lib/gdm3/gdm-x-session[1890]: (II) event3 - VirtualPS/2 VMware VMMouse: device removed
Source: syslog.27.dr	Binary or memory string: Dec 27 06:02:52 galassia /usr/lib/gdm3/gdm-x-session[1890]: (II) vmware(0): Terminating Xv video-stream id:0
Source: kern.log.27.dr	Binary or memory string: Dec 27 06:02:53 galassia kernel: [ 416.862328] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase

Language, Device and Operating System Detection

Reads system files that contain records of logged in users

Source: /usr/lib/accountsservice/accounts-daemon (PID: 6412)

Logged in records file read: /var/log/wtmp

Jump to behavior

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: llklllklld.x86.elf, type: SAMPLE
Source: Yara match	File source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6253, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6254, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6255, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6257, type: MEMORYSTR

Yara detected Okiru

Source: Yara match	File source: llklllklld.x86.elf, type: SAMPLE
Source: Yara match	File source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6253, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6254, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6255, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6257, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: llklllklld.x86.elf, type: SAMPLE
Source: Yara match	File source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6253, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6254, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6255, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6257, type: MEMORYSTR

Yara detected Okiru

Source: Yara match	File source: llklllklld.x86.elf, type: SAMPLE
Source: Yara match	File source: 6257.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6252.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6256.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6255.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6253.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6254.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6253, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6254, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6255, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: llklllklld.x86.elf PID: 6257, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	Windows Management Instrumentation	2 Scripting	Path Interception	1 File and Directory Permissions Modification	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	2 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 System Owner/User Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Hidden Files and Directories	Security Account Manager	11 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Indicator Removal	NTDS	2 System Information Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
llklllklld.x86.elf	66%	Virustotal		Browse
llklllklld.x86.elf	74%	ReversingLabs	Linux.Trojan.Mirai
llklllklld.x86.elf	100%	Avira	EXP/ELF.Mirai.M
llklllklld.x86.elf	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
tstasktdkksjdssd.o-r.kr	154.213.190.246	true	false		unknown
daisy.ubuntu.com	162.213.35.25	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.rsyslog.com	syslog.27.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
154.213.190.246	tstasktdkksjdssd.o-r.kr	Seychelles	22769	DDOSING-BGP-NETWORKUS	false
162.213.35.24	unknown	United States	41231	CANONICAL-ASGB	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.213.35.24	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse
	Aqua.i686.elf	Get hash	malicious	Unknown	Browse
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse
	njvwa4.elf	Get hash	malicious	Mirai	Browse
	qkehusl.elf	Get hash	malicious	Mirai	Browse
	wheiuwa4.elf	Get hash	malicious	Mirai	Browse
	iwir64.elf	Get hash	malicious	Mirai	Browse
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse
	Aqua.ppc.elf	Get hash	malicious	Mirai	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	.i.elf	Get hash	malicious	Unknown	Browse
	sh4.elf	Get hash	malicious	Mirai	Browse
	Space.spc.elf	Get hash	malicious	Mirai	Browse
	Space.arm5.elf	Get hash	malicious	Unknown	Browse
	Space.mpsl.elf	Get hash	malicious	Unknown	Browse
	Space.m68k.elf	Get hash	malicious	Mirai	Browse
	Space.mips.elf	Get hash	malicious	Unknown	Browse
	sh4.nn.elf	Get hash	malicious	Okiru	Browse
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse
91.189.91.42	.i.elf	Get hash	malicious	Unknown	Browse
	sh4.elf	Get hash	malicious	Mirai	Browse
	Space.spc.elf	Get hash	malicious	Mirai	Browse
	Space.arm5.elf	Get hash	malicious	Unknown	Browse
	Space.mpsl.elf	Get hash	malicious	Unknown	Browse
	Space.m68k.elf	Get hash	malicious	Mirai	Browse
	Space.mips.elf	Get hash	malicious	Unknown	Browse
	sh4.nn.elf	Get hash	malicious	Okiru	Browse
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	RpcSecurity.arm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	x86_64.nn.elf	Get hash	malicious	Okiru	Browse	162.213.35.24
	arm6.nn.elf	Get hash	malicious	Okiru	Browse	162.213.35.25
	arm5.nn.elf	Get hash	malicious	Okiru	Browse	162.213.35.24
	x86_32.nn.elf	Get hash	malicious	Okiru	Browse	162.213.35.25
	m68k.nn.elf	Get hash	malicious	Okiru	Browse	162.213.35.24
	db0fa4b8db0333367e9bda3ab68b8042.arc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	RpcSecurity.x86.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	.i.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	RpcSecurity.arm7.elf	Get hash	malicious	Mirai	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DDOSING-BGP-NETWORKUS	87.120.127.227-arm-2024-12-25T12_37_29.elf	Get hash	malicious	Unknown	Browse	154.213.187.125
	jackmymips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
	jackmyi686.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
	jackmyarmv5.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
	jackmypowerpc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
	jackmysparc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
	jackmyarmv6.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
	jackmymips64.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
	jackmymipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
	jackmyi586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.213.186.115
CANONICAL-ASGB	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	ppc.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	Space.spc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Space.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Space.mpsl.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Space.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Space.mips.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm6.nn.elf	Get hash	malicious	Okiru	Browse	185.125.190.26
	sh4.nn.elf	Get hash	malicious	Okiru	Browse	91.189.91.42
CANONICAL-ASGB	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	ppc.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	Space.spc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Space.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Space.mpsl.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Space.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Space.mips.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm6.nn.elf	Get hash	malicious	Okiru	Browse	185.125.190.26
	sh4.nn.elf	Get hash	malicious	Okiru	Browse	91.189.91.42
INIT7CH	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	sh4.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	Space.spc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	Space.arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Space.mpsl.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Space.m68k.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	Space.mips.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	sh4.nn.elf	Get hash	malicious	Okiru	Browse	109.202.202.202
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse	109.202.202.202
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse	109.202.202.202

