Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
arm4.elf

Overview

General Information

Sample name:arm4.elf
Analysis ID:1583909
MD5:9166a47ed0ba3a1bf7b10ddc90d43863
SHA1:bfca315919f4fe593eb3b383242a34c3c8fddc9c
SHA256:29d06b4e031c7f67717e1406e936132e62ec6756fbfb3385ff887a327afee967
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1583909
Start date and time:2025-01-03 20:57:10 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 0s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm4.elf
Detection:MAL
Classification:mal52.spre.linELF@0/20@5/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • VT rate limit hit for: arm4.elf

Runtime Messages

Command:/tmp/arm4.elf
PID:6225
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
dear
Standard Error:

Process Tree

  • system is lnxubuntu20
  • arm4.elf (PID: 6225, Parent: 6142, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm4.elf
    • arm4.elf New Fork (PID: 6227, Parent: 6225)
      • arm4.elf New Fork (PID: 6229, Parent: 6227)
      • arm4.elf New Fork (PID: 6232, Parent: 6227)
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: arm4.elfReversingLabs: Detection: 34%
Source: arm4.elfString: /proc/self/exe/. self/proc//bin/bash/bin/sh/bin/dashbashshftpwgettftpncnetcatnmaptcpdumpsocatcurlbusyboxpythonrebootechoinitcroniptablessshdtelnettelnetdtftpdrshdrexecdftpdxinetdpftp/bin/loginL:
Source: global trafficTCP traffic: 192.168.2.23:45982 -> 210.99.58.58:13566
Source: global trafficTCP traffic: 192.168.2.23:40932 -> 210.99.193.50:13566
Source: global trafficTCP traffic: 192.168.2.23:36370 -> 210.99.235.24:13566
Source: global trafficTCP traffic: 192.168.2.23:42360 -> 210.99.248.51:13566
Source: global trafficTCP traffic: 192.168.2.23:46368 -> 210.99.96.5:13566
Source: global trafficTCP traffic: 192.168.2.23:59732 -> 210.99.241.218:13566
Source: global trafficTCP traffic: 192.168.2.23:36198 -> 210.99.143.198:13566
Source: global trafficTCP traffic: 192.168.2.23:58766 -> 210.99.8.41:13566
Source: global trafficTCP traffic: 192.168.2.23:53726 -> 210.99.228.186:13566
Source: global trafficTCP traffic: 192.168.2.23:42540 -> 210.99.103.221:13566
Source: global trafficTCP traffic: 192.168.2.23:38782 -> 210.99.227.224:13566
Source: global trafficTCP traffic: 192.168.2.23:40666 -> 210.99.60.16:13566
Source: global trafficTCP traffic: 192.168.2.23:37490 -> 210.99.183.70:13566
Source: global trafficTCP traffic: 192.168.2.23:41348 -> 210.99.77.99:13566
Source: global trafficTCP traffic: 192.168.2.23:50968 -> 210.99.209.144:13566
Source: global trafficTCP traffic: 192.168.2.23:36200 -> 210.99.154.11:13566
Source: global trafficTCP traffic: 192.168.2.23:54900 -> 210.99.203.91:13566
Source: global trafficTCP traffic: 192.168.2.23:39684 -> 210.99.61.182:13566
Source: global trafficTCP traffic: 192.168.2.23:47346 -> 210.99.115.53:13566
Source: global trafficTCP traffic: 192.168.2.23:41244 -> 210.99.233.211:13566
Source: global trafficTCP traffic: 192.168.2.23:56916 -> 210.99.58.219:13566
Source: global trafficTCP traffic: 192.168.2.23:59012 -> 210.99.173.201:13566
Source: global trafficTCP traffic: 192.168.2.23:56466 -> 210.99.161.182:13566
Source: global trafficTCP traffic: 192.168.2.23:38174 -> 210.99.242.133:13566
Source: global trafficTCP traffic: 192.168.2.23:60190 -> 210.99.112.90:13566
Source: global trafficTCP traffic: 192.168.2.23:55526 -> 210.99.98.83:13566
Source: global trafficTCP traffic: 192.168.2.23:59182 -> 210.99.58.159:13566
Source: global trafficTCP traffic: 192.168.2.23:35164 -> 210.99.99.241:13566
Source: global trafficTCP traffic: 192.168.2.23:45640 -> 210.99.229.176:13566
Source: global trafficTCP traffic: 192.168.2.23:52038 -> 210.99.85.182:13566
Source: global trafficTCP traffic: 192.168.2.23:42598 -> 83.222.191.90:13566
Source: /tmp/arm4.elf (PID: 6225)Socket: 127.0.0.1:8341Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownDNS traffic detected: query: secure-network-rebirthltd.ru replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6232, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6249, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6250, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6251, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6252, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6253, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6254, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6255, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6256, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6257, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6258, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6259, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6260, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6261, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6262, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6263, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6264, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6265, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6300, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6314, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: /proc/self/exe/. self/proc//bin/bash/bin/sh/bin/dashbashshftpwgettftpncnetcatnmaptcpdumpsocatcurlbusyboxpythonrebootechoinitcroniptablessshdtelnettelnetdtftpdrshdrexecdftpdxinetdpftp/bin/loginL:
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6232, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6249, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6250, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6251, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6252, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6253, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6254, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6255, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6256, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6257, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6258, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6259, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6260, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6261, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6262, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6263, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6264, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6265, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6300, result: successfulJump to behavior
Source: /tmp/arm4.elf (PID: 6229)SIGKILL sent: pid: 6314, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/20@5/0
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6252/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6252/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6263/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6263/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6251/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6251/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6262/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6262/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6232/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6232/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6254/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6254/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6265/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6265/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6253/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6253/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6264/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6264/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6256/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6256/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6300/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6300/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6255/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6255/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6258/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6258/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6257/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6257/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6250/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6250/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6261/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6261/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6260/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6260/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6249/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6249/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6259/mapsJump to behavior
Source: /tmp/arm4.elf (PID: 6229)File opened: /proc/6259/cmdlineJump to behavior
Source: /tmp/arm4.elf (PID: 6225)Queries kernel information via 'uname': Jump to behavior
Source: arm4.elf, 6225.1.00007ffc3c13b000.00007ffc3c15c000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm4.elf
Source: arm4.elf, 6225.1.0000557e753ff000.0000557e75574000.rw-.sdmpBinary or memory string: cAu~UPeAu~UPbAu~U!/etc/qemu-binfmt/arm
Source: arm4.elf, 6225.1.0000557e753ff000.0000557e75574000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: arm4.elf, 6225.1.00007ffc3c13b000.00007ffc3c15c000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume Access1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583909 Sample: arm4.elf Startdate: 03/01/2025 Architecture: LINUX Score: 52 17 210.99.103.221, 13566, 42540 NICNETKoreaTelecomKR Korea Republic of 2->17 19 210.99.154.11, 13566, 36200 NICNETKoreaTelecomKR Korea Republic of 2->19 21 33 other IPs or domains 2->21 23 Multi AV Scanner detection for submitted file 2->23 8 arm4.elf 2->8         started        signatures3 process4 process5 10 arm4.elf 8->10         started        process6 12 arm4.elf 10->12         started        15 arm4.elf 10->15         started        signatures7 25 Sample tries to kill multiple processes (SIGKILL) 12->25

