Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Kloki.m68k.elf

Overview

General Information

Sample name:Kloki.m68k.elf
Analysis ID:1586173
MD5:8d5063d215ab0a7795f2511b80e7310a
SHA1:0d70fcd78fe042a9b06896d30c02615a9e7236ee
SHA256:98eb4c8c5edf1ea00cbf075b2845b28f8746c93844a03e01f6ba5d9255f932ff
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1586173
Start date and time:2025-01-08 19:50:11 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 47s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.m68k.elf
Detection:MAL
Classification:mal52.spre.linELF@0/0@1/0

Warnings

  • VT rate limit hit for: Kloki.m68k.elf

Runtime Messages

Command:/tmp/Kloki.m68k.elf
PID:5433
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 5442, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • sh (PID: 5463, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • gnome-shell (PID: 5463, Parent: 1588, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • sh (PID: 5465, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5465, Parent: 1588, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 5466, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5466, Parent: 1588, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • gdm3 New Fork (PID: 5467, Parent: 1400)
  • Default (PID: 5467, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5469, Parent: 1400)
  • Default (PID: 5469, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5480, Parent: 1)
  • systemd-user-runtime-dir (PID: 5480, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-08T19:51:03.618216+010025000362Misc Attack83.222.191.9013566192.168.2.1342766TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Kloki.m68k.elfReversingLabs: Detection: 28%
Source: Kloki.m68k.elfString: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillallechowgetcurlpsbusyboxiptablesrebootinitinit 6catgrepbash
Source: global trafficTCP traffic: 192.168.2.13:41608 -> 83.222.46.246:13566
Source: global trafficTCP traffic: 192.168.2.13:33332 -> 83.222.224.11:13566
Source: global trafficTCP traffic: 192.168.2.13:37878 -> 83.222.69.33:13566
Source: global trafficTCP traffic: 192.168.2.13:58148 -> 83.222.238.5:13566
Source: global trafficTCP traffic: 192.168.2.13:41736 -> 83.222.65.71:13566
Source: global trafficTCP traffic: 192.168.2.13:32890 -> 83.222.242.76:13566
Source: global trafficTCP traffic: 192.168.2.13:40364 -> 83.222.111.94:13566
Source: global trafficTCP traffic: 192.168.2.13:52810 -> 83.222.10.243:13566
Source: global trafficTCP traffic: 192.168.2.13:50176 -> 83.222.96.107:13566
Source: global trafficTCP traffic: 192.168.2.13:36946 -> 83.222.66.234:13566
Source: global trafficTCP traffic: 192.168.2.13:53918 -> 83.222.17.188:13566
Source: global trafficTCP traffic: 192.168.2.13:48816 -> 83.222.114.3:13566
Source: global trafficTCP traffic: 192.168.2.13:56114 -> 83.222.62.33:13566
Source: global trafficTCP traffic: 192.168.2.13:43002 -> 83.222.214.28:13566
Source: global trafficTCP traffic: 192.168.2.13:53344 -> 83.222.232.205:13566
Source: global trafficTCP traffic: 192.168.2.13:42126 -> 83.222.126.23:13566
Source: global trafficTCP traffic: 192.168.2.13:41072 -> 83.222.196.94:13566
Source: global trafficTCP traffic: 192.168.2.13:36086 -> 83.222.34.9:13566
Source: global trafficTCP traffic: 192.168.2.13:36256 -> 83.222.127.16:13566
Source: global trafficTCP traffic: 192.168.2.13:49458 -> 83.222.14.193:13566
Source: global trafficTCP traffic: 192.168.2.13:37556 -> 83.222.87.0:13566
Source: global trafficTCP traffic: 192.168.2.13:60788 -> 83.222.13.199:13566
Source: global trafficTCP traffic: 192.168.2.13:53438 -> 83.222.94.23:13566
Source: global trafficTCP traffic: 192.168.2.13:58076 -> 83.222.186.190:13566
Source: global trafficTCP traffic: 192.168.2.13:39534 -> 83.222.131.252:13566
Source: global trafficTCP traffic: 192.168.2.13:47284 -> 83.222.168.148:13566
Source: global trafficTCP traffic: 192.168.2.13:33432 -> 83.222.184.26:13566
Source: global trafficTCP traffic: 192.168.2.13:53084 -> 83.222.151.246:13566
Source: global trafficTCP traffic: 192.168.2.13:58420 -> 83.222.59.109:13566
Source: global trafficTCP traffic: 192.168.2.13:34540 -> 83.222.18.36:13566
Source: global trafficTCP traffic: 192.168.2.13:52136 -> 83.222.59.144:13566
Source: global trafficTCP traffic: 192.168.2.13:51030 -> 83.222.59.255:13566
Source: global trafficTCP traffic: 192.168.2.13:58874 -> 83.222.238.93:13566
Source: global trafficTCP traffic: 192.168.2.13:36732 -> 83.222.8.109:13566
Source: global trafficTCP traffic: 192.168.2.13:38432 -> 83.222.109.22:13566
Source: global trafficTCP traffic: 192.168.2.13:41550 -> 83.222.46.196:13566
Source: global trafficTCP traffic: 192.168.2.13:55124 -> 83.222.23.60:13566
Source: global trafficTCP traffic: 192.168.2.13:48464 -> 83.222.139.117:13566
Source: global trafficTCP traffic: 192.168.2.13:51318 -> 83.222.83.69:13566
Source: global trafficTCP traffic: 192.168.2.13:36466 -> 83.222.52.214:13566
Source: global trafficTCP traffic: 192.168.2.13:56584 -> 83.222.65.220:13566
Source: global trafficTCP traffic: 192.168.2.13:37308 -> 83.222.106.249:13566
Source: global trafficTCP traffic: 192.168.2.13:40136 -> 83.222.247.1:13566
Source: global trafficTCP traffic: 192.168.2.13:33924 -> 83.222.239.50:13566
Source: global trafficTCP traffic: 192.168.2.13:37524 -> 83.222.111.1:13566
Source: global trafficTCP traffic: 192.168.2.13:54196 -> 83.222.86.170:13566
Source: global trafficTCP traffic: 192.168.2.13:39804 -> 83.222.145.145:13566
Source: global trafficTCP traffic: 192.168.2.13:47238 -> 83.222.169.127:13566
Source: global trafficTCP traffic: 192.168.2.13:35142 -> 83.222.238.177:13566
Source: global trafficTCP traffic: 192.168.2.13:47496 -> 83.222.237.91:13566
Source: global trafficTCP traffic: 192.168.2.13:51658 -> 83.222.199.27:13566
Source: global trafficTCP traffic: 192.168.2.13:32960 -> 83.222.32.222:13566
Source: global trafficTCP traffic: 192.168.2.13:48938 -> 83.222.87.171:13566
Source: global trafficTCP traffic: 192.168.2.13:41910 -> 83.222.84.171:13566
Source: global trafficTCP traffic: 192.168.2.13:42766 -> 83.222.191.90:13566
Source: /tmp/Kloki.m68k.elf (PID: 5433)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500036 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 19 : 83.222.191.90:13566 -> 192.168.2.13:42766
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.46.246
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.224.11
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.46.246
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.33
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.224.11
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.33
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.33
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.238.5
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.33
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.238.5
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.65.71
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.65.71
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.65.71
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.242.76
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.111.94
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.65.71
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.242.76
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.111.94
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.96.107
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.66.234
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.96.107
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.17.188
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.66.234
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.114.3
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.17.188
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.114.3
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.62.33
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.62.33
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.214.28
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.232.205
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.214.28
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.126.23
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.232.205
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.196.94
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.126.23
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.34.9
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.127.16
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.196.94
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.34.9
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.14.193
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.127.16
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.14.193
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.87.0
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.13.199
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.87.0
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.13.199
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.13.199
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.94.23
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.13.199
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.94.23
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru

