Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Kloki.m68k.elf

Overview

General Information

Sample name:Kloki.m68k.elf
Analysis ID:1584115
MD5:b7d6c1ca193fee24d9a386474f15a7d2
SHA1:60a713edd561452c5b97c999f0a8f977ac981e1f
SHA256:6e15ca0d44f9755e25d43b727e0f955dc8fc8047db4d0fc8c180a7f1f75a7adb
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:60
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1584115
Start date and time:2025-01-04 09:30:40 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 3s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.m68k.elf
Detection:MAL
Classification:mal60.spre.troj.linELF@0/18@5/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown

Runtime Messages

Command:/tmp/Kloki.m68k.elf
PID:5432
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
dear
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Kloki.m68k.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5432.1.00007f7300001000.00007f7300023000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5436.1.00007f7300001000.00007f7300023000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: Kloki.m68k.elfReversingLabs: Detection: 26%
        Source: Kloki.m68k.elfString: DN^Nu%d/proc/self/exeppid/proc/net/tcp/proc//status/fd//dev/null/dev/consolesocket05self/bin/bash/bin/sh/bin/dashwgettftpncnetcatnmaptcpdumpsocatcurlbusyboxpythonrebootechoinitcroniptablessshdtelnetdtftpdrshdrexecdxinetdpftp/bin/login
        Source: global trafficTCP traffic: 192.168.2.13:40228 -> 210.99.87.190:13566
        Source: global trafficTCP traffic: 192.168.2.13:58912 -> 210.99.148.158:13566
        Source: global trafficTCP traffic: 192.168.2.13:40624 -> 210.99.180.66:13566
        Source: global trafficTCP traffic: 192.168.2.13:38666 -> 210.99.9.28:13566
        Source: global trafficTCP traffic: 192.168.2.13:50040 -> 210.99.99.236:13566
        Source: global trafficTCP traffic: 192.168.2.13:38774 -> 210.99.202.63:13566
        Source: global trafficTCP traffic: 192.168.2.13:47204 -> 210.99.252.119:13566
        Source: global trafficTCP traffic: 192.168.2.13:58428 -> 210.99.200.85:13566
        Source: global trafficTCP traffic: 192.168.2.13:43272 -> 210.99.107.58:13566
        Source: global trafficTCP traffic: 192.168.2.13:58918 -> 210.99.172.106:13566
        Source: global trafficTCP traffic: 192.168.2.13:44102 -> 210.99.205.144:13566
        Source: global trafficTCP traffic: 192.168.2.13:49866 -> 210.99.97.54:13566
        Source: global trafficTCP traffic: 192.168.2.13:44404 -> 210.99.163.69:13566
        Source: global trafficTCP traffic: 192.168.2.13:36126 -> 210.99.237.45:13566
        Source: global trafficTCP traffic: 192.168.2.13:55684 -> 210.99.207.221:13566
        Source: global trafficTCP traffic: 192.168.2.13:37678 -> 210.99.82.38:13566
        Source: global trafficTCP traffic: 192.168.2.13:57042 -> 210.99.155.230:13566
        Source: global trafficTCP traffic: 192.168.2.13:54592 -> 210.99.196.79:13566
        Source: global trafficTCP traffic: 192.168.2.13:60042 -> 210.99.41.205:13566
        Source: global trafficTCP traffic: 192.168.2.13:43580 -> 210.99.107.140:13566
        Source: global trafficTCP traffic: 192.168.2.13:38876 -> 210.99.185.53:13566
        Source: global trafficTCP traffic: 192.168.2.13:56458 -> 210.99.203.182:13566
        Source: global trafficTCP traffic: 192.168.2.13:37594 -> 210.99.173.147:13566
        Source: global trafficTCP traffic: 192.168.2.13:53656 -> 210.99.11.24:13566
        Source: global trafficTCP traffic: 192.168.2.13:59450 -> 210.99.205.184:13566
        Source: global trafficTCP traffic: 192.168.2.13:49222 -> 210.99.130.155:13566
        Source: global trafficTCP traffic: 192.168.2.13:35782 -> 210.99.72.228:13566
        Source: global trafficTCP traffic: 192.168.2.13:52644 -> 210.99.209.235:13566
        Source: global trafficTCP traffic: 192.168.2.13:57892 -> 210.99.41.190:13566
        Source: global trafficTCP traffic: 192.168.2.13:54328 -> 210.99.25.249:13566
        Source: global trafficTCP traffic: 192.168.2.13:38320 -> 210.99.155.107:13566
        Source: global trafficTCP traffic: 192.168.2.13:35288 -> 210.99.31.54:13566
        Source: global trafficTCP traffic: 192.168.2.13:43294 -> 210.99.81.228:13566
        Source: global trafficTCP traffic: 192.168.2.13:42658 -> 210.99.133.122:13566
        Source: global trafficTCP traffic: 192.168.2.13:56128 -> 210.99.177.240:13566
        Source: global trafficTCP traffic: 192.168.2.13:38308 -> 210.99.6.107:13566
        Source: global trafficTCP traffic: 192.168.2.13:48630 -> 210.99.38.210:13566
        Source: global trafficTCP traffic: 192.168.2.13:52060 -> 210.99.33.211:13566
        Source: global trafficTCP traffic: 192.168.2.13:47034 -> 210.99.101.44:13566
        Source: global trafficTCP traffic: 192.168.2.13:52602 -> 210.99.235.51:13566
        Source: global trafficTCP traffic: 192.168.2.13:39570 -> 210.99.228.110:13566
        Source: global trafficTCP traffic: 192.168.2.13:42744 -> 83.222.191.90:13566
        Source: /tmp/Kloki.m68k.elf (PID: 5432)Socket: 127.0.0.1:8341Jump to behavior
        Source: unknownDNS traffic detected: query: secure-network-rebirthltd.ru replaycode: Name error (3)
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: unknownTCP traffic detected without corresponding DNS query: 83.222.191.90
        Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru

        System Summary

        barindex
        Sample tries to kill multiple processes (SIGKILL)
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5440, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5464, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5465, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5466, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5467, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5468, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5469, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5470, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5471, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5472, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5473, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5474, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5475, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5524, result: successfulJump to behavior
        Source: Initial sampleString containing 'busybox' found: busybox
        Source: Initial sampleString containing 'busybox' found: DN^Nu%d/proc/self/exeppid/proc/net/tcp/proc//status/fd//dev/null/dev/consolesocket05self/bin/bash/bin/sh/bin/dashwgettftpncnetcatnmaptcpdumpsocatcurlbusyboxpythonrebootechoinitcroniptablessshdtelnetdtftpdrshdrexecdxinetdpftp/bin/login
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5440, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5464, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5465, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5466, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5467, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5468, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5469, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5470, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5471, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5472, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5473, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5474, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5475, result: successfulJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)SIGKILL sent: pid: 5524, result: successfulJump to behavior
        Source: classification engineClassification label: mal60.spre.troj.linELF@0/18@5/0
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5470/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5470/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5471/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5471/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5472/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5472/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5440/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5440/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5473/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5473/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5474/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5474/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5464/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5464/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5475/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5475/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5465/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5465/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5466/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5466/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5467/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5467/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5468/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5468/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5469/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5469/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5524/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5524/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5515/mapsJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5438)File opened: /proc/5515/cmdlineJump to behavior
        Source: /tmp/Kloki.m68k.elf (PID: 5432)Queries kernel information via 'uname': Jump to behavior
        Source: Kloki.m68k.elf, 5432.1.00007ffdc2019000.00007ffdc203a000.rw-.sdmpBinary or memory string: /tmp/qemu-open.3DOowU
        Source: Kloki.m68k.elf, 5432.1.0000563833983000.0000563833a2a000.rw-.sdmp, Kloki.m68k.elf, 5436.1.0000563833983000.0000563833a2a000.rw-.sdmpBinary or memory string: 38V!/etc/qemu-binfmt/m68k
        Source: Kloki.m68k.elf, 5432.1.00007ffdc2019000.00007ffdc203a000.rw-.sdmp, Kloki.m68k.elf, 5436.1.00007ffdc2019000.00007ffdc203a000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
        Source: Kloki.m68k.elf, 5432.1.00007ffdc2019000.00007ffdc203a000.rw-.sdmpBinary or memory string: eS18V/tmp/qemu-open.3DOowU\
        Source: Kloki.m68k.elf, 5432.1.0000563833983000.0000563833a2a000.rw-.sdmp, Kloki.m68k.elf, 5436.1.0000563833983000.0000563833a2a000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
        Source: Kloki.m68k.elf, 5432.1.00007ffdc2019000.00007ffdc203a000.rw-.sdmp, Kloki.m68k.elf, 5436.1.00007ffdc2019000.00007ffdc203a000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/Kloki.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.m68k.elf

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: Kloki.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5432.1.00007f7300001000.00007f7300023000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5436.1.00007f7300001000.00007f7300023000.r-x.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: Kloki.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5432.1.00007f7300001000.00007f7300023000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5436.1.00007f7300001000.00007f7300023000.r-x.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path InterceptionDirect Volume Access1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584115 Sample: Kloki.m68k.elf Startdate: 04/01/2025 Architecture: LINUX Score: 60 19 210.99.11.24, 13566, 53656 NICNETKoreaTelecomKR Korea Republic of 2->19 21 210.99.172.106, 13566, 58918 NICNETKoreaTelecomKR Korea Republic of 2->21 23 41 other IPs or domains 2->23 25 Multi AV Scanner detection for submitted file 2->25 27 Yara detected Mirai 2->27 8 Kloki.m68k.elf 2->8         started        signatures3 process4 process5 10 Kloki.m68k.elf 8->10         started        process6 12 Kloki.m68k.elf 10->12         started        15 Kloki.m68k.elf 10->15         started        17 Kloki.m68k.elf 10->17         started        signatures7 29 Sample tries to kill multiple processes (SIGKILL) 12->29

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Kloki.m68k.elf26%ReversingLabsLinux.Backdoor.Mirai

