Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Kloki.spc.elf

Overview

General Information

Sample name:Kloki.spc.elf
Analysis ID:1586168
MD5:a72465eba9e4ff86f1b35a4951660124
SHA1:d9348f8c5bdfc9e00f6364a3a8683d2ea90a5be9
SHA256:03d0cc1607db3d49d7658c9f00e097a2f03b5d3ba682f0454777acc7f5e189d1
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1586168
Start date and time:2025-01-08 19:45:56 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 58s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.spc.elf
Detection:MAL
Classification:mal60.spre.linELF@0/0@1/0

Warnings

  • VT rate limit hit for: Kloki.spc.elf

Runtime Messages

Command:/tmp/Kloki.spc.elf
PID:5472
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 5481, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • sh (PID: 5500, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5500, Parent: 1588, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 5502, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5502, Parent: 1588, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • sh (PID: 5503, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • gnome-shell (PID: 5503, Parent: 1588, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • gdm3 New Fork (PID: 5504, Parent: 1400)
  • Default (PID: 5504, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5508, Parent: 1400)
  • Default (PID: 5508, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5514, Parent: 1)
  • systemd-user-runtime-dir (PID: 5514, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-08T19:47:02.341594+010025000362Misc Attack83.222.191.9013566192.168.2.1342774TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Kloki.spc.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: Kloki.spc.elfReversingLabs: Detection: 28%
Source: Kloki.spc.elfString: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillkillallechowgetcurlpsbusyboxiptablesrebootinitinit 6catgrepshbash
Source: global trafficTCP traffic: 192.168.2.13:37720 -> 83.222.250.57:13566
Source: global trafficTCP traffic: 192.168.2.13:38042 -> 83.222.232.99:13566
Source: global trafficTCP traffic: 192.168.2.13:50000 -> 83.222.22.67:13566
Source: global trafficTCP traffic: 192.168.2.13:60022 -> 83.222.103.225:13566
Source: global trafficTCP traffic: 192.168.2.13:43840 -> 83.222.41.233:13566
Source: global trafficTCP traffic: 192.168.2.13:47684 -> 83.222.225.208:13566
Source: global trafficTCP traffic: 192.168.2.13:39006 -> 83.222.33.179:13566
Source: global trafficTCP traffic: 192.168.2.13:48448 -> 83.222.89.105:13566
Source: global trafficTCP traffic: 192.168.2.13:44368 -> 83.222.125.205:13566
Source: global trafficTCP traffic: 192.168.2.13:33332 -> 83.222.89.20:13566
Source: global trafficTCP traffic: 192.168.2.13:49408 -> 83.222.101.184:13566
Source: global trafficTCP traffic: 192.168.2.13:46876 -> 83.222.65.247:13566
Source: global trafficTCP traffic: 192.168.2.13:51394 -> 83.222.161.76:13566
Source: global trafficTCP traffic: 192.168.2.13:60276 -> 83.222.155.93:13566
Source: global trafficTCP traffic: 192.168.2.13:40544 -> 83.222.211.212:13566
Source: global trafficTCP traffic: 192.168.2.13:34042 -> 83.222.54.205:13566
Source: global trafficTCP traffic: 192.168.2.13:49768 -> 83.222.13.30:13566
Source: global trafficTCP traffic: 192.168.2.13:35238 -> 83.222.48.35:13566
Source: global trafficTCP traffic: 192.168.2.13:53782 -> 83.222.97.151:13566
Source: global trafficTCP traffic: 192.168.2.13:57654 -> 83.222.4.138:13566
Source: global trafficTCP traffic: 192.168.2.13:47654 -> 83.222.129.230:13566
Source: global trafficTCP traffic: 192.168.2.13:49744 -> 83.222.90.162:13566
Source: global trafficTCP traffic: 192.168.2.13:60744 -> 83.222.153.179:13566
Source: global trafficTCP traffic: 192.168.2.13:37344 -> 83.222.12.23:13566
Source: global trafficTCP traffic: 192.168.2.13:36624 -> 83.222.129.101:13566
Source: global trafficTCP traffic: 192.168.2.13:59938 -> 83.222.43.230:13566
Source: global trafficTCP traffic: 192.168.2.13:60960 -> 83.222.29.108:13566
Source: global trafficTCP traffic: 192.168.2.13:54158 -> 83.222.222.190:13566
Source: global trafficTCP traffic: 192.168.2.13:47848 -> 83.222.185.121:13566
Source: global trafficTCP traffic: 192.168.2.13:58574 -> 83.222.28.140:13566
Source: global trafficTCP traffic: 192.168.2.13:46546 -> 83.222.77.82:13566
Source: global trafficTCP traffic: 192.168.2.13:38754 -> 83.222.89.90:13566
Source: global trafficTCP traffic: 192.168.2.13:35166 -> 83.222.112.137:13566
Source: global trafficTCP traffic: 192.168.2.13:41846 -> 83.222.126.209:13566
Source: global trafficTCP traffic: 192.168.2.13:42672 -> 83.222.32.130:13566
Source: global trafficTCP traffic: 192.168.2.13:55788 -> 83.222.91.161:13566
Source: global trafficTCP traffic: 192.168.2.13:51190 -> 83.222.104.181:13566
Source: global trafficTCP traffic: 192.168.2.13:56636 -> 83.222.68.2:13566
Source: global trafficTCP traffic: 192.168.2.13:34444 -> 83.222.104.80:13566
Source: global trafficTCP traffic: 192.168.2.13:42902 -> 83.222.25.233:13566
Source: global trafficTCP traffic: 192.168.2.13:49104 -> 83.222.181.68:13566
Source: global trafficTCP traffic: 192.168.2.13:54940 -> 83.222.208.210:13566
Source: global trafficTCP traffic: 192.168.2.13:44086 -> 83.222.176.174:13566
Source: global trafficTCP traffic: 192.168.2.13:47872 -> 83.222.145.105:13566
Source: global trafficTCP traffic: 192.168.2.13:59540 -> 83.222.39.173:13566
Source: global trafficTCP traffic: 192.168.2.13:42120 -> 83.222.245.116:13566
Source: global trafficTCP traffic: 192.168.2.13:35824 -> 83.222.255.78:13566
Source: global trafficTCP traffic: 192.168.2.13:55768 -> 83.222.206.111:13566
Source: global trafficTCP traffic: 192.168.2.13:34236 -> 83.222.215.76:13566
Source: global trafficTCP traffic: 192.168.2.13:51046 -> 83.222.64.248:13566
Source: global trafficTCP traffic: 192.168.2.13:50602 -> 83.222.207.155:13566
Source: global trafficTCP traffic: 192.168.2.13:47608 -> 83.222.153.55:13566
Source: global trafficTCP traffic: 192.168.2.13:47134 -> 83.222.80.221:13566
Source: global trafficTCP traffic: 192.168.2.13:42774 -> 83.222.191.90:13566
Source: /tmp/Kloki.spc.elf (PID: 5472)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500036 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 19 : 83.222.191.90:13566 -> 192.168.2.13:42774
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.250.57
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.250.57
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.232.99
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.232.99
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.232.99
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.22.67
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.232.99
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.22.67
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.22.67
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.22.67
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.103.225
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.41.233
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.103.225
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.41.233
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.208
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.208
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.208
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.33.179
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.89.105
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.225.208
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.125.205
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.33.179
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.89.20
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.89.105
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.125.205
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.101.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.89.20
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.65.247
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.101.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.161.76
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.65.247
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.155.93
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.161.76
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.155.93
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.211.212
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.54.205
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.211.212
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.13.30
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.54.205
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.48.35
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.13.30
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.97.151
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.4.138
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.48.35
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.129.230
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.97.151
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.90.162
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.4.138
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.129.230
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.153.179
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru