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
arm4.elf34%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
unknown
unknownfalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    210.99.161.182
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.58.219
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.143.198
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.8.41
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.193.50
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.58.58
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.85.182
    		unknownKorea Republic of
    		45400NICNETKoreaTelecomKRfalse
    210.99.77.99
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.229.176
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.233.211
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.203.91
    		unknownKorea Republic of
    		9696EDAS-ASOscarEnterpriseKRfalse
    210.99.115.53
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.241.218
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.103.221
    		unknownKorea Republic of
    		45400NICNETKoreaTelecomKRfalse
    91.189.91.43
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    210.99.209.144
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    91.189.91.42
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    210.99.242.133
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.154.11
    		unknownKorea Republic of
    		45400NICNETKoreaTelecomKRfalse
    210.99.228.186
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    83.222.191.90
    		unknownBulgaria
    		43561NET1-ASBGfalse
    210.99.173.201
    		unknownKorea Republic of
    		45400NICNETKoreaTelecomKRfalse
    109.202.202.202
    		unknownSwitzerland
    		13030INIT7CHfalse
    210.99.227.224
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.235.24
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.112.90
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.98.83
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.99.241
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.248.51
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.60.16
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.183.70
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.96.5
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.61.182
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.58.159
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    83.222.191.90m68k.elfGet hashmaliciousUnknownBrowse
      mips.elfGet hashmaliciousUnknownBrowse
        mpsl.elfGet hashmaliciousUnknownBrowse
          mpsl.elfGet hashmaliciousUnknownBrowse
            m68k.elfGet hashmaliciousMiraiBrowse
              ppc.elfGet hashmaliciousMiraiBrowse
                arm4.elfGet hashmaliciousMiraiBrowse
                  spc.elfGet hashmaliciousUnknownBrowse
                    x86.elfGet hashmaliciousMiraiBrowse
                      arm7.elfGet hashmaliciousMiraiBrowse
                        91.189.91.43arm6.elfGet hashmaliciousUnknownBrowse
                          mpsl.elfGet hashmaliciousUnknownBrowse
                            ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
                              ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                                ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                                  UDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
                                    nova2.elfGet hashmaliciousUnknownBrowse
                                      154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                                        g.elfGet hashmaliciousUnknownBrowse
                                          aarch643308.elfGet hashmaliciousUnknownBrowse
                                            91.189.91.42arm6.elfGet hashmaliciousUnknownBrowse
                                              mpsl.elfGet hashmaliciousUnknownBrowse
                                                ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
                                                  ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                                                    ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                                                      ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                                                        UDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
                                                          nova2.elfGet hashmaliciousUnknownBrowse
                                                            154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                                                              g.elfGet hashmaliciousUnknownBrowse