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        secure-network-rebirthltd.ru
        		unknown
        		unknownfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          210.99.25.249
          		unknownKorea Republic of
          		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
          210.99.235.51
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.11.24
          		unknownKorea Republic of
          		45400NICNETKoreaTelecomKRfalse
          210.99.228.110
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.31.54
          		unknownKorea Republic of
          		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
          210.99.130.155
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.72.228
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.107.58
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.202.63
          		unknownKorea Republic of
          		9696EDAS-ASOscarEnterpriseKRfalse
          210.99.6.107
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.205.144
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.82.38
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.133.122
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.107.140
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.155.107
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.41.205
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.148.158
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.87.190
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.200.85
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.99.236
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.172.106
          		unknownKorea Republic of
          		45400NICNETKoreaTelecomKRfalse
          210.99.205.184
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.33.211
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.9.28
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.209.235
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.177.240
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.180.66
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.38.210
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.41.190
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          83.222.191.90
          		unknownBulgaria
          		43561NET1-ASBGfalse
          210.99.173.147
          		unknownKorea Republic of
          		45400NICNETKoreaTelecomKRfalse
          210.99.163.69
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.237.45
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.101.44
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.252.119
          		unknownKorea Republic of
          		17841NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRfalse
          210.99.97.54
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.81.228
          		unknownKorea Republic of
          		17600ENVICO-AS-KRKOREARESOURCESRECOVERYANDREUTILIZATIONCORPfalse
          210.99.196.79
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.185.53
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.207.221
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.155.230
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          210.99.203.182
          		unknownKorea Republic of
          		9696EDAS-ASOscarEnterpriseKRfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          83.222.191.90Kloki.arm7.elfGet hashmaliciousMiraiBrowse
            Kloki.mpsl.elfGet hashmaliciousMiraiBrowse
              Kloki.ppc.elfGet hashmaliciousMiraiBrowse
                Kloki.spc.elfGet hashmaliciousUnknownBrowse
                  Kloki.mips.elfGet hashmaliciousMiraiBrowse
                    Kloki.arm5.elfGet hashmaliciousMiraiBrowse
                      Kloki.arm4.elfGet hashmaliciousMiraiBrowse
                        mips.elfGet hashmaliciousUnknownBrowse
                          ppc.elfGet hashmaliciousUnknownBrowse
                            spc.elfGet hashmaliciousUnknownBrowse

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              NICNETKoreaTelecomKRKloki.arm7.elfGet hashmaliciousMiraiBrowse
                              • 210.99.91.108
                              Kloki.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 210.99.173.104
                              Kloki.ppc.elfGet hashmaliciousMiraiBrowse
                              • 210.99.11.251
                              Kloki.spc.elfGet hashmaliciousUnknownBrowse
                              • 210.99.84.6
                              ppc.elfGet hashmaliciousUnknownBrowse
                              • 210.99.174.9
                              spc.elfGet hashmaliciousUnknownBrowse
                              • 210.99.154.16
                              x86_64.elfGet hashmaliciousUnknownBrowse
                              • 210.99.173.147
                              arm5.elfGet hashmaliciousUnknownBrowse
                              • 210.99.158.157
                              x86.elfGet hashmaliciousUnknownBrowse
                              • 210.99.91.209
                              arm7.elfGet hashmaliciousMiraiBrowse
                              • 210.99.103.22
                              NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKRKloki.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 210.99.251.244
                              Kloki.ppc.elfGet hashmaliciousMiraiBrowse
                              • 210.99.53.71
                              Kloki.spc.elfGet hashmaliciousUnknownBrowse
                              • 210.99.252.54
                              Kloki.mips.elfGet hashmaliciousMiraiBrowse
                              • 210.99.61.102
                              Kloki.arm5.elfGet hashmaliciousMiraiBrowse
                              • 210.99.252.117
                              Kloki.arm4.elfGet hashmaliciousMiraiBrowse
                              • 210.99.26.244
                              ppc.elfGet hashmaliciousUnknownBrowse
                              • 210.99.50.186
                              spc.elfGet hashmaliciousUnknownBrowse
                              • 210.99.26.121
                              x86_64.elfGet hashmaliciousUnknownBrowse
                              • 210.99.56.147
                              arm5.elfGet hashmaliciousUnknownBrowse
                              • 210.99.27.225
                              KIXS-AS-KRKoreaTelecomKRKloki.arm7.elfGet hashmaliciousMiraiBrowse
                              • 210.99.207.252
                              Kloki.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 210.99.78.183
                              Kloki.ppc.elfGet hashmaliciousMiraiBrowse
                              • 210.99.222.217
                              Kloki.spc.elfGet hashmaliciousUnknownBrowse
                              • 210.99.222.86
                              Kloki.mips.elfGet hashmaliciousMiraiBrowse
                              • 210.99.235.154
                              Kloki.arm5.elfGet hashmaliciousMiraiBrowse
                              • 210.99.77.3
                              Kloki.arm4.elfGet hashmaliciousMiraiBrowse
                              • 210.99.83.44
                              Fantazy.i686.elfGet hashmaliciousUnknownBrowse
                              • 14.37.185.220
                              Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                              • 115.10.35.0
                              Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                              • 222.118.184.250
                              KIXS-AS-KRKoreaTelecomKRKloki.arm7.elfGet hashmaliciousMiraiBrowse
                              • 210.99.207.252
                              Kloki.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 210.99.78.183
                              Kloki.ppc.elfGet hashmaliciousMiraiBrowse
                              • 210.99.222.217
                              Kloki.spc.elfGet hashmaliciousUnknownBrowse
                              • 210.99.222.86
                              Kloki.mips.elfGet hashmaliciousMiraiBrowse
                              • 210.99.235.154
                              Kloki.arm5.elfGet hashmaliciousMiraiBrowse
                              • 210.99.77.3
                              Kloki.arm4.elfGet hashmaliciousMiraiBrowse
                              • 210.99.83.44
                              Fantazy.i686.elfGet hashmaliciousUnknownBrowse
                              • 14.37.185.220
                              Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                              • 115.10.35.0
                              Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                              • 222.118.184.250