System Summary

barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 3442, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5457, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5481, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5500, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5502, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5503, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5504, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillkillallechowgetcurlpsbusyboxiptablesrebootinitinit 6catgrepshbash
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 3442, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5457, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5481, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5500, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5502, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5503, result: successfulJump to behavior
Source: /tmp/Kloki.spc.elf (PID: 5478)SIGKILL sent: pid: 5504, result: successfulJump to behavior
Source: classification engineClassification label: mal60.spre.linELF@0/0@1/0
Source: /tmp/Kloki.spc.elf (PID: 5472)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.spc.elf, 5472.1.00005636b8248000.00005636b82d2000.rw-.sdmp, Kloki.spc.elf, 5477.1.00005636b8248000.00005636b82d2000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
Source: Kloki.spc.elf, 5472.1.00007ffee26ec000.00007ffee270d000.rw-.sdmp, Kloki.spc.elf, 5477.1.00007ffee26ec000.00007ffee270d000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/Kloki.spc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.spc.elf
Source: Kloki.spc.elf, 5472.1.00005636b8248000.00005636b82d2000.rw-.sdmp, Kloki.spc.elf, 5477.1.00005636b8248000.00005636b82d2000.rw-.sdmpBinary or memory string: 6V!/etc/qemu-binfmt/sparc
Source: Kloki.spc.elf, 5472.1.00007ffee26ec000.00007ffee270d000.rw-.sdmp, Kloki.spc.elf, 5477.1.00007ffee26ec000.00007ffee270d000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586168 Sample: Kloki.spc.elf Startdate: 08/01/2025 Architecture: LINUX Score: 60 23 83.222.125.205, 13566, 44368 TRI-ASTrueRecordsIncES Russian Federation 2->23 25 83.222.126.209, 13566, 41846 TRI-ASTrueRecordsIncES Russian Federation 2->25 27 52 other IPs or domains 2->27 31 Antivirus / Scanner detection for submitted sample 2->31 33 Multi AV Scanner detection for submitted file 2->33 8 Kloki.spc.elf 2->8         started        10 gnome-session-binary sh gsd-print-notifications 2->10         started        12 gnome-session-binary sh gsd-rfkill 2->12         started        14 5 other processes 2->14 signatures3 process4 process5 16 Kloki.spc.elf 8->16         started        process6 18 Kloki.spc.elf 16->18         started        21 Kloki.spc.elf 16->21         started        signatures7 29 Sample tries to kill multiple processes (SIGKILL) 18->29