                                                                Domains

                                                                No context

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                KIXS-AS-KRKoreaTelecomKRm68k.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.235.155
                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.93.155
                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.224.65
                                                                armv5l.elfGet hashmaliciousMiraiBrowse
                                                                • 220.92.130.121
                                                                armv7l.elfGet hashmaliciousMiraiBrowse
                                                                • 221.161.77.61
                                                                armv4l.elfGet hashmaliciousMiraiBrowse
                                                                • 218.151.13.97
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 125.158.221.60
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 49.16.166.67
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 222.118.248.15
                                                                DEMONS.arm.elfGet hashmaliciousUnknownBrowse
                                                                • 211.226.202.72
                                                                KIXS-AS-KRKoreaTelecomKRm68k.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.235.155
                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.93.155
                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.224.65
                                                                armv5l.elfGet hashmaliciousMiraiBrowse
                                                                • 220.92.130.121
                                                                armv7l.elfGet hashmaliciousMiraiBrowse
                                                                • 221.161.77.61
                                                                armv4l.elfGet hashmaliciousMiraiBrowse
                                                                • 218.151.13.97
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 125.158.221.60
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 49.16.166.67
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 222.118.248.15
                                                                DEMONS.arm.elfGet hashmaliciousUnknownBrowse
                                                                • 211.226.202.72
                                                                NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRmips.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.58.148
                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.251.181
                                                                loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                • 152.99.11.225
                                                                mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 27.101.40.27
                                                                x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 152.99.241.255
                                                                arm7.nn-20241218-0633.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 203.241.53.42
                                                                rebirth.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 116.67.4.240
                                                                la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                                • 116.67.4.223
                                                                arm7.elfGet hashmaliciousMiraiBrowse
                                                                • 27.101.71.196
                                                                sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 116.67.15.138
                                                                KIXS-AS-KRKoreaTelecomKRm68k.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.235.155
                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.93.155
                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.224.65
                                                                armv5l.elfGet hashmaliciousMiraiBrowse
                                                                • 220.92.130.121
                                                                armv7l.elfGet hashmaliciousMiraiBrowse
                                                                • 221.161.77.61
                                                                armv4l.elfGet hashmaliciousMiraiBrowse
                                                                • 218.151.13.97
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 125.158.221.60
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 49.16.166.67
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 222.118.248.15
                                                                DEMONS.arm.elfGet hashmaliciousUnknownBrowse
                                                                • 211.226.202.72
                                                                KIXS-AS-KRKoreaTelecomKRm68k.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.235.155
                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.93.155
                                                                mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 210.99.224.65
                                                                armv5l.elfGet hashmaliciousMiraiBrowse
                                                                • 220.92.130.121
                                                                armv7l.elfGet hashmaliciousMiraiBrowse
                                                                • 221.161.77.61
                                                                armv4l.elfGet hashmaliciousMiraiBrowse
                                                                • 218.151.13.97
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 125.158.221.60
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 49.16.166.67
                                                                4.elfGet hashmaliciousUnknownBrowse
                                                                • 222.118.248.15
                                                                DEMONS.arm.elfGet hashmaliciousUnknownBrowse
                                                                • 211.226.202.72

