Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
arm5.elf

Overview

General Information

Sample name:arm5.elf
Analysis ID:1583925
MD5:8a1a2131b159e5f7e6f070c34fe536ca
SHA1:f5e11781e0bb26f15a4c41509330ee592cc0e99b
SHA256:a1a8c3f6c6d4fc6e12fd4d2a8e8752c0cfe7aaa90e995d26ae15e1817fa766e3
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1583925
Start date and time:2025-01-03 21:22:05 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 3s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm5.elf
Detection:MAL
Classification:mal52.spre.linELF@0/13@5/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • VT rate limit hit for: arm5.elf

Runtime Messages

Command:/tmp/arm5.elf
PID:6233
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
dear
Standard Error:

Process Tree

  • system is lnxubuntu20
  • arm5.elf (PID: 6233, Parent: 6157, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm5.elf
    • arm5.elf New Fork (PID: 6235, Parent: 6233)
      • arm5.elf New Fork (PID: 6237, Parent: 6235)
      • arm5.elf New Fork (PID: 6240, Parent: 6235)
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: arm5.elfReversingLabs: Detection: 34%
Source: arm5.elfString: /proc/self/exe/. self/proc//bin/bash/bin/sh/bin/dashbashshftpwgettftpncnetcatnmaptcpdumpsocatcurlbusyboxpythonrebootechoinitcroniptablessshdtelnettelnetdtftpdrshdrexecdftpdxinetdpftp/bin/login
Source: global trafficTCP traffic: 192.168.2.23:46814 -> 210.99.130.100:13566
Source: global trafficTCP traffic: 192.168.2.23:36836 -> 210.99.143.92:13566
Source: global trafficTCP traffic: 192.168.2.23:44474 -> 210.99.66.210:13566
Source: global trafficTCP traffic: 192.168.2.23:59784 -> 210.99.211.130:13566
Source: global trafficTCP traffic: 192.168.2.23:34002 -> 210.99.18.226:13566
Source: global trafficTCP traffic: 192.168.2.23:58338 -> 210.99.220.215:13566
Source: global trafficTCP traffic: 192.168.2.23:54252 -> 210.99.22.249:13566
Source: global trafficTCP traffic: 192.168.2.23:58440 -> 210.99.124.143:13566
Source: global trafficTCP traffic: 192.168.2.23:54752 -> 210.99.100.239:13566
Source: global trafficTCP traffic: 192.168.2.23:43728 -> 210.99.132.11:13566
Source: global trafficTCP traffic: 192.168.2.23:57332 -> 210.99.7.175:13566
Source: global trafficTCP traffic: 192.168.2.23:33578 -> 210.99.163.77:13566
Source: global trafficTCP traffic: 192.168.2.23:50654 -> 210.99.249.92:13566
Source: global trafficTCP traffic: 192.168.2.23:57462 -> 210.99.27.225:13566
Source: global trafficTCP traffic: 192.168.2.23:60368 -> 210.99.214.58:13566
Source: global trafficTCP traffic: 192.168.2.23:46056 -> 210.99.14.88:13566
Source: global trafficTCP traffic: 192.168.2.23:55484 -> 210.99.158.157:13566
Source: global trafficTCP traffic: 192.168.2.23:47376 -> 210.99.180.225:13566
Source: global trafficTCP traffic: 192.168.2.23:59256 -> 210.99.112.136:13566
Source: global trafficTCP traffic: 192.168.2.23:41982 -> 210.99.99.130:13566
Source: global trafficTCP traffic: 192.168.2.23:45380 -> 210.99.106.63:13566
Source: global trafficTCP traffic: 192.168.2.23:56982 -> 210.99.89.129:13566
Source: global trafficTCP traffic: 192.168.2.23:35500 -> 210.99.56.213:13566
Source: global trafficTCP traffic: 192.168.2.23:44004 -> 210.99.16.156:13566
Source: global trafficTCP traffic: 192.168.2.23:35544 -> 210.99.196.148:13566
Source: global trafficTCP traffic: 192.168.2.23:39132 -> 210.99.167.203:13566
Source: global trafficTCP traffic: 192.168.2.23:36636 -> 210.99.67.74:13566
Source: global trafficTCP traffic: 192.168.2.23:54134 -> 210.99.24.60:13566
Source: global trafficTCP traffic: 192.168.2.23:57514 -> 210.99.167.51:13566
Source: global trafficTCP traffic: 192.168.2.23:50180 -> 210.99.29.125:13566
Source: global trafficTCP traffic: 192.168.2.23:45578 -> 210.99.109.43:13566
Source: global trafficTCP traffic: 192.168.2.23:42706 -> 210.99.214.11:13566
Source: global trafficTCP traffic: 192.168.2.23:57790 -> 210.99.201.138:13566
Source: global trafficTCP traffic: 192.168.2.23:42610 -> 83.222.191.90:13566
Source: /tmp/arm5.elf (PID: 6233)Socket: 127.0.0.1:8341Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownDNS traffic detected: query: secure-network-rebirthltd.ru replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6240, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6257, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6258, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6259, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6260, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6261, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6262, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6263, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6264, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6265, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6266, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6303, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6317, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: /proc/self/exe/. self/proc//bin/bash/bin/sh/bin/dashbashshftpwgettftpncnetcatnmaptcpdumpsocatcurlbusyboxpythonrebootechoinitcroniptablessshdtelnettelnetdtftpdrshdrexecdftpdxinetdpftp/bin/login
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6240, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6257, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6258, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6259, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6260, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6261, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6262, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6263, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6264, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6265, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6266, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6303, result: successfulJump to behavior
Source: /tmp/arm5.elf (PID: 6237)SIGKILL sent: pid: 6317, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/13@5/0
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6263/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6263/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6240/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6240/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6262/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6262/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6265/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6265/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6264/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6264/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6266/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6266/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6258/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6258/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6257/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6257/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6261/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6261/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6260/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6260/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6259/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6259/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6303/mapsJump to behavior
Source: /tmp/arm5.elf (PID: 6237)File opened: /proc/6303/cmdlineJump to behavior
Source: /tmp/arm5.elf (PID: 6233)Queries kernel information via 'uname': Jump to behavior
Source: arm5.elf, 6233.1.0000562b63a9c000.0000562b63c11000.rw-.sdmpBinary or memory string: c+V!/etc/qemu-binfmt/arm
Source: arm5.elf, 6233.1.00007ffeeb74c000.00007ffeeb76d000.rw-.sdmpBinary or memory string: 2x86_64/usr/bin/qemu-arm/tmp/arm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm5.elf
Source: arm5.elf, 6233.1.0000562b63a9c000.0000562b63c11000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: arm5.elf, 6233.1.00007ffeeb74c000.00007ffeeb76d000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume Access1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583925 Sample: arm5.elf Startdate: 03/01/2025 Architecture: LINUX Score: 52 17 210.99.158.157, 13566, 55484 NICNETKoreaTelecomKR Korea Republic of 2->17 19 83.222.191.90, 13566, 42610 NET1-ASBG Bulgaria 2->19 21 36 other IPs or domains 2->21 23 Multi AV Scanner detection for submitted file 2->23 8 arm5.elf 2->8         started        signatures3 process4 process5 10 arm5.elf 8->10         started        process6 12 arm5.elf 10->12         started        15 arm5.elf 10->15         started        signatures7 25 Sample tries to kill multiple processes (SIGKILL) 12->25