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kloki.spc.elf29%ReversingLabsLinux.Backdoor.Mirai
Kloki.spc.elf100%AviraEXP/ELF.Mirai.W

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.89.20
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.232.99
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.65.247
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.77.82
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.215.76
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.129.230
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.90.162
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.97.151
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.64.248
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.176.174
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.32.130
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.222.190
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.29.108
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.101.184
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.54.205
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.206.111
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.89.105
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.28.140
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.145.105
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.129.101
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.207.155
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.25.233
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.4.138
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.103.225
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.155.93
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.33.179
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.80.221
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.250.57
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.43.230
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.48.35
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.126.209
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.153.179
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.185.121
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.22.67
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.208.210
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.255.78
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.41.233
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.12.23
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.125.205
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.13.30
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.104.181
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.68.2
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.161.76
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.39.173
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.91.161
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.89.90
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.181.68
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.104.80
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.112.137
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.211.212
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.245.116
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.225.208
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.153.55
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    secure-network-rebirthltd.ruKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.64.159
    skid.x86.elfGet hashmaliciousMoobotBrowse
    • 83.222.64.191
    XfUkJyh9A3.elfGet hashmaliciousMiraiBrowse
    • 37.209.228.199
    nSQgTX0uEc.dllGet hashmaliciousWannacryBrowse
    • 213.141.249.89
    e7N7Kz9BarGet hashmaliciousUnknownBrowse
    • 37.209.226.155
    G2JJHi7jyhGet hashmaliciousMiraiBrowse
    • 212.75.151.147
    KiDRFl2BaNGet hashmaliciousMiraiBrowse
    • 212.75.129.46
    UbjnMZrdW8Get hashmaliciousMiraiBrowse
    • 37.209.228.197
    vEjGHdNRFjGet hashmaliciousGafgyt MiraiBrowse
    • 37.209.228.196
    6LmZoebUdAGet hashmaliciousMiraiBrowse
    • 37.209.236.25
    COGECO-PEER1CAKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.237.30
    http://plnbl.io/review/VdCYQSoKp54zGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.194
    miori.sh4.elfGet hashmaliciousUnknownBrowse
    • 209.35.191.178
    https://bawarq.org/r.php?id=YoExsdlTj9ej3sIxs1X7aZn3DzYWS8OQ2Get hashmaliciousUnknownBrowse
    • 162.254.38.37
    Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
    • 69.90.254.78
    https://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.194
    https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.35
    armv4l.elfGet hashmaliciousUnknownBrowse
    • 176.74.182.119
    fuckunix.x86.elfGet hashmaliciousMiraiBrowse
    • 69.90.30.210
    Fantazy.x86.elfGet hashmaliciousUnknownBrowse
    • 72.51.27.59
    ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUKloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.64.159
    skid.x86.elfGet hashmaliciousMoobotBrowse
    • 83.222.64.191
    XfUkJyh9A3.elfGet hashmaliciousMiraiBrowse
    • 37.209.228.199
    nSQgTX0uEc.dllGet hashmaliciousWannacryBrowse
    • 213.141.249.89
    e7N7Kz9BarGet hashmaliciousUnknownBrowse
    • 37.209.226.155
    G2JJHi7jyhGet hashmaliciousMiraiBrowse
    • 212.75.151.147
    KiDRFl2BaNGet hashmaliciousMiraiBrowse
    • 212.75.129.46
    UbjnMZrdW8Get hashmaliciousMiraiBrowse
    • 37.209.228.197
    vEjGHdNRFjGet hashmaliciousGafgyt MiraiBrowse
    • 37.209.228.196
    6LmZoebUdAGet hashmaliciousMiraiBrowse
    • 37.209.236.25