System Summary

barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 3442, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5418, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5442, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5463, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5465, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5466, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5467, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillallechowgetcurlpsbusyboxiptablesrebootinitinit 6catgrepbash
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 936, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 1691, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 3442, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5418, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5442, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5463, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5465, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5466, result: successfulJump to behavior
Source: /tmp/Kloki.m68k.elf (PID: 5439)SIGKILL sent: pid: 5467, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/0@1/0
Source: /tmp/Kloki.m68k.elf (PID: 5433)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.m68k.elf, 5433.1.000055fbd18dd000.000055fbd1966000.rw-.sdmp, Kloki.m68k.elf, 5438.1.000055fbd18dd000.000055fbd1966000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/m68k
Source: Kloki.m68k.elf, 5433.1.00007fff96de3000.00007fff96e04000.rw-.sdmp, Kloki.m68k.elf, 5438.1.00007fff96de3000.00007fff96e04000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
Source: Kloki.m68k.elf, 5433.1.000055fbd18dd000.000055fbd1966000.rw-.sdmp, Kloki.m68k.elf, 5438.1.000055fbd18dd000.000055fbd1966000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
Source: Kloki.m68k.elf, 5433.1.00007fff96de3000.00007fff96e04000.rw-.sdmp, Kloki.m68k.elf, 5438.1.00007fff96de3000.00007fff96e04000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/Kloki.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.m68k.elf