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.9219280948873623
Encrypted:	false
SSDEEP:	3:5bkPn:pkP
MD5:	FF001A15CE15CF062A3704CEA2991B5F
SHA1:	B06F6855F376C3245B82212AC73ADED55DFE5DEF
SHA-256:	C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
SHA-512:	65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	auto_null.

Source: llklllklld.x86.elf	Virustotal: Detection: 65%			Perma Link
Source: llklllklld.x86.elf	ReversingLabs: Detection: 73%

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

Process:	/usr/sbin/gdm3
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:z:z
MD5:	1E46AAD31C48AA19358BF6ED971A11DE
SHA1:	501A2DB1A6604E467EE5B1BF8152355E683CD5F1
SHA-256:	CEA58BF40567DAD536BD18577B1A5495187F40280EF42A5439A38B24F5C64643
SHA-512:	C7378A2C11F781B5A732F5BAFED6384BB6B1676DF47AF0268E5406F4264F820BA196C3F6ABBB24DBCE4D91B89F6EAE43BBEB17E94E906182CF5F5F3276559BD0
Malicious:	false
Reputation:	low
Preview:	6406.

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	95
Entropy (8bit):	4.921230646592726
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
MD5:	BE58CCABC942125F5E27AF6EB1BA2F88
SHA1:	07C20F55E36EE48869B223B8FC4DBC227C7353AC
SHA-256:	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
SHA-512:	E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.

Process:	/sbin/agetty
File Type:	data
Category:	dropped
Size (bytes):	384
Entropy (8bit):	0.6722951801018082
Encrypted:	false
SSDEEP:	3:ICsXlXEWtl/ElGgl/:If+ylEp/
MD5:	3A78304969D30C3EEC1BB16151547D63
SHA1:	03F8F0EEDE59053C1DB1B1F324004B23695AC493
SHA-256:	7880DE95EE41919219A2A9483B6AF26AFCF948BD411BEF1FDE5B73B82DFC0E95
SHA-512:	E25A7F815260DE7CF1BBC732C388EA1DC82DC03216A7ED36431956849DB85E18D5D41D6BBF043A8382E4A8B2AB54C4BEB642DCAE512781535F035EBA19DD059F
Malicious:	false
Preview:	........tty2.tty2.......................tty2LOGIN...................................................................................................................................................................................................................................................................................................n.ng.)......................................