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
    Entropy (8bit):6.03148104046998
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:Kloki.spc.elf
    File size:66'920 bytes
    MD5:a72465eba9e4ff86f1b35a4951660124
    SHA1:d9348f8c5bdfc9e00f6364a3a8683d2ea90a5be9
    SHA256:03d0cc1607db3d49d7658c9f00e097a2f03b5d3ba682f0454777acc7f5e189d1
    SHA512:5cbd96950633996d0c1b55b9b1ae86bf4d2498863f00bab1b4ad7eea402e29be7f50148f5b2000fadd898da4a7dc1090c1d68057e53966338aaaf16af14ce1c3
    SSDEEP:1536:QUNqSMAxF+mFm0+4YhZeGpatVV7y5F8t/dlq:Fju8411pa57CGd0
    TLSH:39635C32B9751E2BC4D1A87A61F74724F2F2474A25ECCA1E7D620E4EFF21A4022576F4
    File Content Preview:.ELF...........................4.........4. ...(....................... ... ..............................5.........dt.Q................................@..(....@.9S................#.....c...`.....!..... ...@.....".........`......$ ... ...@...........`....

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, big endian
    Version:1 (current)
    Machine:Sparc
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x101a4
    Flags:0x0
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:66520
    Section Header Size:40
    Number of Section Headers:10
    Header String Table Index:9

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .initPROGBITS0x100940x940x1c0x00x6AX004
    .textPROGBITS0x100b00xb00xe5840x00x6AX004
    .finiPROGBITS0x1e6340xe6340x140x00x6AX004
    .rodataPROGBITS0x1e6480xe6480x13d80x00x2A008
    .ctorsPROGBITS0x200000x100000x80x00x3WA004
    .dtorsPROGBITS0x200080x100080x80x00x3WA004
    .dataPROGBITS0x200180x100180x3800x00x3WA008
    .bssNOBITS0x203980x103980x31780x00x3WA008
    .shstrtabSTRTAB0x00x103980x3e0x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x100000x100000xfa200xfa206.14970x5R E0x10000.init .text .fini .rodata
    LOAD0x100000x200000x200000x3980x35102.71220x6RW 0x10000.ctors .dtors .data .bss
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

    Network Behavior

    Suricata IDS Alerts

    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
    2025-01-08T19:47:02.341594+01002500036ET COMPROMISED Known Compromised or Hostile Host Traffic group 19283.222.191.9013566192.168.2.1342774TCP