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                /tmp/qemu-open.06DZXa (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.2CwqPb (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.35FYub (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.5Rylfe (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.AqXdOd (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.COcgCe (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.Crcbye (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.FlZiue (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.GEW34e (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.JIoHPc (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.Kptwoc (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.UCacCe (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.Wq8Nsd (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.bL8r4b (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.dkyeyb (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.hW8Oze (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.hbqLVa (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.r5DSEd (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.xiRbVe (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                /tmp/qemu-open.xoR7hf (deleted)

                                                                Download File
                                                                Process:/tmp/arm4.elf
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):248
                                                                Entropy (8bit):3.2129694415895975
                                                                Encrypted:false
                                                                SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                                                MD5:A872ABFE593708CDBE6AB514E5AA409D
                                                                SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                                                SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                                                SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                                                Malicious:false
                                                                Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                Static File Info

                                                                General

                                                                File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                                                Entropy (8bit):6.017789825671063
                                                                TrID:
                                                                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                File name:arm4.elf
                                                                File size:51'292 bytes
                                                                MD5:9166a47ed0ba3a1bf7b10ddc90d43863
                                                                SHA1:bfca315919f4fe593eb3b383242a34c3c8fddc9c
                                                                SHA256:29d06b4e031c7f67717e1406e936132e62ec6756fbfb3385ff887a327afee967
                                                                SHA512:488395f06b588f5a85b7228bec8f3545bcc080b1178966965e40a85771b559f5e5e9f32097f0b5153ffbdc9e287a08487541e18054c6c2f7a2b0d8bffbc3dfdf
                                                                SSDEEP:768:aKY/RYD+wooacks/UMN/PwfMxFqbGuEYCgDMdf1bsfrB7TJqXM3Em+wn:72RYNPk6PwfMqb2f1bsfl7N5n
                                                                TLSH:3033F691BC819E16C6E013BFB62F428D372627B8D2DF7213D9226F15378A91F0D67642
                                                                File Content Preview:.ELF...a..........(.........4...........4. ...(.....................8...8...............<...<...<...P...............Q.td..................................-...L."...J...........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                                                Static ELF Info

                                                                ELF header

                                                                Class:ELF32
                                                                Data:2's complement, little endian
                                                                Version:1 (current)
                                                                Machine:ARM
                                                                Version Number:0x1
                                                                Type:EXEC (Executable file)
                                                                OS/ABI:ARM - ABI
                                                                ABI Version:0
                                                                Entry Point Address:0x8190
                                                                Flags:0x202
                                                                ELF Header Size:52
                                                                Program Header Offset:52
                                                                Program Header Size:32
                                                                Number of Program Headers:3
                                                                Section Header Offset:50892
                                                                Section Header Size:40
                                                                Number of Section Headers:10
                                                                Header String Table Index:9