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              /tmp/qemu-open.3DOowU (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):293
                              Entropy (8bit):3.5625157751674723
                              Encrypted:false
                              SSDEEP:6:Ygg2XqKISY/V8a2XgKUY/VfKoO/VNfiY/VH:YgPqKv9V9Al
                              MD5:93CAF4EA7D005ACBCEB19D23B94A8E2E
                              SHA1:5A22CDB46D5963BD3D4C8E5E9D9B4D62968066A8
                              SHA-256:FC3981B68ECB6BBB1B86DD75B6D31367468402F098AC6D1CB0A75C731FC13EA2
                              SHA-512:45814C110AE579AD244AEBC889B22F73479A8E29FA7CC144B7FDBE12F30CA9341C2AAB6C143FD6F7EEB387B39B10DE096DA26D0575A635750B72511A42A150D0
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/Kloki.m68k.elf.80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/Kloki.m68k.elf.80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.B55rtp (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.EMiOUm (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.LJwdRp (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.NNJoqU (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):293
                              Entropy (8bit):3.5625157751674723
                              Encrypted:false
                              SSDEEP:6:Ygg2XqKISY/V8a2XgKUY/VfKoO/VNfiY/VH:YgPqKv9V9Al
                              MD5:93CAF4EA7D005ACBCEB19D23B94A8E2E
                              SHA1:5A22CDB46D5963BD3D4C8E5E9D9B4D62968066A8
                              SHA-256:FC3981B68ECB6BBB1B86DD75B6D31367468402F098AC6D1CB0A75C731FC13EA2
                              SHA-512:45814C110AE579AD244AEBC889B22F73479A8E29FA7CC144B7FDBE12F30CA9341C2AAB6C143FD6F7EEB387B39B10DE096DA26D0575A635750B72511A42A150D0
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/Kloki.m68k.elf.80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/Kloki.m68k.elf.80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.SxlPbq (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.WAO2yn (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.WguLOn (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.XEdW5p (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.XR4xZq (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Reputation:low
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.iWEm8n (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.j2Xzcn (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.jieOdn (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.oMbWvq (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.pZ0goq (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.thxSfp (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              /tmp/qemu-open.vjvE6p (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):61
                              Entropy (8bit):3.1545915359543995
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+0:Ygg20
                              MD5:5C5B1219B55762A961E78FD9E398C74B
                              SHA1:FDED6A25BC90A6A844152921ECDE20C5FCB21197
                              SHA-256:06E8D6991F09FCBBAC998182F0D5211B4B700F88C5486C345E68C417860A212A
                              SHA-512:BC7DBD3057CF10CBDFDC375089C782CCD682BF94F3927AFFB3135067C634168311D890441AD1727DB598498355C2019AF5D8CF4E97B3F4074332EEB7349F75A3
                              Malicious:false
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..

                              /tmp/qemu-open.xkzutp (deleted)

                              Download File
                              Process:/tmp/Kloki.m68k.elf
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):267
                              Entropy (8bit):3.233490537955532
                              Encrypted:false
                              SSDEEP:3:FVwdVvYX9FQWUT+erXOXSY/VXM3FQWUT+eBRXSY/VVdf/FVXKfwuv/VVdf/FVUMd:Ygg2EISY/V8a2OUY/VfKoO/VNfiY/VH
                              MD5:AF7CD67A50AD7996D302BBB649986B1F
                              SHA1:BB5B2FD76B463E5B768DB8CB8FCCAA6FD3D2FA4C
                              SHA-256:BC9C214D0906D31D204DC502EDEFE78BF97B790F74C49EC72829D6FC4218F873
                              SHA-512:DB2E7793BEB01A26A40612C605789CDC81687A677B9F4683B2759B71A503272EB43C04F08BE2AC292DA67EC1F7670A645DFF7A0A1E6334F319F7ED7056C3D783
                              Malicious:false
                              Preview:80000000-80022000 r-xp 00000000 fd:00 531601 /tmp/..80023000-80029000 rw-p 00021000 fd:00 531601 /tmp/..80029000-8002f000 rw-p 00000000 00:00 0 .ff7fe000-ff7ff000 ---p 00000000 00:00 0 .ff7ff000-fffff000 rw-p 00000000 00:00 0 [stack].