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
arm5.elf34%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
unknown
unknownfalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    210.99.106.63
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.132.11
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.167.203
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.100.239
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.201.138
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.163.77
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.66.210
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.214.58
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.124.143
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.29.125
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.7.175
    		unknownKorea Republic of
    		10185HNB-ASHanaBankCoKRfalse
    210.99.214.11
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.89.129
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.56.213
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.18.226
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.249.92
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.24.60
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    210.99.167.51
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.99.130
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.211.130
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.67.74
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.220.215
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    91.189.91.43
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    91.189.91.42
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    210.99.109.43
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.14.88
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.27.225
    		unknownKorea Republic of
    		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
    83.222.191.90
    		unknownBulgaria
    		43561NET1-ASBGfalse
    210.99.22.249
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.180.225
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    109.202.202.202
    		unknownSwitzerland
    		13030INIT7CHfalse
    210.99.130.100
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.16.156
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.158.157
    		unknownKorea Republic of
    		45400NICNETKoreaTelecomKRfalse
    210.99.143.92
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.112.136
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    210.99.196.148
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    91.189.91.43x86.elfGet hashmaliciousUnknownBrowse
      arm4.elfGet hashmaliciousUnknownBrowse
        arm6.elfGet hashmaliciousUnknownBrowse
          mpsl.elfGet hashmaliciousUnknownBrowse
            ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
              ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                  UDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
                    nova2.elfGet hashmaliciousUnknownBrowse
                      154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elfGet hashmaliciousMiraiBrowse
                        91.189.91.42x86.elfGet hashmaliciousUnknownBrowse
                          arm4.elfGet hashmaliciousUnknownBrowse
                            arm6.elfGet hashmaliciousUnknownBrowse
                              mpsl.elfGet hashmaliciousUnknownBrowse
                                ub8ehJSePAfc9FYqZIT6.i686.elfGet hashmaliciousUnknownBrowse
                                  ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                                    ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                                      ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                                        UDMp3dZ7nc.elfGet hashmaliciousXorDDoSBrowse
                                          nova2.elfGet hashmaliciousUnknownBrowse