                                                                Sections

                                                                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                NULL0x00x00x00x00x0000
                                                                .initPROGBITS0x80940x940x180x00x6AX004
                                                                .textPROGBITS0x80b00xb00xb9600x00x6AX0016
                                                                .finiPROGBITS0x13a100xba100x140x00x6AX004
                                                                .rodataPROGBITS0x13a240xba240xa140x00x2A004
                                                                .ctorsPROGBITS0x1c43c0xc43c0x80x00x3WA004
                                                                .dtorsPROGBITS0x1c4440xc4440x80x00x3WA004
                                                                .dataPROGBITS0x1c4500xc4500x23c0x00x3WA004
                                                                .bssNOBITS0x1c68c0xc68c0x1780x00x3WA004
                                                                .shstrtabSTRTAB0x00xc68c0x3e0x00x0001

                                                                Program Segments

                                                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                LOAD0x00x80000x80000xc4380xc4386.04550x5R E0x8000.init .text .fini .rodata
                                                                LOAD0xc43c0x1c43c0x1c43c0x2500x3c83.17160x6RW 0x8000.ctors .dtors .data .bss
                                                                GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 3, 2025 20:57:49.858082056 CET4598213566192.168.2.23210.99.58.58
                                                                Jan 3, 2025 20:57:49.862943888 CET1356645982210.99.58.58192.168.2.23
                                                                Jan 3, 2025 20:57:49.863023996 CET4598213566192.168.2.23210.99.58.58
                                                                Jan 3, 2025 20:57:49.896294117 CET4598213566192.168.2.23210.99.58.58
                                                                Jan 3, 2025 20:57:49.901134014 CET1356645982210.99.58.58192.168.2.23
                                                                Jan 3, 2025 20:57:49.901199102 CET4598213566192.168.2.23210.99.58.58
                                                                Jan 3, 2025 20:57:49.910080910 CET4093213566192.168.2.23210.99.193.50
                                                                Jan 3, 2025 20:57:49.914917946 CET1356640932210.99.193.50192.168.2.23
                                                                Jan 3, 2025 20:57:49.914963961 CET4093213566192.168.2.23210.99.193.50
                                                                Jan 3, 2025 20:57:49.918732882 CET4093213566192.168.2.23210.99.193.50
                                                                Jan 3, 2025 20:57:49.919672966 CET3637013566192.168.2.23210.99.235.24
                                                                Jan 3, 2025 20:57:49.923577070 CET1356640932210.99.193.50192.168.2.23
                                                                Jan 3, 2025 20:57:49.923618078 CET4093213566192.168.2.23210.99.193.50
                                                                Jan 3, 2025 20:57:49.923816919 CET4236013566192.168.2.23210.99.248.51
                                                                Jan 3, 2025 20:57:49.924520016 CET1356636370210.99.235.24192.168.2.23
                                                                Jan 3, 2025 20:57:49.924577951 CET3637013566192.168.2.23210.99.235.24
                                                                Jan 3, 2025 20:57:49.926314116 CET4636813566192.168.2.23210.99.96.5
                                                                Jan 3, 2025 20:57:49.927464962 CET5973213566192.168.2.23210.99.241.218
                                                                Jan 3, 2025 20:57:49.928656101 CET1356642360210.99.248.51192.168.2.23
                                                                Jan 3, 2025 20:57:49.928697109 CET4236013566192.168.2.23210.99.248.51
                                                                Jan 3, 2025 20:57:49.931180954 CET1356646368210.99.96.5192.168.2.23
                                                                Jan 3, 2025 20:57:49.931221008 CET4636813566192.168.2.23210.99.96.5
                                                                Jan 3, 2025 20:57:49.932260990 CET1356659732210.99.241.218192.168.2.23
                                                                Jan 3, 2025 20:57:49.932383060 CET5973213566192.168.2.23210.99.241.218
                                                                Jan 3, 2025 20:57:49.935723066 CET3619813566192.168.2.23210.99.143.198
                                                                Jan 3, 2025 20:57:49.940530062 CET1356636198210.99.143.198192.168.2.23
                                                                Jan 3, 2025 20:57:49.940583944 CET3619813566192.168.2.23210.99.143.198
                                                                Jan 3, 2025 20:57:49.943376064 CET3619813566192.168.2.23210.99.143.198
                                                                Jan 3, 2025 20:57:49.945539951 CET5876613566192.168.2.23210.99.8.41
                                                                Jan 3, 2025 20:57:49.946774960 CET5372613566192.168.2.23210.99.228.186
                                                                Jan 3, 2025 20:57:49.948232889 CET1356636198210.99.143.198192.168.2.23