                              Static File Info

                              General

                              File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                              Entropy (8bit):5.739698633354
                              TrID:
                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                              File name:Kloki.m68k.elf
                              File size:157'344 bytes
                              MD5:b7d6c1ca193fee24d9a386474f15a7d2
                              SHA1:60a713edd561452c5b97c999f0a8f977ac981e1f
                              SHA256:6e15ca0d44f9755e25d43b727e0f955dc8fc8047db4d0fc8c180a7f1f75a7adb
                              SHA512:8bf6ebb2930ed2b7b9a4b789d15b7e876d864f5ae083632d0931478785575640b7440b0ed927b565faca69bb19d01f31226d42fdd463f172a11e892cafe6b9e6
                              SSDEEP:3072:oxymB42S8PghoYYYdJONJ0WGpyH9VsjbijLgK+AhcyVHNXH:AH7YdJO70pyHtL1cyVdH
                              TLSH:3AF33AC7F800CDBDF80AE73A48130909B130BB9555924B377257797BED3A1D90A6BE86
                              File Content Preview:.ELF.......................D...4..e......4. ...(.......................>...>...... ........D..<D..<D..H........... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y..<d QJ.g.X.#...<dN."y..<d QJ.f.A.....J.g.Hy...@N.X.........N^NuNV..N^NuN

                              Static ELF Info

                              ELF header

                              Class:ELF32
                              Data:2's complement, big endian
                              Version:1 (current)
                              Machine:MC68000
                              Version Number:0x1
                              Type:EXEC (Executable file)
                              OS/ABI:UNIX - System V
                              ABI Version:0
                              Entry Point Address:0x80000144
                              Flags:0x0
                              ELF Header Size:52
                              Program Header Offset:52
                              Program Header Size:32
                              Number of Program Headers:3
                              Section Header Offset:156944
                              Section Header Size:40
                              Number of Section Headers:10
                              Header String Table Index:9

                              Sections

                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                              NULL0x00x00x00x00x0000
                              .initPROGBITS0x800000940x940x140x00x6AX002
                              .textPROGBITS0x800000a80xa80x1fcb60x00x6AX004
                              .finiPROGBITS0x8001fd5e0x1fd5e0xe0x00x6AX002
                              .rodataPROGBITS0x8001fd6c0x1fd6c0x1ed20x00x2A002
                              .ctorsPROGBITS0x80023c440x21c440xc0x00x3WA004
                              .dtorsPROGBITS0x80023c500x21c500x80x00x3WA004
                              .dataPROGBITS0x80023c600x21c600x48700x00x3WA0032
                              .bssNOBITS0x800284d00x264d00x555c0x00x3WA004
                              .shstrtabSTRTAB0x00x264d00x3e0x00x0001