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 8, 2025 19:47:02.058218956 CET3772013566192.168.2.1383.222.250.57
    Jan 8, 2025 19:47:02.065064907 CET135663772083.222.250.57192.168.2.13
    Jan 8, 2025 19:47:02.065119982 CET3772013566192.168.2.1383.222.250.57
    Jan 8, 2025 19:47:02.077619076 CET3804213566192.168.2.1383.222.232.99
    Jan 8, 2025 19:47:02.082438946 CET135663804283.222.232.99192.168.2.13
    Jan 8, 2025 19:47:02.082498074 CET3804213566192.168.2.1383.222.232.99
    Jan 8, 2025 19:47:02.111215115 CET3804213566192.168.2.1383.222.232.99
    Jan 8, 2025 19:47:02.115597963 CET5000013566192.168.2.1383.222.22.67
    Jan 8, 2025 19:47:02.115988970 CET135663804283.222.232.99192.168.2.13
    Jan 8, 2025 19:47:02.116034031 CET3804213566192.168.2.1383.222.232.99
    Jan 8, 2025 19:47:02.120383024 CET135665000083.222.22.67192.168.2.13
    Jan 8, 2025 19:47:02.120428085 CET5000013566192.168.2.1383.222.22.67
    Jan 8, 2025 19:47:02.126040936 CET5000013566192.168.2.1383.222.22.67
    Jan 8, 2025 19:47:02.130913973 CET135665000083.222.22.67192.168.2.13
    Jan 8, 2025 19:47:02.130955935 CET5000013566192.168.2.1383.222.22.67
    Jan 8, 2025 19:47:02.134083033 CET6002213566192.168.2.1383.222.103.225
    Jan 8, 2025 19:47:02.136558056 CET4384013566192.168.2.1383.222.41.233
    Jan 8, 2025 19:47:02.138917923 CET135666002283.222.103.225192.168.2.13
    Jan 8, 2025 19:47:02.138969898 CET6002213566192.168.2.1383.222.103.225
    Jan 8, 2025 19:47:02.141360044 CET135664384083.222.41.233192.168.2.13
    Jan 8, 2025 19:47:02.141411066 CET4384013566192.168.2.1383.222.41.233
    Jan 8, 2025 19:47:02.148840904 CET4768413566192.168.2.1383.222.225.208
    Jan 8, 2025 19:47:02.153661966 CET135664768483.222.225.208192.168.2.13
    Jan 8, 2025 19:47:02.153708935 CET4768413566192.168.2.1383.222.225.208
    Jan 8, 2025 19:47:02.200808048 CET4768413566192.168.2.1383.222.225.208
    Jan 8, 2025 19:47:02.202267885 CET3900613566192.168.2.1383.222.33.179
    Jan 8, 2025 19:47:02.205030918 CET4844813566192.168.2.1383.222.89.105
    Jan 8, 2025 19:47:02.205600023 CET135664768483.222.225.208192.168.2.13
    Jan 8, 2025 19:47:02.205657005 CET4768413566192.168.2.1383.222.225.208
    Jan 8, 2025 19:47:02.207106113 CET4436813566192.168.2.1383.222.125.205
    Jan 8, 2025 19:47:02.207129955 CET135663900683.222.33.179192.168.2.13
    Jan 8, 2025 19:47:02.207184076 CET3900613566192.168.2.1383.222.33.179
    Jan 8, 2025 19:47:02.209690094 CET3333213566192.168.2.1383.222.89.20
    Jan 8, 2025 19:47:02.209889889 CET135664844883.222.89.105192.168.2.13
    Jan 8, 2025 19:47:02.209944963 CET4844813566192.168.2.1383.222.89.105
    Jan 8, 2025 19:47:02.211924076 CET135664436883.222.125.205192.168.2.13
    Jan 8, 2025 19:47:02.211973906 CET4436813566192.168.2.1383.222.125.205
    Jan 8, 2025 19:47:02.212899923 CET4940813566192.168.2.1383.222.101.184
    Jan 8, 2025 19:47:02.214507103 CET135663333283.222.89.20192.168.2.13
    Jan 8, 2025 19:47:02.214553118 CET3333213566192.168.2.1383.222.89.20
    Jan 8, 2025 19:47:02.216134071 CET4687613566192.168.2.1383.222.65.247
    Jan 8, 2025 19:47:02.217715025 CET135664940883.222.101.184192.168.2.13
    Jan 8, 2025 19:47:02.217758894 CET4940813566192.168.2.1383.222.101.184
    Jan 8, 2025 19:47:02.218871117 CET5139413566192.168.2.1383.222.161.76
    Jan 8, 2025 19:47:02.220987082 CET135664687683.222.65.247192.168.2.13
    Jan 8, 2025 19:47:02.221023083 CET4687613566192.168.2.1383.222.65.247
    Jan 8, 2025 19:47:02.222161055 CET6027613566192.168.2.1383.222.155.93
    Jan 8, 2025 19:47:02.223658085 CET135665139483.222.161.76192.168.2.13
    Jan 8, 2025 19:47:02.223721027 CET5139413566192.168.2.1383.222.161.76
    Jan 8, 2025 19:47:02.227008104 CET135666027683.222.155.93192.168.2.13
    Jan 8, 2025 19:47:02.227065086 CET6027613566192.168.2.1383.222.155.93
    Jan 8, 2025 19:47:02.227272034 CET4054413566192.168.2.1383.222.211.212
    Jan 8, 2025 19:47:02.231328011 CET3404213566192.168.2.1383.222.54.205
    Jan 8, 2025 19:47:02.232079029 CET135664054483.222.211.212192.168.2.13
    Jan 8, 2025 19:47:02.232131004 CET4054413566192.168.2.1383.222.211.212
    Jan 8, 2025 19:47:02.234371901 CET4976813566192.168.2.1383.222.13.30
    Jan 8, 2025 19:47:02.236103058 CET135663404283.222.54.205192.168.2.13
    Jan 8, 2025 19:47:02.236155033 CET3404213566192.168.2.1383.222.54.205
    Jan 8, 2025 19:47:02.236772060 CET3523813566192.168.2.1383.222.48.35
    Jan 8, 2025 19:47:02.239223957 CET135664976883.222.13.30192.168.2.13
    Jan 8, 2025 19:47:02.239265919 CET4976813566192.168.2.1383.222.13.30
    Jan 8, 2025 19:47:02.239435911 CET5378213566192.168.2.1383.222.97.151
    Jan 8, 2025 19:47:02.240837097 CET5765413566192.168.2.1383.222.4.138