                                            Domains

                                            No context

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            KIXS-AS-KRKoreaTelecomKRx86.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.179.142
                                            armv6l.elfGet hashmaliciousMiraiBrowse
                                            • 183.120.140.88
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                            • 210.99.13.2
                                            arm4.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.96.5
                                            m68k.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.235.155
                                            mips.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.93.155
                                            mpsl.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.224.65
                                            armv5l.elfGet hashmaliciousMiraiBrowse
                                            • 220.92.130.121
                                            armv7l.elfGet hashmaliciousMiraiBrowse
                                            • 221.161.77.61
                                            armv4l.elfGet hashmaliciousMiraiBrowse
                                            • 218.151.13.97
                                            KIXS-AS-KRKoreaTelecomKRx86.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.179.142
                                            armv6l.elfGet hashmaliciousMiraiBrowse
                                            • 183.120.140.88
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                            • 210.99.13.2
                                            arm4.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.96.5
                                            m68k.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.235.155
                                            mips.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.93.155
                                            mpsl.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.224.65
                                            armv5l.elfGet hashmaliciousMiraiBrowse
                                            • 220.92.130.121
                                            armv7l.elfGet hashmaliciousMiraiBrowse
                                            • 221.161.77.61
                                            armv4l.elfGet hashmaliciousMiraiBrowse
                                            • 218.151.13.97
                                            KIXS-AS-KRKoreaTelecomKRx86.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.179.142
                                            armv6l.elfGet hashmaliciousMiraiBrowse
                                            • 183.120.140.88
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                            • 210.99.13.2
                                            arm4.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.96.5
                                            m68k.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.235.155
                                            mips.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.93.155
                                            mpsl.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.224.65
                                            armv5l.elfGet hashmaliciousMiraiBrowse
                                            • 220.92.130.121
                                            armv7l.elfGet hashmaliciousMiraiBrowse
                                            • 221.161.77.61
                                            armv4l.elfGet hashmaliciousMiraiBrowse
                                            • 218.151.13.97
                                            KIXS-AS-KRKoreaTelecomKRx86.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.179.142
                                            armv6l.elfGet hashmaliciousMiraiBrowse
                                            • 183.120.140.88
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                            • 210.99.13.2
                                            arm4.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.96.5
                                            m68k.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.235.155
                                            mips.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.93.155
                                            mpsl.elfGet hashmaliciousUnknownBrowse
                                            • 210.99.224.65
                                            armv5l.elfGet hashmaliciousMiraiBrowse
                                            • 220.92.130.121
                                            armv7l.elfGet hashmaliciousMiraiBrowse
                                            • 221.161.77.61
                                            armv4l.elfGet hashmaliciousMiraiBrowse
                                            • 218.151.13.97