Process:	/usr/lib/accountsservice/accounts-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.66214589518167
Encrypted:	false
SSDEEP:	3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
MD5:	542BA3FB41206AE43928AF1C5E61FEBC
SHA1:	F56F574DAF50D609526B36B5B54FDD59EA4D6A26
SHA-256:	730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
SHA-512:	D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
Malicious:	false
Preview:	[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	25
Entropy (8bit):	2.7550849518197795
Encrypted:	false
SSDEEP:	3:JoT/V9fDVbn:M/V3n
MD5:	078760523943E160756979906B85FB5E
SHA1:	0962643266F4C5537F7D125046F28F21D6DD0C89
SHA-256:	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
SHA-512:	DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
Malicious:	false
Preview:	15ad:0405;0000:00:0f:0;1.

Process:	/usr/sbin/rsyslogd
File Type:	ASCII text
Category:	dropped
Size (bytes):	2107
Entropy (8bit):	4.893905679652051
Encrypted:	false
SSDEEP:	24:UsQsfR6Z4BQ6ZeaQ0GQcdcAcodfPAv4PA2+Vmjj7gnqycqcN0pYroc1JroTQBrCn:PTf/vFfVUPwYrdrcirCn
MD5:	C4BA2899A881DA0DCDF5E694A8BC4E29
SHA1:	542DDAE452FD3A1BEF642BBBA1CA433FDF228AFD
SHA-256:	9250B0CD5B466539464057DDFA8FE8521A55D7A4C8E9E08FD824DCA40399C2A1
SHA-512:	2BD1ADE885DEAD4A94FF717B908FE7219026C8DDBCCB0F1762E6355DBB671711EA699F412725DA9799DF0D16E5931CF58CC18E55FF0C4FA82F66FCE472B2B874
Malicious:	false
Preview:	Dec 27 06:02:52 galassia gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session closed for user gdm.Dec 27 06:02:52 galassia gdm-password]: pam_unix(gdm-password:session): session closed for user saturnino.Dec 27 06:02:54 galassia systemd-logind[6307]: Failed to add user by file name 127, ignoring: Invalid argument.Dec 27 06:02:54 galassia systemd-logind[6307]: Failed to add user by file name 1000, ignoring: Invalid argument.Dec 27 06:02:54 galassia systemd-logind[6307]: User enumeration failed: Invalid argument.Dec 27 06:02:54 galassia systemd-logind[6307]: User of session c2 not known..Dec 27 06:02:54 galassia systemd-logind[6307]: User of session 2 not known..Dec 27 06:02:54 galassia systemd-logind[6307]: User of session c1 not known..Dec 27 06:02:54 galassia systemd-logind[6307]: Session enumeration failed: No such file or directory.Dec 27 06:02:54 galassia systemd-logind[6307]: Watching system buttons on /dev/input/event0 (Power Button).Dec 27 06:02:54 galassia

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.60957530166731
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	llklllklld.x86.elf
File size:	75'088 bytes
MD5:	cd1f2ab2770e4df72de2961c607f8a65
SHA1:	1828a0f3b6255ca5f429ef6c0aa56567a77b69c1
SHA256:	4a99f6d83b34c4fd3ff38b50d95be19c44aed21f16a18c10abe2df7f67aed1ae
SHA512:	99993b6b79b2d4d30737b1710fb9ff53abf37ca58554638338ff697578742e5bff70500481aa6581b12f53c0af1b17b1557bbc39ed1619975c5a94f5105ecc94
SSDEEP:	1536:6SYXBbpKbF+5AQZKOtRDXVFx3bj0+OdzPYKoui0QOo/Y0TBB:SbobF+5QOth3dbj1O5P+uPXoptB
TLSH:	BB737CC9A693E8F6EC120A751173FB325B77E17F2029CA83C7985D72D906A02E51239C
File Content Preview:	.ELF....................d...4....#......4. ...(..........................................................3..........Q.td............................U..S........'...h........[]...$.............U......=.....t..5...................u........t....h............