                                                                Jan 3, 2025 20:57:49.948282957 CET3619813566192.168.2.23210.99.143.198
                                                                Jan 3, 2025 20:57:49.950313091 CET1356658766210.99.8.41192.168.2.23
                                                                Jan 3, 2025 20:57:49.950367928 CET5876613566192.168.2.23210.99.8.41
                                                                Jan 3, 2025 20:57:49.951545000 CET1356653726210.99.228.186192.168.2.23
                                                                Jan 3, 2025 20:57:49.951616049 CET5372613566192.168.2.23210.99.228.186
                                                                Jan 3, 2025 20:57:49.960536003 CET4254013566192.168.2.23210.99.103.221
                                                                Jan 3, 2025 20:57:49.962768078 CET3878213566192.168.2.23210.99.227.224
                                                                Jan 3, 2025 20:57:49.964687109 CET4066613566192.168.2.23210.99.60.16
                                                                Jan 3, 2025 20:57:49.965290070 CET1356642540210.99.103.221192.168.2.23
                                                                Jan 3, 2025 20:57:49.965332985 CET4254013566192.168.2.23210.99.103.221
                                                                Jan 3, 2025 20:57:49.966628075 CET3749013566192.168.2.23210.99.183.70
                                                                Jan 3, 2025 20:57:49.967513084 CET1356638782210.99.227.224192.168.2.23
                                                                Jan 3, 2025 20:57:49.967556953 CET3878213566192.168.2.23210.99.227.224
                                                                Jan 3, 2025 20:57:49.968929052 CET4134813566192.168.2.23210.99.77.99
                                                                Jan 3, 2025 20:57:49.969475031 CET1356640666210.99.60.16192.168.2.23
                                                                Jan 3, 2025 20:57:49.969511986 CET4066613566192.168.2.23210.99.60.16
                                                                Jan 3, 2025 20:57:49.971079111 CET5096813566192.168.2.23210.99.209.144
                                                                Jan 3, 2025 20:57:49.971358061 CET1356637490210.99.183.70192.168.2.23
                                                                Jan 3, 2025 20:57:49.971394062 CET3749013566192.168.2.23210.99.183.70
                                                                Jan 3, 2025 20:57:49.973469973 CET3620013566192.168.2.23210.99.154.11
                                                                Jan 3, 2025 20:57:49.973696947 CET1356641348210.99.77.99192.168.2.23
                                                                Jan 3, 2025 20:57:49.973740101 CET4134813566192.168.2.23210.99.77.99
                                                                Jan 3, 2025 20:57:49.975826979 CET1356650968210.99.209.144192.168.2.23
                                                                Jan 3, 2025 20:57:49.975862026 CET5096813566192.168.2.23210.99.209.144
                                                                Jan 3, 2025 20:57:49.975871086 CET5490013566192.168.2.23210.99.203.91
                                                                Jan 3, 2025 20:57:49.978116035 CET3968413566192.168.2.23210.99.61.182
                                                                Jan 3, 2025 20:57:49.978215933 CET1356636200210.99.154.11192.168.2.23
                                                                Jan 3, 2025 20:57:49.978252888 CET3620013566192.168.2.23210.99.154.11
                                                                Jan 3, 2025 20:57:49.980299950 CET4734613566192.168.2.23210.99.115.53
                                                                Jan 3, 2025 20:57:49.980618954 CET1356654900210.99.203.91192.168.2.23
                                                                Jan 3, 2025 20:57:49.980655909 CET5490013566192.168.2.23210.99.203.91
                                                                Jan 3, 2025 20:57:49.982744932 CET4124413566192.168.2.23210.99.233.211
                                                                Jan 3, 2025 20:57:49.982837915 CET1356639684210.99.61.182192.168.2.23
                                                                Jan 3, 2025 20:57:49.982873917 CET3968413566192.168.2.23210.99.61.182
                                                                Jan 3, 2025 20:57:49.985101938 CET1356647346210.99.115.53192.168.2.23
                                                                Jan 3, 2025 20:57:49.985140085 CET4734613566192.168.2.23210.99.115.53
                                                                Jan 3, 2025 20:57:49.985363007 CET5691613566192.168.2.23210.99.58.219
                                                                Jan 3, 2025 20:57:49.987492085 CET1356641244210.99.233.211192.168.2.23
                                                                Jan 3, 2025 20:57:49.987533092 CET4124413566192.168.2.23210.99.233.211
                                                                Jan 3, 2025 20:57:49.988034010 CET5901213566192.168.2.23210.99.173.201
                                                                Jan 3, 2025 20:57:49.990178108 CET1356656916210.99.58.219192.168.2.23
                                                                Jan 3, 2025 20:57:49.990221024 CET5691613566192.168.2.23210.99.58.219
                                                                Jan 3, 2025 20:57:49.990941048 CET5646613566192.168.2.23210.99.161.182