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            /tmp/qemu-open.0P20SO (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Reputation:low
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.2CRRnN (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Reputation:low
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.7TV2lO (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Reputation:low
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.LsCNDN (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Reputation:low
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.RBtJVP (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Reputation:low
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.Vlb4gM (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.Y1guhO (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.gtzHJO (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.o8IEPP (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.oB8qaQ (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.uoemIN (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.xhI9pN (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            /tmp/qemu-open.zAiNyM (deleted)

                                            Download File
                                            Process:/tmp/arm5.elf
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):248
                                            Entropy (8bit):3.2129694415895975
                                            Encrypted:false
                                            SSDEEP:6:WYgDFkppvCY/V05sDF8T/VjmsVot/VOArB/VH:u8I5Ezl
                                            MD5:A872ABFE593708CDBE6AB514E5AA409D
                                            SHA1:1CDEAB3515F766909C0AD57F2BC9AE13673DE366
                                            SHA-256:46E4A3B5FF3940656EF82B7CEEFA5E7027B433E9A4392CB1EA16F61B3B7DD565
                                            SHA-512:E634E9CC47ACE2ED8A2E5D538E868654741FC7FDC1A06D6AAC0F439606E865EA21C7A9956105A7B2A8AE9D5A22DCDD31AB191242C9F68F954A2AD4A714F8532E
                                            Malicious:false
                                            Preview:8000-15000 r-xp 00000000 fd:00 531606 /tmp/..1c000-1d000 rw-p 0000c000 fd:00 531606 /tmp/..1d000-1e000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                            Static File Info

                                            General

                                            File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                            Entropy (8bit):6.014490747276611
                                            TrID:
                                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                            File name:arm5.elf
                                            File size:51'356 bytes
                                            MD5:8a1a2131b159e5f7e6f070c34fe536ca
                                            SHA1:f5e11781e0bb26f15a4c41509330ee592cc0e99b
                                            SHA256:a1a8c3f6c6d4fc6e12fd4d2a8e8752c0cfe7aaa90e995d26ae15e1817fa766e3
                                            SHA512:621ecbc58c6b7ae31da6cea527a687ea54363d408c259382d1ae4f48130dc01fc7fbb475374335070d7831d1e17f2b1f874ef1c903eff5595ceb4c2a8fdf4115
                                            SSDEEP:768:xGQthFKseioKakzs8NyxkCviDnrPAC3P2wHNv1Ll66dIA8vCQ+Jn:40hFK13kz6xkCqrUgv1Ll3Sh4n
                                            TLSH:D133E685BC819E16C6D413BFB62F028D3B2623B8D2DF7213D9226F15778A91F0D67642
                                            File Content Preview:.ELF...a..........(.........4...........4. ...(.....................x...x...............|...|...|...P...............Q.td..................................-...L."...Z...........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                            Static ELF Info

                                            ELF header

                                            Class:ELF32
                                            Data:2's complement, little endian
                                            Version:1 (current)
                                            Machine:ARM
                                            Version Number:0x1
                                            Type:EXEC (Executable file)
                                            OS/ABI:ARM - ABI
                                            ABI Version:0
                                            Entry Point Address:0x8190
                                            Flags:0x2
                                            ELF Header Size:52
                                            Program Header Offset:52
                                            Program Header Size:32
                                            Number of Program Headers:3
                                            Section Header Offset:50956
                                            Section Header Size:40
                                            Number of Section Headers:10
                                            Header String Table Index:9

                                            Sections

                                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                            NULL0x00x00x00x00x0000
                                            .initPROGBITS0x80940x940x180x00x6AX004
                                            .textPROGBITS0x80b00xb00xb9a00x00x6AX0016
                                            .finiPROGBITS0x13a500xba500x140x00x6AX004
                                            .rodataPROGBITS0x13a640xba640xa140x00x2A004
                                            .ctorsPROGBITS0x1c47c0xc47c0x80x00x3WA004
                                            .dtorsPROGBITS0x1c4840xc4840x80x00x3WA004
                                            .dataPROGBITS0x1c4900xc4900x23c0x00x3WA004
                                            .bssNOBITS0x1c6cc0xc6cc0x1780x00x3WA004
                                            .shstrtabSTRTAB0x00xc6cc0x3e0x00x0001