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	74688
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0xe9a6	0x0	0x6	AX	16
.fini	PROGBITS	0x8056a56	0xea56	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x8056a80	0xea80	0x2d1c	0x0	0x2	A	32
.ctors	PROGBITS	0x805a7a0	0x117a0	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x805a7a8	0x117a8	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x805a7c0	0x117c0	0xbc0	0x0	0x3	WA	32
.bss	NOBITS	0x805b380	0x12380	0x2800	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x12380	0x3e	0x0	0x0		1

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x1179c	0x1179c	6.6285	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0x117a0	0x805a7a0	0x805a7a0	0xbe0	0x33e0	4.9502	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 13:02:51.984128952 CET	48444	9999	192.168.2.23	154.213.190.246
Dec 27, 2024 13:02:52.104079962 CET	9999	48444	154.213.190.246	192.168.2.23
Dec 27, 2024 13:02:52.104139090 CET	48444	9999	192.168.2.23	154.213.190.246
Dec 27, 2024 13:02:52.104175091 CET	48444	9999	192.168.2.23	154.213.190.246
Dec 27, 2024 13:02:52.147449017 CET	43928	443	192.168.2.23	91.189.91.42
Dec 27, 2024 13:02:52.223740101 CET	9999	48444	154.213.190.246	192.168.2.23
Dec 27, 2024 13:02:52.223783970 CET	48444	9999	192.168.2.23	154.213.190.246
Dec 27, 2024 13:02:52.344952106 CET	9999	48444	154.213.190.246	192.168.2.23
Dec 27, 2024 13:02:53.393796921 CET	9999	48444	154.213.190.246	192.168.2.23
Dec 27, 2024 13:02:53.393858910 CET	48444	9999	192.168.2.23	154.213.190.246
Dec 27, 2024 13:02:53.393858910 CET	48444	9999	192.168.2.23	154.213.190.246
Dec 27, 2024 13:02:55.334693909 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:55.334742069 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:55.334830999 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:57.707197905 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:57.707223892 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:57.778666019 CET	42836	443	192.168.2.23	91.189.91.43
Dec 27, 2024 13:02:58.546551943 CET	42516	80	192.168.2.23	109.202.202.202
Dec 27, 2024 13:02:58.946918964 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:58.947331905 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:58.947331905 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:58.947343111 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:58.948081017 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:58.948081017 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:58.948091030 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:58.948096037 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:58.948147058 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:58.948239088 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:58.948244095 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:58.948297024 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494040966 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:59.494106054 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494193077 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494193077 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494220972 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:59.494286060 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494298935 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:59.494308949 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494357109 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:59.494359016 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494359016 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494369984 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:59.494374037 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494416952 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494416952 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494416952 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494427919 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494446993 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:59.494529009 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494544029 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:59.494559050 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494566917 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:02:59.494594097 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:02:59.494600058 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:03:00.448288918 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:03:00.448369026 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:03:00.448483944 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:03:00.449635029 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:03:00.449635029 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:03:00.449651003 CET	443	37614	162.213.35.24	192.168.2.23
Dec 27, 2024 13:03:00.449671030 CET	37614	443	192.168.2.23	162.213.35.24
Dec 27, 2024 13:03:13.648595095 CET	43928	443	192.168.2.23	91.189.91.42
Dec 27, 2024 13:03:23.887101889 CET	42836	443	192.168.2.23	91.189.91.43
Dec 27, 2024 13:03:27.982594967 CET	42516	80	192.168.2.23	109.202.202.202
Dec 27, 2024 13:03:54.602745056 CET	43928	443	192.168.2.23	91.189.91.42