    Jan 8, 2025 19:47:02.241662025 CET135663523883.222.48.35192.168.2.13
    Jan 8, 2025 19:47:02.241704941 CET3523813566192.168.2.1383.222.48.35
    Jan 8, 2025 19:47:02.243155003 CET4765413566192.168.2.1383.222.129.230
    Jan 8, 2025 19:47:02.244199991 CET135665378283.222.97.151192.168.2.13
    Jan 8, 2025 19:47:02.244239092 CET5378213566192.168.2.1383.222.97.151
    Jan 8, 2025 19:47:02.245508909 CET4974413566192.168.2.1383.222.90.162
    Jan 8, 2025 19:47:02.245603085 CET135665765483.222.4.138192.168.2.13
    Jan 8, 2025 19:47:02.245646000 CET5765413566192.168.2.1383.222.4.138
    Jan 8, 2025 19:47:02.247958899 CET135664765483.222.129.230192.168.2.13
    Jan 8, 2025 19:47:02.248002052 CET4765413566192.168.2.1383.222.129.230
    Jan 8, 2025 19:47:02.249994993 CET6074413566192.168.2.1383.222.153.179
    Jan 8, 2025 19:47:02.250267029 CET135664974483.222.90.162192.168.2.13
    Jan 8, 2025 19:47:02.250317097 CET4974413566192.168.2.1383.222.90.162
    Jan 8, 2025 19:47:02.251677036 CET3734413566192.168.2.1383.222.12.23
    Jan 8, 2025 19:47:02.253662109 CET3662413566192.168.2.1383.222.129.101
    Jan 8, 2025 19:47:02.254789114 CET135666074483.222.153.179192.168.2.13
    Jan 8, 2025 19:47:02.254829884 CET6074413566192.168.2.1383.222.153.179
    Jan 8, 2025 19:47:02.255757093 CET5993813566192.168.2.1383.222.43.230
    Jan 8, 2025 19:47:02.256459951 CET135663734483.222.12.23192.168.2.13
    Jan 8, 2025 19:47:02.256525040 CET3734413566192.168.2.1383.222.12.23
    Jan 8, 2025 19:47:02.257386923 CET6096013566192.168.2.1383.222.29.108
    Jan 8, 2025 19:47:02.258410931 CET135663662483.222.129.101192.168.2.13
    Jan 8, 2025 19:47:02.258464098 CET3662413566192.168.2.1383.222.129.101
    Jan 8, 2025 19:47:02.259203911 CET5415813566192.168.2.1383.222.222.190
    Jan 8, 2025 19:47:02.260504961 CET135665993883.222.43.230192.168.2.13
    Jan 8, 2025 19:47:02.260550022 CET5993813566192.168.2.1383.222.43.230
    Jan 8, 2025 19:47:02.260879040 CET4784813566192.168.2.1383.222.185.121
    Jan 8, 2025 19:47:02.262181044 CET135666096083.222.29.108192.168.2.13
    Jan 8, 2025 19:47:02.262222052 CET6096013566192.168.2.1383.222.29.108
    Jan 8, 2025 19:47:02.262608051 CET5857413566192.168.2.1383.222.28.140
    Jan 8, 2025 19:47:02.264000893 CET135665415883.222.222.190192.168.2.13
    Jan 8, 2025 19:47:02.264045954 CET5415813566192.168.2.1383.222.222.190
    Jan 8, 2025 19:47:02.264251947 CET4654613566192.168.2.1383.222.77.82
    Jan 8, 2025 19:47:02.265635967 CET135664784883.222.185.121192.168.2.13
    Jan 8, 2025 19:47:02.265672922 CET4784813566192.168.2.1383.222.185.121
    Jan 8, 2025 19:47:02.266256094 CET3875413566192.168.2.1383.222.89.90
    Jan 8, 2025 19:47:02.267359018 CET135665857483.222.28.140192.168.2.13
    Jan 8, 2025 19:47:02.267391920 CET5857413566192.168.2.1383.222.28.140
    Jan 8, 2025 19:47:02.268798113 CET3516613566192.168.2.1383.222.112.137
    Jan 8, 2025 19:47:02.268974066 CET135664654683.222.77.82192.168.2.13
    Jan 8, 2025 19:47:02.269027948 CET4654613566192.168.2.1383.222.77.82
    Jan 8, 2025 19:47:02.270970106 CET135663875483.222.89.90192.168.2.13
    Jan 8, 2025 19:47:02.271022081 CET3875413566192.168.2.1383.222.89.90
    Jan 8, 2025 19:47:02.273588896 CET135663516683.222.112.137192.168.2.13
    Jan 8, 2025 19:47:02.273637056 CET3516613566192.168.2.1383.222.112.137
    Jan 8, 2025 19:47:02.274149895 CET4184613566192.168.2.1383.222.126.209
    Jan 8, 2025 19:47:02.276670933 CET4267213566192.168.2.1383.222.32.130
    Jan 8, 2025 19:47:02.278541088 CET5578813566192.168.2.1383.222.91.161
    Jan 8, 2025 19:47:02.278911114 CET135664184683.222.126.209192.168.2.13
    Jan 8, 2025 19:47:02.278954983 CET4184613566192.168.2.1383.222.126.209
    Jan 8, 2025 19:47:02.281413078 CET135664267283.222.32.130192.168.2.13
    Jan 8, 2025 19:47:02.281455994 CET4267213566192.168.2.1383.222.32.130
    Jan 8, 2025 19:47:02.283123970 CET5119013566192.168.2.1383.222.104.181
    Jan 8, 2025 19:47:02.283333063 CET135665578883.222.91.161192.168.2.13
    Jan 8, 2025 19:47:02.283375025 CET5578813566192.168.2.1383.222.91.161
    Jan 8, 2025 19:47:02.285862923 CET5663613566192.168.2.1383.222.68.2
    Jan 8, 2025 19:47:02.288019896 CET135665119083.222.104.181192.168.2.13
    Jan 8, 2025 19:47:02.288058996 CET5119013566192.168.2.1383.222.104.181
    Jan 8, 2025 19:47:02.290640116 CET135665663683.222.68.2192.168.2.13
    Jan 8, 2025 19:47:02.290688992 CET5663613566192.168.2.1383.222.68.2
    Jan 8, 2025 19:47:02.292273045 CET3444413566192.168.2.1383.222.104.80
    Jan 8, 2025 19:47:02.297019005 CET135663444483.222.104.80192.168.2.13
    Jan 8, 2025 19:47:02.297070026 CET3444413566192.168.2.1383.222.104.80