                              Program Segments

                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                              LOAD0x00x800000000x800000000x21c3e0x21c3e6.15780x5R E0x2000.init .text .fini .rodata
                              LOAD0x21c440x80023c440x80023c440x488c0x9de80.36250x6RW 0x2000.ctors .dtors .data .bss
                              GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 4, 2025 09:31:25.138060093 CET4022813566192.168.2.13210.99.87.190
                              Jan 4, 2025 09:31:25.142337084 CET5891213566192.168.2.13210.99.148.158
                              Jan 4, 2025 09:31:25.142869949 CET1356640228210.99.87.190192.168.2.13
                              Jan 4, 2025 09:31:25.142925978 CET4022813566192.168.2.13210.99.87.190
                              Jan 4, 2025 09:31:25.145092964 CET4062413566192.168.2.13210.99.180.66
                              Jan 4, 2025 09:31:25.147259951 CET1356658912210.99.148.158192.168.2.13
                              Jan 4, 2025 09:31:25.147315979 CET5891213566192.168.2.13210.99.148.158
                              Jan 4, 2025 09:31:25.148220062 CET3866613566192.168.2.13210.99.9.28
                              Jan 4, 2025 09:31:25.149903059 CET1356640624210.99.180.66192.168.2.13
                              Jan 4, 2025 09:31:25.149941921 CET4062413566192.168.2.13210.99.180.66
                              Jan 4, 2025 09:31:25.150722027 CET5004013566192.168.2.13210.99.99.236
                              Jan 4, 2025 09:31:25.152962923 CET1356638666210.99.9.28192.168.2.13
                              Jan 4, 2025 09:31:25.152996063 CET3866613566192.168.2.13210.99.9.28
                              Jan 4, 2025 09:31:25.154292107 CET3877413566192.168.2.13210.99.202.63
                              Jan 4, 2025 09:31:25.155536890 CET1356650040210.99.99.236192.168.2.13
                              Jan 4, 2025 09:31:25.155579090 CET5004013566192.168.2.13210.99.99.236
                              Jan 4, 2025 09:31:25.156503916 CET4720413566192.168.2.13210.99.252.119
                              Jan 4, 2025 09:31:25.159091949 CET1356638774210.99.202.63192.168.2.13
                              Jan 4, 2025 09:31:25.159147024 CET3877413566192.168.2.13210.99.202.63
                              Jan 4, 2025 09:31:25.159288883 CET5842813566192.168.2.13210.99.200.85
                              Jan 4, 2025 09:31:25.161290884 CET1356647204210.99.252.119192.168.2.13
                              Jan 4, 2025 09:31:25.161333084 CET4720413566192.168.2.13210.99.252.119
                              Jan 4, 2025 09:31:25.161891937 CET4327213566192.168.2.13210.99.107.58
                              Jan 4, 2025 09:31:25.164043903 CET1356658428210.99.200.85192.168.2.13
                              Jan 4, 2025 09:31:25.164089918 CET5842813566192.168.2.13210.99.200.85
                              Jan 4, 2025 09:31:25.164731979 CET5891813566192.168.2.13210.99.172.106
                              Jan 4, 2025 09:31:25.166716099 CET1356643272210.99.107.58192.168.2.13
                              Jan 4, 2025 09:31:25.166758060 CET4327213566192.168.2.13210.99.107.58
                              Jan 4, 2025 09:31:25.167180061 CET4410213566192.168.2.13210.99.205.144
                              Jan 4, 2025 09:31:25.169465065 CET1356658918210.99.172.106192.168.2.13
                              Jan 4, 2025 09:31:25.169500113 CET5891813566192.168.2.13210.99.172.106
                              Jan 4, 2025 09:31:25.170073986 CET4986613566192.168.2.13210.99.97.54
                              Jan 4, 2025 09:31:25.171989918 CET1356644102210.99.205.144192.168.2.13
                              Jan 4, 2025 09:31:25.172024965 CET4410213566192.168.2.13210.99.205.144
                              Jan 4, 2025 09:31:25.172816038 CET4440413566192.168.2.13210.99.163.69
                              Jan 4, 2025 09:31:25.174839973 CET1356649866210.99.97.54192.168.2.13
                              Jan 4, 2025 09:31:25.174875021 CET4986613566192.168.2.13210.99.97.54
                              Jan 4, 2025 09:31:25.176003933 CET3612613566192.168.2.13210.99.237.45
                              Jan 4, 2025 09:31:25.177598953 CET1356644404210.99.163.69192.168.2.13
                              Jan 4, 2025 09:31:25.177638054 CET4440413566192.168.2.13210.99.163.69
                              Jan 4, 2025 09:31:25.178483963 CET5568413566192.168.2.13210.99.207.221
                              Jan 4, 2025 09:31:25.180820942 CET1356636126210.99.237.45192.168.2.13
                              Jan 4, 2025 09:31:25.180885077 CET3612613566192.168.2.13210.99.237.45
                              Jan 4, 2025 09:31:25.181782007 CET3767813566192.168.2.13210.99.82.38
                              Jan 4, 2025 09:31:25.183221102 CET1356655684210.99.207.221192.168.2.13
                              Jan 4, 2025 09:31:25.183268070 CET5568413566192.168.2.13210.99.207.221
                              Jan 4, 2025 09:31:25.184417963 CET5704213566192.168.2.13210.99.155.230
                              Jan 4, 2025 09:31:25.186517954 CET1356637678210.99.82.38192.168.2.13
                              Jan 4, 2025 09:31:25.186606884 CET3767813566192.168.2.13210.99.82.38
                              Jan 4, 2025 09:31:25.187302113 CET5459213566192.168.2.13210.99.196.79
                              Jan 4, 2025 09:31:25.189147949 CET1356657042210.99.155.230192.168.2.13
                              Jan 4, 2025 09:31:25.189178944 CET5704213566192.168.2.13210.99.155.230
                              Jan 4, 2025 09:31:25.189578056 CET6004213566192.168.2.13210.99.41.205
                              Jan 4, 2025 09:31:25.192099094 CET1356654592210.99.196.79192.168.2.13
                              Jan 4, 2025 09:31:25.192147970 CET5459213566192.168.2.13210.99.196.79
                              Jan 4, 2025 09:31:25.192418098 CET4358013566192.168.2.13210.99.107.140
                              Jan 4, 2025 09:31:25.194356918 CET1356660042210.99.41.205192.168.2.13
                              Jan 4, 2025 09:31:25.194396973 CET6004213566192.168.2.13210.99.41.205
                              Jan 4, 2025 09:31:25.194854975 CET3887613566192.168.2.13210.99.185.53
                              Jan 4, 2025 09:31:25.197194099 CET1356643580210.99.107.140192.168.2.13
                              Jan 4, 2025 09:31:25.197235107 CET4358013566192.168.2.13210.99.107.140
                              Jan 4, 2025 09:31:25.197900057 CET5645813566192.168.2.13210.99.203.182
                              Jan 4, 2025 09:31:25.199606895 CET1356638876210.99.185.53192.168.2.13
                              Jan 4, 2025 09:31:25.199641943 CET3887613566192.168.2.13210.99.185.53
                              Jan 4, 2025 09:31:25.200562000 CET3759413566192.168.2.13210.99.173.147
                              Jan 4, 2025 09:31:25.202698946 CET1356656458210.99.203.182192.168.2.13
                              Jan 4, 2025 09:31:25.202740908 CET5645813566192.168.2.13210.99.203.182