                                            Program Segments

                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                            LOAD0x00x80000x80000xc4780xc4786.04180x5R E0x8000.init .text .fini .rodata
                                            LOAD0xc47c0x1c47c0x1c47c0x2500x3c83.17640x6RW 0x8000.ctors .dtors .data .bss
                                            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 3, 2025 21:22:50.318500042 CET4681413566192.168.2.23210.99.130.100
                                            Jan 3, 2025 21:22:50.323411942 CET1356646814210.99.130.100192.168.2.23
                                            Jan 3, 2025 21:22:50.323472023 CET4681413566192.168.2.23210.99.130.100
                                            Jan 3, 2025 21:22:50.335784912 CET4681413566192.168.2.23210.99.130.100
                                            Jan 3, 2025 21:22:50.336252928 CET3683613566192.168.2.23210.99.143.92
                                            Jan 3, 2025 21:22:50.340799093 CET1356646814210.99.130.100192.168.2.23
                                            Jan 3, 2025 21:22:50.340842009 CET4681413566192.168.2.23210.99.130.100
                                            Jan 3, 2025 21:22:50.341128111 CET1356636836210.99.143.92192.168.2.23
                                            Jan 3, 2025 21:22:50.341180086 CET3683613566192.168.2.23210.99.143.92
                                            Jan 3, 2025 21:22:50.353595018 CET3683613566192.168.2.23210.99.143.92
                                            Jan 3, 2025 21:22:50.358140945 CET4447413566192.168.2.23210.99.66.210
                                            Jan 3, 2025 21:22:50.358443975 CET1356636836210.99.143.92192.168.2.23
                                            Jan 3, 2025 21:22:50.358481884 CET3683613566192.168.2.23210.99.143.92
                                            Jan 3, 2025 21:22:50.362930059 CET1356644474210.99.66.210192.168.2.23
                                            Jan 3, 2025 21:22:50.362982988 CET4447413566192.168.2.23210.99.66.210
                                            Jan 3, 2025 21:22:50.363022089 CET5978413566192.168.2.23210.99.211.130
                                            Jan 3, 2025 21:22:50.365627050 CET3400213566192.168.2.23210.99.18.226
                                            Jan 3, 2025 21:22:50.366374016 CET5833813566192.168.2.23210.99.220.215
                                            Jan 3, 2025 21:22:50.367837906 CET1356659784210.99.211.130192.168.2.23
                                            Jan 3, 2025 21:22:50.367883921 CET5978413566192.168.2.23210.99.211.130
                                            Jan 3, 2025 21:22:50.370440960 CET1356634002210.99.18.226192.168.2.23
                                            Jan 3, 2025 21:22:50.370528936 CET3400213566192.168.2.23210.99.18.226
                                            Jan 3, 2025 21:22:50.371160030 CET1356658338210.99.220.215192.168.2.23
                                            Jan 3, 2025 21:22:50.371202946 CET5833813566192.168.2.23210.99.220.215
                                            Jan 3, 2025 21:22:50.374022007 CET5425213566192.168.2.23210.99.22.249
                                            Jan 3, 2025 21:22:50.378848076 CET1356654252210.99.22.249192.168.2.23
                                            Jan 3, 2025 21:22:50.378891945 CET5425213566192.168.2.23210.99.22.249
                                            Jan 3, 2025 21:22:50.381697893 CET5425213566192.168.2.23210.99.22.249
                                            Jan 3, 2025 21:22:50.383420944 CET5844013566192.168.2.23210.99.124.143
                                            Jan 3, 2025 21:22:50.384680033 CET5475213566192.168.2.23210.99.100.239
                                            Jan 3, 2025 21:22:50.386560917 CET1356654252210.99.22.249192.168.2.23
                                            Jan 3, 2025 21:22:50.386600018 CET5425213566192.168.2.23210.99.22.249
                                            Jan 3, 2025 21:22:50.388267994 CET1356658440210.99.124.143192.168.2.23
                                            Jan 3, 2025 21:22:50.388304949 CET5844013566192.168.2.23210.99.124.143
                                            Jan 3, 2025 21:22:50.389502048 CET1356654752210.99.100.239192.168.2.23
                                            Jan 3, 2025 21:22:50.389559031 CET5475213566192.168.2.23210.99.100.239
                                            Jan 3, 2025 21:22:50.398303986 CET4372813566192.168.2.23210.99.132.11
                                            Jan 3, 2025 21:22:50.400520086 CET5733213566192.168.2.23210.99.7.175
                                            Jan 3, 2025 21:22:50.402412891 CET3357813566192.168.2.23210.99.163.77
                                            Jan 3, 2025 21:22:50.403286934 CET1356643728210.99.132.11192.168.2.23