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 13:02:51.849807024 CET	36531	53	192.168.2.23	8.8.8.8
Dec 27, 2024 13:02:51.984034061 CET	53	36531	8.8.8.8	192.168.2.23
Dec 27, 2024 13:02:53.393923044 CET	58404	53	192.168.2.23	8.8.8.8
Dec 27, 2024 13:02:54.354865074 CET	53	58404	8.8.8.8	192.168.2.23
Dec 27, 2024 13:02:54.544069052 CET	59256	53	192.168.2.23	1.1.1.1
Dec 27, 2024 13:02:54.544105053 CET	45263	53	192.168.2.23	1.1.1.1
Dec 27, 2024 13:02:54.766096115 CET	53	59256	1.1.1.1	192.168.2.23
Dec 27, 2024 13:02:54.767436028 CET	53	45263	1.1.1.1	192.168.2.23
Dec 27, 2024 13:02:55.190807104 CET	50147	53	192.168.2.23	1.1.1.1
Dec 27, 2024 13:02:55.327851057 CET	53	50147	1.1.1.1	192.168.2.23

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 27, 2024 13:02:54.354943991 CET	192.168.2.23	8.8.8.8	d01e	(Port unreachable)	Destination Unreachable
Dec 27, 2024 13:03:01.540115118 CET	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable
Dec 27, 2024 13:04:21.551335096 CET	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-12-27 12:02:58 UTC	307	OUT	POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1 Host: daisy.ubuntu.com Accept: / Content-Type: application/octet-stream X-Whoopsie-Version: 0.2.69ubuntu0.3 Content-Length: 164887 Expect: 100-continue
2024-12-27 12:02:59 UTC	25	IN	HTTP/1.1 100 Continue
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61 Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20 Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67 Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37 Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73 Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
2024-12-27 12:02:59 UTC	16384	OUT	Data Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: () Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: () Option "_source" "server/udev"Aug 17 20:25
2024-12-27 12:03:00 UTC	279	IN	HTTP/1.1 400 Bad Request Date: Fri, 27 Dec 2024 12:03:00 GMT Server: gunicorn/19.7.1 X-Daisy-Revision-Number: 979 X-Oops-Repository-Version: 0.0.0 Strict-Transport-Security: max-age=2592000 Connection: close Transfer-Encoding: chunked 17 Crash already reported. 0

Start time (UTC):	12:02:48
Start date (UTC):	27/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	12:02:51
Start date (UTC):	27/12/2024
Path:	/tmp/llklllklld.x86.elf
Arguments:	/tmp/llklllklld.x86.elf
File size:	75088 bytes
MD5 hash:	cd1f2ab2770e4df72de2961c607f8a65

Start time (UTC):	12:02:52
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	12:02:53
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report llklllklld.x86.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

/proc/6437/oom_score_adj

/run/gdm3.pid

/run/systemd/seats/.#seat07XEAH5

/run/systemd/seats/.#seat07lT166

/run/systemd/users/.#1271JKQY6

/run/systemd/users/.#127KuYBa6

/run/systemd/users/.#127TCwId8

/run/systemd/users/.#127U8knD7

/run/systemd/users/.#127sFqsy7

/run/systemd/users/.#127wRrLt7

/run/user/1000/pulse/pid

/run/utmp

/var/lib/AccountsService/users/gdm.0V4XY2

/var/lib/ubuntu-drivers-common/last_gfx_boot

/var/log/auth.log

/var/log/gpu-manager.log

/var/log/kern.log

/var/log/syslog

/var/log/wtmp

Static File Info

General

Static ELF Info

ELF header

Sections

Linux Analysis Report
llklllklld.x86.elf

Start time (UTC):	12:02:54
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	12:02:55
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	12:02:56
Start date (UTC):	27/12/2024
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	12:02:57
Start date (UTC):	27/12/2024
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	12:02:58
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	12:02:59
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	12:03:09
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	12:03:10
Start date (UTC):	27/12/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	12:03:11
Start date (UTC):	27/12/2024
Path:	/usr/lib/gdm3/gdm-session-worker
Arguments:	-
File size:	293360 bytes
MD5 hash:	692243754bd9f38fe9bd7e230b5c060a

Start time (UTC):	12:03:12
Start date (UTC):	27/12/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f