                              Jan 4, 2025 09:31:25.203330994 CET5365613566192.168.2.13210.99.11.24
                              Jan 4, 2025 09:31:25.205341101 CET1356637594210.99.173.147192.168.2.13
                              Jan 4, 2025 09:31:25.205383062 CET3759413566192.168.2.13210.99.173.147
                              Jan 4, 2025 09:31:25.205670118 CET5945013566192.168.2.13210.99.205.184
                              Jan 4, 2025 09:31:25.208065987 CET1356653656210.99.11.24192.168.2.13
                              Jan 4, 2025 09:31:25.208108902 CET5365613566192.168.2.13210.99.11.24
                              Jan 4, 2025 09:31:25.208673000 CET4922213566192.168.2.13210.99.130.155
                              Jan 4, 2025 09:31:25.210408926 CET1356659450210.99.205.184192.168.2.13
                              Jan 4, 2025 09:31:25.210453033 CET5945013566192.168.2.13210.99.205.184
                              Jan 4, 2025 09:31:25.211123943 CET3578213566192.168.2.13210.99.72.228
                              Jan 4, 2025 09:31:25.213447094 CET1356649222210.99.130.155192.168.2.13
                              Jan 4, 2025 09:31:25.213485003 CET4922213566192.168.2.13210.99.130.155
                              Jan 4, 2025 09:31:25.214296103 CET5264413566192.168.2.13210.99.209.235
                              Jan 4, 2025 09:31:25.215924025 CET1356635782210.99.72.228192.168.2.13
                              Jan 4, 2025 09:31:25.215990067 CET3578213566192.168.2.13210.99.72.228
                              Jan 4, 2025 09:31:25.217133999 CET5789213566192.168.2.13210.99.41.190
                              Jan 4, 2025 09:31:25.219079018 CET1356652644210.99.209.235192.168.2.13
                              Jan 4, 2025 09:31:25.219114065 CET5264413566192.168.2.13210.99.209.235
                              Jan 4, 2025 09:31:25.219923973 CET5432813566192.168.2.13210.99.25.249
                              Jan 4, 2025 09:31:25.221935987 CET3832013566192.168.2.13210.99.155.107
                              Jan 4, 2025 09:31:25.221982956 CET1356657892210.99.41.190192.168.2.13
                              Jan 4, 2025 09:31:25.222040892 CET5789213566192.168.2.13210.99.41.190
                              Jan 4, 2025 09:31:25.223690033 CET3528813566192.168.2.13210.99.31.54
                              Jan 4, 2025 09:31:25.224684000 CET1356654328210.99.25.249192.168.2.13
                              Jan 4, 2025 09:31:25.224719048 CET5432813566192.168.2.13210.99.25.249
                              Jan 4, 2025 09:31:25.225626945 CET4329413566192.168.2.13210.99.81.228
                              Jan 4, 2025 09:31:25.226690054 CET1356638320210.99.155.107192.168.2.13
                              Jan 4, 2025 09:31:25.226725101 CET3832013566192.168.2.13210.99.155.107
                              Jan 4, 2025 09:31:25.227428913 CET4265813566192.168.2.13210.99.133.122
                              Jan 4, 2025 09:31:25.228503942 CET1356635288210.99.31.54192.168.2.13
                              Jan 4, 2025 09:31:25.228533983 CET3528813566192.168.2.13210.99.31.54
                              Jan 4, 2025 09:31:25.229429960 CET5612813566192.168.2.13210.99.177.240
                              Jan 4, 2025 09:31:25.230366945 CET1356643294210.99.81.228192.168.2.13
                              Jan 4, 2025 09:31:25.230401039 CET4329413566192.168.2.13210.99.81.228
                              Jan 4, 2025 09:31:25.231071949 CET3830813566192.168.2.13210.99.6.107
                              Jan 4, 2025 09:31:25.232232094 CET1356642658210.99.133.122192.168.2.13
                              Jan 4, 2025 09:31:25.232270002 CET4265813566192.168.2.13210.99.133.122
                              Jan 4, 2025 09:31:25.232938051 CET4863013566192.168.2.13210.99.38.210
                              Jan 4, 2025 09:31:25.234225988 CET1356656128210.99.177.240192.168.2.13
                              Jan 4, 2025 09:31:25.234267950 CET5612813566192.168.2.13210.99.177.240
                              Jan 4, 2025 09:31:25.234544992 CET5206013566192.168.2.13210.99.33.211
                              Jan 4, 2025 09:31:25.235804081 CET1356638308210.99.6.107192.168.2.13
                              Jan 4, 2025 09:31:25.235841990 CET3830813566192.168.2.13210.99.6.107
                              Jan 4, 2025 09:31:25.236442089 CET4703413566192.168.2.13210.99.101.44
                              Jan 4, 2025 09:31:25.237689972 CET1356648630210.99.38.210192.168.2.13
                              Jan 4, 2025 09:31:25.237725019 CET4863013566192.168.2.13210.99.38.210
                              Jan 4, 2025 09:31:25.238285065 CET5260213566192.168.2.13210.99.235.51
                              Jan 4, 2025 09:31:25.239315987 CET1356652060210.99.33.211192.168.2.13
                              Jan 4, 2025 09:31:25.239356995 CET5206013566192.168.2.13210.99.33.211
                              Jan 4, 2025 09:31:25.240113020 CET3957013566192.168.2.13210.99.228.110
                              Jan 4, 2025 09:31:25.241161108 CET1356647034210.99.101.44192.168.2.13
                              Jan 4, 2025 09:31:25.241245985 CET4703413566192.168.2.13210.99.101.44
                              Jan 4, 2025 09:31:25.243062019 CET1356652602210.99.235.51192.168.2.13
                              Jan 4, 2025 09:31:25.243098021 CET5260213566192.168.2.13210.99.235.51
                              Jan 4, 2025 09:31:25.244873047 CET1356639570210.99.228.110192.168.2.13
                              Jan 4, 2025 09:31:25.244914055 CET3957013566192.168.2.13210.99.228.110
                              Jan 4, 2025 09:31:25.293833971 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:31:25.298618078 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:31:25.298661947 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:31:25.300765991 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:31:25.305542946 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:31:25.305583000 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:31:25.310339928 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:31:35.311047077 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:31:35.316195011 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:31:35.512420893 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:31:35.512486935 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:31:35.872610092 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:31:35.872670889 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:32:35.895504951 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:32:35.900362968 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:32:36.097126961 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:32:36.097203016 CET4274413566192.168.2.1383.222.191.90
                              Jan 4, 2025 09:32:36.872606993 CET135664274483.222.191.90192.168.2.13
                              Jan 4, 2025 09:32:36.872661114 CET4274413566192.168.2.1383.222.191.90