                                            Jan 3, 2025 21:22:50.403327942 CET4372813566192.168.2.23210.99.132.11
                                            Jan 3, 2025 21:22:50.404088020 CET5065413566192.168.2.23210.99.249.92
                                            Jan 3, 2025 21:22:50.405338049 CET1356657332210.99.7.175192.168.2.23
                                            Jan 3, 2025 21:22:50.405383110 CET5733213566192.168.2.23210.99.7.175
                                            Jan 3, 2025 21:22:50.406400919 CET5746213566192.168.2.23210.99.27.225
                                            Jan 3, 2025 21:22:50.407263994 CET1356633578210.99.163.77192.168.2.23
                                            Jan 3, 2025 21:22:50.407305002 CET3357813566192.168.2.23210.99.163.77
                                            Jan 3, 2025 21:22:50.408050060 CET6036813566192.168.2.23210.99.214.58
                                            Jan 3, 2025 21:22:50.408904076 CET1356650654210.99.249.92192.168.2.23
                                            Jan 3, 2025 21:22:50.408941031 CET5065413566192.168.2.23210.99.249.92
                                            Jan 3, 2025 21:22:50.410912991 CET4605613566192.168.2.23210.99.14.88
                                            Jan 3, 2025 21:22:50.411211967 CET1356657462210.99.27.225192.168.2.23
                                            Jan 3, 2025 21:22:50.411251068 CET5746213566192.168.2.23210.99.27.225
                                            Jan 3, 2025 21:22:50.412815094 CET1356660368210.99.214.58192.168.2.23
                                            Jan 3, 2025 21:22:50.412853956 CET6036813566192.168.2.23210.99.214.58
                                            Jan 3, 2025 21:22:50.412942886 CET5548413566192.168.2.23210.99.158.157
                                            Jan 3, 2025 21:22:50.415246964 CET4737613566192.168.2.23210.99.180.225
                                            Jan 3, 2025 21:22:50.415684938 CET1356646056210.99.14.88192.168.2.23
                                            Jan 3, 2025 21:22:50.415728092 CET4605613566192.168.2.23210.99.14.88
                                            Jan 3, 2025 21:22:50.417244911 CET5925613566192.168.2.23210.99.112.136
                                            Jan 3, 2025 21:22:50.417735100 CET1356655484210.99.158.157192.168.2.23
                                            Jan 3, 2025 21:22:50.417767048 CET5548413566192.168.2.23210.99.158.157
                                            Jan 3, 2025 21:22:50.419539928 CET4198213566192.168.2.23210.99.99.130
                                            Jan 3, 2025 21:22:50.420109034 CET1356647376210.99.180.225192.168.2.23
                                            Jan 3, 2025 21:22:50.420150995 CET4737613566192.168.2.23210.99.180.225
                                            Jan 3, 2025 21:22:50.422059059 CET1356659256210.99.112.136192.168.2.23
                                            Jan 3, 2025 21:22:50.422099113 CET5925613566192.168.2.23210.99.112.136
                                            Jan 3, 2025 21:22:50.422652960 CET4538013566192.168.2.23210.99.106.63
                                            Jan 3, 2025 21:22:50.424243927 CET1356641982210.99.99.130192.168.2.23
                                            Jan 3, 2025 21:22:50.424283028 CET4198213566192.168.2.23210.99.99.130
                                            Jan 3, 2025 21:22:50.425357103 CET5698213566192.168.2.23210.99.89.129
                                            Jan 3, 2025 21:22:50.427392960 CET1356645380210.99.106.63192.168.2.23
                                            Jan 3, 2025 21:22:50.427428961 CET4538013566192.168.2.23210.99.106.63
                                            Jan 3, 2025 21:22:50.428204060 CET3550013566192.168.2.23210.99.56.213
                                            Jan 3, 2025 21:22:50.430082083 CET1356656982210.99.89.129192.168.2.23
                                            Jan 3, 2025 21:22:50.430124044 CET5698213566192.168.2.23210.99.89.129
                                            Jan 3, 2025 21:22:50.431679010 CET4400413566192.168.2.23210.99.16.156
                                            Jan 3, 2025 21:22:50.432987928 CET1356635500210.99.56.213192.168.2.23
                                            Jan 3, 2025 21:22:50.433027983 CET3550013566192.168.2.23210.99.56.213
                                            Jan 3, 2025 21:22:50.434103012 CET3554413566192.168.2.23210.99.196.148
                                            Jan 3, 2025 21:22:50.435370922 CET3913213566192.168.2.23210.99.167.203
                                            Jan 3, 2025 21:22:50.436438084 CET1356644004210.99.16.156192.168.2.23
                                            Jan 3, 2025 21:22:50.436476946 CET4400413566192.168.2.23210.99.16.156
                                            Jan 3, 2025 21:22:50.436672926 CET3663613566192.168.2.23210.99.67.74