                                                                Jan 3, 2025 20:57:49.992602110 CET3817413566192.168.2.23210.99.242.133
                                                                Jan 3, 2025 20:57:49.992798090 CET1356659012210.99.173.201192.168.2.23
                                                                Jan 3, 2025 20:57:49.992846012 CET5901213566192.168.2.23210.99.173.201
                                                                Jan 3, 2025 20:57:49.994415045 CET6019013566192.168.2.23210.99.112.90
                                                                Jan 3, 2025 20:57:49.995677948 CET5552613566192.168.2.23210.99.98.83
                                                                Jan 3, 2025 20:57:49.995687008 CET1356656466210.99.161.182192.168.2.23
                                                                Jan 3, 2025 20:57:49.995728016 CET5646613566192.168.2.23210.99.161.182
                                                                Jan 3, 2025 20:57:49.996947050 CET5918213566192.168.2.23210.99.58.159
                                                                Jan 3, 2025 20:57:49.997488976 CET1356638174210.99.242.133192.168.2.23
                                                                Jan 3, 2025 20:57:49.997531891 CET3817413566192.168.2.23210.99.242.133
                                                                Jan 3, 2025 20:57:49.998219967 CET3516413566192.168.2.23210.99.99.241
                                                                Jan 3, 2025 20:57:49.998987913 CET4564013566192.168.2.23210.99.229.176
                                                                Jan 3, 2025 20:57:49.999197006 CET1356660190210.99.112.90192.168.2.23
                                                                Jan 3, 2025 20:57:49.999237061 CET6019013566192.168.2.23210.99.112.90
                                                                Jan 3, 2025 20:57:50.000036955 CET5203813566192.168.2.23210.99.85.182
                                                                Jan 3, 2025 20:57:50.000439882 CET1356655526210.99.98.83192.168.2.23
                                                                Jan 3, 2025 20:57:50.000480890 CET5552613566192.168.2.23210.99.98.83
                                                                Jan 3, 2025 20:57:50.002258062 CET1356659182210.99.58.159192.168.2.23
                                                                Jan 3, 2025 20:57:50.002296925 CET5918213566192.168.2.23210.99.58.159
                                                                Jan 3, 2025 20:57:50.003410101 CET1356635164210.99.99.241192.168.2.23
                                                                Jan 3, 2025 20:57:50.003448963 CET3516413566192.168.2.23210.99.99.241
                                                                Jan 3, 2025 20:57:50.003982067 CET1356645640210.99.229.176192.168.2.23
                                                                Jan 3, 2025 20:57:50.004020929 CET4564013566192.168.2.23210.99.229.176
                                                                Jan 3, 2025 20:57:50.005198956 CET1356652038210.99.85.182192.168.2.23
                                                                Jan 3, 2025 20:57:50.005239010 CET5203813566192.168.2.23210.99.85.182
                                                                Jan 3, 2025 20:57:50.042145014 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:57:50.046926975 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:57:50.046972990 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:57:50.047626019 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:57:50.052397013 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:57:50.052503109 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:57:50.057434082 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:57:52.629623890 CET43928443192.168.2.2391.189.91.42
                                                                Jan 3, 2025 20:57:58.260951042 CET42836443192.168.2.2391.189.91.43
                                                                Jan 3, 2025 20:57:59.540767908 CET4251680192.168.2.23109.202.202.202
                                                                Jan 3, 2025 20:58:00.054136038 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:58:00.059025049 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:58:00.259429932 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:58:00.259473085 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:58:00.742408037 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:58:00.742568016 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:58:13.106833935 CET43928443192.168.2.2391.189.91.42
                                                                Jan 3, 2025 20:58:25.393285990 CET42836443192.168.2.2391.189.91.43
                                                                Jan 3, 2025 20:58:29.488692045 CET4251680192.168.2.23109.202.202.202
                                                                Jan 3, 2025 20:58:54.061280012 CET43928443192.168.2.2391.189.91.42
                                                                Jan 3, 2025 20:59:00.775619984 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:59:00.780461073 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:59:00.980748892 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:59:00.980809927 CET4259813566192.168.2.2383.222.191.90
                                                                Jan 3, 2025 20:59:01.741709948 CET135664259883.222.191.90192.168.2.23
                                                                Jan 3, 2025 20:59:01.741792917 CET4259813566192.168.2.2383.222.191.90