    Jan 8, 2025 19:47:02.297432899 CET3444413566192.168.2.1383.222.104.80
    Jan 8, 2025 19:47:02.298763037 CET4290213566192.168.2.1383.222.25.233
    Jan 8, 2025 19:47:02.300939083 CET4910413566192.168.2.1383.222.181.68
    Jan 8, 2025 19:47:02.303396940 CET5494013566192.168.2.1383.222.208.210
    Jan 8, 2025 19:47:02.303558111 CET135664290283.222.25.233192.168.2.13
    Jan 8, 2025 19:47:02.303607941 CET4290213566192.168.2.1383.222.25.233
    Jan 8, 2025 19:47:02.303764105 CET135663444483.222.104.80192.168.2.13
    Jan 8, 2025 19:47:02.303814888 CET3444413566192.168.2.1383.222.104.80
    Jan 8, 2025 19:47:02.305072069 CET4408613566192.168.2.1383.222.176.174
    Jan 8, 2025 19:47:02.305732012 CET135664910483.222.181.68192.168.2.13
    Jan 8, 2025 19:47:02.305784941 CET4910413566192.168.2.1383.222.181.68
    Jan 8, 2025 19:47:02.306876898 CET4787213566192.168.2.1383.222.145.105
    Jan 8, 2025 19:47:02.308192015 CET135665494083.222.208.210192.168.2.13
    Jan 8, 2025 19:47:02.308232069 CET5494013566192.168.2.1383.222.208.210
    Jan 8, 2025 19:47:02.308301926 CET5954013566192.168.2.1383.222.39.173
    Jan 8, 2025 19:47:02.309843063 CET135664408683.222.176.174192.168.2.13
    Jan 8, 2025 19:47:02.309906006 CET4408613566192.168.2.1383.222.176.174
    Jan 8, 2025 19:47:02.310126066 CET4212013566192.168.2.1383.222.245.116
    Jan 8, 2025 19:47:02.311619043 CET135664787283.222.145.105192.168.2.13
    Jan 8, 2025 19:47:02.311626911 CET3582413566192.168.2.1383.222.255.78
    Jan 8, 2025 19:47:02.311676025 CET4787213566192.168.2.1383.222.145.105
    Jan 8, 2025 19:47:02.313076973 CET135665954083.222.39.173192.168.2.13
    Jan 8, 2025 19:47:02.313185930 CET5954013566192.168.2.1383.222.39.173
    Jan 8, 2025 19:47:02.313389063 CET5576813566192.168.2.1383.222.206.111
    Jan 8, 2025 19:47:02.314846039 CET3423613566192.168.2.1383.222.215.76
    Jan 8, 2025 19:47:02.314904928 CET135664212083.222.245.116192.168.2.13
    Jan 8, 2025 19:47:02.314941883 CET4212013566192.168.2.1383.222.245.116
    Jan 8, 2025 19:47:02.316427946 CET135663582483.222.255.78192.168.2.13
    Jan 8, 2025 19:47:02.316476107 CET3582413566192.168.2.1383.222.255.78
    Jan 8, 2025 19:47:02.316629887 CET5104613566192.168.2.1383.222.64.248
    Jan 8, 2025 19:47:02.318072081 CET5060213566192.168.2.1383.222.207.155
    Jan 8, 2025 19:47:02.318167925 CET135665576883.222.206.111192.168.2.13
    Jan 8, 2025 19:47:02.318218946 CET5576813566192.168.2.1383.222.206.111
    Jan 8, 2025 19:47:02.319710970 CET135663423683.222.215.76192.168.2.13
    Jan 8, 2025 19:47:02.319747925 CET3423613566192.168.2.1383.222.215.76
    Jan 8, 2025 19:47:02.319849014 CET4760813566192.168.2.1383.222.153.55
    Jan 8, 2025 19:47:02.321261883 CET4713413566192.168.2.1383.222.80.221
    Jan 8, 2025 19:47:02.321415901 CET135665104683.222.64.248192.168.2.13
    Jan 8, 2025 19:47:02.321456909 CET5104613566192.168.2.1383.222.64.248
    Jan 8, 2025 19:47:02.322870970 CET135665060283.222.207.155192.168.2.13
    Jan 8, 2025 19:47:02.322918892 CET5060213566192.168.2.1383.222.207.155
    Jan 8, 2025 19:47:02.324584961 CET135664760883.222.153.55192.168.2.13
    Jan 8, 2025 19:47:02.324626923 CET4760813566192.168.2.1383.222.153.55
    Jan 8, 2025 19:47:02.326025963 CET135664713483.222.80.221192.168.2.13
    Jan 8, 2025 19:47:02.326059103 CET4713413566192.168.2.1383.222.80.221
    Jan 8, 2025 19:47:02.336783886 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:47:02.341593981 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:47:02.341658115 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:47:02.344378948 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:47:02.349102020 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:47:02.349138975 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:47:02.353919983 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:47:12.354691982 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:47:12.359673023 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:47:12.561984062 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:47:12.562041044 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:47:12.934690952 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:47:12.934827089 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:48:12.986052036 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:48:12.990926027 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:48:13.192918062 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:48:13.192985058 CET4277413566192.168.2.1383.222.191.90
    Jan 8, 2025 19:48:13.935069084 CET135664277483.222.191.90192.168.2.13
    Jan 8, 2025 19:48:13.935151100 CET4277413566192.168.2.1383.222.191.90