                                            Jan 3, 2025 21:22:50.437952995 CET5413413566192.168.2.23210.99.24.60
                                            Jan 3, 2025 21:22:50.438976049 CET1356635544210.99.196.148192.168.2.23
                                            Jan 3, 2025 21:22:50.439011097 CET3554413566192.168.2.23210.99.196.148
                                            Jan 3, 2025 21:22:50.439181089 CET5751413566192.168.2.23210.99.167.51
                                            Jan 3, 2025 21:22:50.440187931 CET1356639132210.99.167.203192.168.2.23
                                            Jan 3, 2025 21:22:50.440218925 CET3913213566192.168.2.23210.99.167.203
                                            Jan 3, 2025 21:22:50.440291882 CET5018013566192.168.2.23210.99.29.125
                                            Jan 3, 2025 21:22:50.440939903 CET4557813566192.168.2.23210.99.109.43
                                            Jan 3, 2025 21:22:50.441432953 CET1356636636210.99.67.74192.168.2.23
                                            Jan 3, 2025 21:22:50.441466093 CET3663613566192.168.2.23210.99.67.74
                                            Jan 3, 2025 21:22:50.441581011 CET4270613566192.168.2.23210.99.214.11
                                            Jan 3, 2025 21:22:50.442231894 CET5779013566192.168.2.23210.99.201.138
                                            Jan 3, 2025 21:22:50.442743063 CET1356654134210.99.24.60192.168.2.23
                                            Jan 3, 2025 21:22:50.442780018 CET5413413566192.168.2.23210.99.24.60
                                            Jan 3, 2025 21:22:50.443931103 CET1356657514210.99.167.51192.168.2.23
                                            Jan 3, 2025 21:22:50.443969011 CET5751413566192.168.2.23210.99.167.51
                                            Jan 3, 2025 21:22:50.445069075 CET1356650180210.99.29.125192.168.2.23
                                            Jan 3, 2025 21:22:50.445112944 CET5018013566192.168.2.23210.99.29.125
                                            Jan 3, 2025 21:22:50.445717096 CET1356645578210.99.109.43192.168.2.23
                                            Jan 3, 2025 21:22:50.445756912 CET4557813566192.168.2.23210.99.109.43
                                            Jan 3, 2025 21:22:50.446290970 CET1356642706210.99.214.11192.168.2.23
                                            Jan 3, 2025 21:22:50.446326017 CET4270613566192.168.2.23210.99.214.11
                                            Jan 3, 2025 21:22:50.447025061 CET1356657790210.99.201.138192.168.2.23
                                            Jan 3, 2025 21:22:50.447062969 CET5779013566192.168.2.23210.99.201.138
                                            Jan 3, 2025 21:22:50.483695030 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:22:50.488563061 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:22:50.488632917 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:22:50.489423037 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:22:50.494196892 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:22:50.494246960 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:22:50.499048948 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:22:51.517245054 CET43928443192.168.2.2391.189.91.42
                                            Jan 3, 2025 21:22:56.892399073 CET42836443192.168.2.2391.189.91.43
                                            Jan 3, 2025 21:22:58.428147078 CET4251680192.168.2.23109.202.202.202
                                            Jan 3, 2025 21:23:00.498233080 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:23:00.504034996 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:23:00.858098030 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:23:00.858177900 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:23:01.059187889 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:23:01.059272051 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:23:11.738245964 CET43928443192.168.2.2391.189.91.42
                                            Jan 3, 2025 21:23:24.024401903 CET42836443192.168.2.2391.189.91.43
                                            Jan 3, 2025 21:23:28.119811058 CET4251680192.168.2.23109.202.202.202
                                            Jan 3, 2025 21:23:52.692250967 CET43928443192.168.2.2391.189.91.42
                                            Jan 3, 2025 21:24:01.097306013 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:24:01.102122068 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:24:01.299555063 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:24:01.299623013 CET4261013566192.168.2.2383.222.191.90
                                            Jan 3, 2025 21:24:02.058465004 CET135664261083.222.191.90192.168.2.23
                                            Jan 3, 2025 21:24:02.058742046 CET4261013566192.168.2.2383.222.191.90