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 4, 2025 09:31:25.248163939 CET4134153192.168.2.138.8.8.8
                              Jan 4, 2025 09:31:25.254936934 CET53413418.8.8.8192.168.2.13
                              Jan 4, 2025 09:31:25.256943941 CET5803953192.168.2.138.8.8.8
                              Jan 4, 2025 09:31:25.263782024 CET53580398.8.8.8192.168.2.13
                              Jan 4, 2025 09:31:25.265738964 CET4400153192.168.2.138.8.8.8
                              Jan 4, 2025 09:31:25.273771048 CET53440018.8.8.8192.168.2.13
                              Jan 4, 2025 09:31:25.276839018 CET5787653192.168.2.138.8.8.8
                              Jan 4, 2025 09:31:25.283684969 CET53578768.8.8.8192.168.2.13
                              Jan 4, 2025 09:31:25.285747051 CET3849753192.168.2.138.8.8.8
                              Jan 4, 2025 09:31:25.292725086 CET53384978.8.8.8192.168.2.13

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Jan 4, 2025 09:31:25.248163939 CET192.168.2.138.8.8.80x4375Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                              Jan 4, 2025 09:31:25.256943941 CET192.168.2.138.8.8.80x4375Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                              Jan 4, 2025 09:31:25.265738964 CET192.168.2.138.8.8.80x4375Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                              Jan 4, 2025 09:31:25.276839018 CET192.168.2.138.8.8.80x4375Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false
                              Jan 4, 2025 09:31:25.285747051 CET192.168.2.138.8.8.80x4375Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Jan 4, 2025 09:31:25.254936934 CET8.8.8.8192.168.2.130x4375Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                              Jan 4, 2025 09:31:25.263782024 CET8.8.8.8192.168.2.130x4375Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                              Jan 4, 2025 09:31:25.273771048 CET8.8.8.8192.168.2.130x4375Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                              Jan 4, 2025 09:31:25.283684969 CET8.8.8.8192.168.2.130x4375Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false
                              Jan 4, 2025 09:31:25.292725086 CET8.8.8.8192.168.2.130x4375Name error (3)secure-network-rebirthltd.runonenoneA (IP address)IN (0x0001)false

                              System Behavior

                              General

                              Start time (UTC):08:31:22
                              Start date (UTC):04/01/2025
                              Path:/tmp/Kloki.m68k.elf
                              Arguments:/tmp/Kloki.m68k.elf
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              Chronological Activities


                              General

                              Start time (UTC):08:31:22
                              Start date (UTC):04/01/2025
                              Path:/tmp/Kloki.m68k.elf
                              Arguments:-
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              Chronological Activities


                              General

                              Start time (UTC):08:31:22
                              Start date (UTC):04/01/2025
                              Path:/tmp/Kloki.m68k.elf
                              Arguments:-
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              Chronological Activities


                              General

                              Start time (UTC):08:31:23
                              Start date (UTC):04/01/2025
                              Path:/tmp/Kloki.m68k.elf
                              Arguments:-
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              Chronological Activities


                              General

                              Start time (UTC):08:31:24
                              Start date (UTC):04/01/2025
                              Path:/tmp/Kloki.m68k.elf
                              Arguments:-
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              Chronological Activities