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 8, 2025 19:47:02.325058937 CET5877953192.168.2.138.8.8.8
    Jan 8, 2025 19:47:02.332154036 CET53587798.8.8.8192.168.2.13

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jan 8, 2025 19:47:02.325058937 CET192.168.2.138.8.8.80x2342Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jan 8, 2025 19:47:02.332154036 CET8.8.8.8192.168.2.130x2342No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.spc.elf
    Arguments:/tmp/Kloki.spc.elf
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.spc.elf
    Arguments:-
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.spc.elf
    Arguments:-
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.spc.elf
    Arguments:-
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gsd-print-notifications
    Arguments:/usr/libexec/gsd-print-notifications
    File size:51840 bytes
    MD5 hash:71539698aa691718cee775d6b9450ae2

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gsd-rfkill
    Arguments:/usr/libexec/gsd-rfkill
    File size:51808 bytes
    MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/bin/gnome-shell
    Arguments:/usr/bin/gnome-shell
    File size:23168 bytes
    MD5 hash:da7a257239677622fe4b3a65972c9e87

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/sbin/gdm3
    Arguments:-
    File size:453296 bytes
    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/etc/gdm3/PrimeOff/Default
    Arguments:/etc/gdm3/PrimeOff/Default
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/usr/sbin/gdm3
    Arguments:-
    File size:453296 bytes
    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

    Chronological Activities


    General

    Start time (UTC):18:47:01
    Start date (UTC):08/01/2025
    Path:/etc/gdm3/PrimeOff/Default
    Arguments:/etc/gdm3/PrimeOff/Default
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:47:11
    Start date (UTC):08/01/2025
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Chronological Activities


    General

    Start time (UTC):18:47:11
    Start date (UTC):08/01/2025
    Path:/lib/systemd/systemd-user-runtime-dir
    Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
    File size:22672 bytes
    MD5 hash:d55f4b0847f88131dbcfb07435178e54

    Chronological Activities