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 3, 2025 21:22:50.445127010 CET4036253192.168.2.238.8.8.8
                                            Jan 3, 2025 21:22:50.452056885 CET53403628.8.8.8192.168.2.23
                                            Jan 3, 2025 21:22:50.453067064 CET4839553192.168.2.238.8.8.8
                                            Jan 3, 2025 21:22:50.460074902 CET53483958.8.8.8192.168.2.23
                                            Jan 3, 2025 21:22:50.460768938 CET4392753192.168.2.238.8.8.8
                                            Jan 3, 2025 21:22:50.467757940 CET53439278.8.8.8192.168.2.23
                                            Jan 3, 2025 21:22:50.468445063 CET5006053192.168.2.238.8.8.8
                                            Jan 3, 2025 21:22:50.475161076 CET53500608.8.8.8192.168.2.23
                                            Jan 3, 2025 21:22:50.475858927 CET5313353192.168.2.238.8.8.8
                                            Jan 3, 2025 21:22:50.483294010 CET53531338.8.8.8192.168.2.23

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Jan 3, 2025 21:22:50.445127010 CET192.168.2.238.8.8.80xc827Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                            Jan 3, 2025 21:22:50.453067064 CET192.168.2.238.8.8.80xc827Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                            Jan 3, 2025 21:22:50.460768938 CET192.168.2.238.8.8.80xc827Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                            Jan 3, 2025 21:22:50.468445063 CET192.168.2.238.8.8.80xc827Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                                            Jan 3, 2025 21:22:50.475858927 CET192.168.2.238.8.8.80xc827Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Jan 3, 2025 21:22:50.452056885 CET8.8.8.8192.168.2.230xc827Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                                            Jan 3, 2025 21:22:50.460074902 CET8.8.8.8192.168.2.230xc827Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                                            Jan 3, 2025 21:22:50.467757940 CET8.8.8.8192.168.2.230xc827Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                                            Jan 3, 2025 21:22:50.475161076 CET8.8.8.8192.168.2.230xc827Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                                            Jan 3, 2025 21:22:50.483294010 CET8.8.8.8192.168.2.230xc827Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false

                                            System Behavior

                                            General

                                            Start time (UTC):20:22:49
                                            Start date (UTC):03/01/2025
                                            Path:/tmp/arm5.elf
                                            Arguments:/tmp/arm5.elf
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Chronological Activities


                                            General

                                            Start time (UTC):20:22:49
                                            Start date (UTC):03/01/2025
                                            Path:/tmp/arm5.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Chronological Activities


                                            General

                                            Start time (UTC):20:22:49
                                            Start date (UTC):03/01/2025
                                            Path:/tmp/arm5.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Chronological Activities


                                            General

                                            Start time (UTC):20:22:49
                                            Start date (UTC):03/01/2025
                                            Path:/tmp/arm5.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Chronological Activities