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 3, 2025 20:57:50.003433943 CET4572353192.168.2.238.8.8.8
                                                                Jan 3, 2025 20:57:50.010379076 CET53457238.8.8.8192.168.2.23
                                                                Jan 3, 2025 20:57:50.011281967 CET5137453192.168.2.238.8.8.8
                                                                Jan 3, 2025 20:57:50.018238068 CET53513748.8.8.8192.168.2.23
                                                                Jan 3, 2025 20:57:50.018876076 CET5389553192.168.2.238.8.8.8
                                                                Jan 3, 2025 20:57:50.026098967 CET53538958.8.8.8192.168.2.23
                                                                Jan 3, 2025 20:57:50.026737928 CET5271353192.168.2.238.8.8.8
                                                                Jan 3, 2025 20:57:50.034101009 CET53527138.8.8.8192.168.2.23
                                                                Jan 3, 2025 20:57:50.034718037 CET4643853192.168.2.238.8.8.8
                                                                Jan 3, 2025 20:57:50.041742086 CET53464388.8.8.8192.168.2.23

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Jan 3, 2025 20:57:50.003433943 CET192.168.2.238.8.8.80xe736Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                Jan 3, 2025 20:57:50.011281967 CET192.168.2.238.8.8.80xe736Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                Jan 3, 2025 20:57:50.018876076 CET192.168.2.238.8.8.80xe736Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                Jan 3, 2025 20:57:50.026737928 CET192.168.2.238.8.8.80xe736Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                                                Jan 3, 2025 20:57:50.034718037 CET192.168.2.238.8.8.80xe736Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Jan 3, 2025 20:57:50.010379076 CET8.8.8.8192.168.2.230xe736Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                                                                Jan 3, 2025 20:57:50.018238068 CET8.8.8.8192.168.2.230xe736Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                                                                Jan 3, 2025 20:57:50.026098967 CET8.8.8.8192.168.2.230xe736Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                                                                Jan 3, 2025 20:57:50.034101009 CET8.8.8.8192.168.2.230xe736Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                                                                Jan 3, 2025 20:57:50.041742086 CET8.8.8.8192.168.2.230xe736Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false

                                                                System Behavior

                                                                General

                                                                Start time (UTC):19:57:48
                                                                Start date (UTC):03/01/2025
                                                                Path:/tmp/arm4.elf
                                                                Arguments:/tmp/arm4.elf
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):19:57:48
                                                                Start date (UTC):03/01/2025
                                                                Path:/tmp/arm4.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):19:57:48
                                                                Start date (UTC):03/01/2025
                                                                Path:/tmp/arm4.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities


                                                                General

                                                                Start time (UTC):19:57:49
                                                                Start date (UTC):03/01/2025
                                                                Path:/tmp/arm4.elf
                                                                Arguments:-
                                                                File size:4956856 bytes
                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                Chronological Activities