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586173 Sample: Kloki.m68k.elf Startdate: 08/01/2025 Architecture: LINUX Score: 52 23 83.222.126.23, 13566, 42126 TRI-ASTrueRecordsIncES Russian Federation 2->23 25 83.222.127.16, 13566, 36256 TRI-ASTrueRecordsIncES Russian Federation 2->25 27 53 other IPs or domains 2->27 31 Multi AV Scanner detection for submitted file 2->31 8 Kloki.m68k.elf 2->8         started        10 gnome-session-binary sh gnome-shell 2->10         started        12 gnome-session-binary sh gsd-print-notifications 2->12         started        14 5 other processes 2->14 signatures3 process4 process5 16 Kloki.m68k.elf 8->16         started        process6 18 Kloki.m68k.elf 16->18         started        21 Kloki.m68k.elf 16->21         started        signatures7 29 Sample tries to kill multiple processes (SIGKILL) 18->29

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kloki.m68k.elf29%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.127.16
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.131.252
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.238.177
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.8.109
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.168.148
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.59.255
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.186.190
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.46.196
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.109.22
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.17.188
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.114.3
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.23.60
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.199.27
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.84.171
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.214.28
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.32.222
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.59.109
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.34.9
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.13.199
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.139.117
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.59.144
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.52.214
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.145.145
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.238.5
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.106.249
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.69.33
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.10.243
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.126.23
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.65.71
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.196.94
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.65.220
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.14.193
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.87.0
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.184.26
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.87.171
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.151.246
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.238.93
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.247.1
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.237.91
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.111.1
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.242.76
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.66.234
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.169.127
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.62.33
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.232.205
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.18.36
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.46.246
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.94.23
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.239.50
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.96.107
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.224.11
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.86.170
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.111.94
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.83.69
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    secure-network-rebirthltd.ruKloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    Kloki.arm4.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    TRI-ASTrueRecordsIncESKloki.arm4.elfGet hashmaliciousUnknownBrowse
    • 83.222.127.11
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.125.205
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.126.31
    https://sazi.online/91150/?utm_source=HueVu&utm_medium=AlluringAngels&utm_campaign=Girls&fbclid=IwAR0edkaxp99ZoQQmBnk5RzNjaLguZlK7xHWUVNwiZ8B5L1Dgxb2UluLI-6UGet hashmaliciousUnknownBrowse
    • 212.124.124.115
    https://sports.zaly.online/57724/Get hashmaliciousUnknownBrowse
    • 212.124.124.8
    skyljne.arm5.elfGet hashmaliciousMiraiBrowse
    • 212.124.111.159
    https://sumosear.ch/phone/405-437-3238Get hashmaliciousUnknownBrowse
    • 212.124.124.186
    https://www.filezzz.com/d/4bc0a5a2dec44da992c97637b636bd92/Purchase%20Order%20(2)%20(1).html/previewGet hashmaliciousHTMLPhisherBrowse
    • 212.124.105.153
    https://dolphin-app-gmqrc.ondigitalocean.app/c0678e7d922226400010b5657b4f5159/?client_id=0000007990-0000-0lty-ij00-000000000&y=6eamRuYXBpZXJAaGVuaWZmLmNvbQ%3D%3D&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=client_id&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=45f4d5f9-4657-4816-9528-af3f59994174&protectedtoken=trueGet hashmaliciousUnknownBrowse
    • 212.124.125.206
    preggo.apkGet hashmaliciousUnknownBrowse
    • 212.124.124.151
    COGECO-PEER1CAKloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.231.59
    Kloki.arm4.elfGet hashmaliciousUnknownBrowse
    • 83.222.253.28
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.225.208
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.237.30
    http://plnbl.io/review/VdCYQSoKp54zGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.194
    miori.sh4.elfGet hashmaliciousUnknownBrowse
    • 209.35.191.178
    https://bawarq.org/r.php?id=YoExsdlTj9ej3sIxs1X7aZn3DzYWS8OQ2Get hashmaliciousUnknownBrowse
    • 162.254.38.37
    Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
    • 69.90.254.78
    https://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.194
    https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
    • 66.33.60.35
    SENSELAN-ASsenseLANGmbHCHKloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.146.5
    Kloki.arm4.elfGet hashmaliciousUnknownBrowse
    • 83.222.154.225
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.153.55
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.147.13
    firmware.armv4l.elfGet hashmaliciousUnknownBrowse
    • 192.162.28.56
    firmware.armv5l.elfGet hashmaliciousUnknownBrowse
    • 192.162.28.56
    LFZoA1P7TrGet hashmaliciousUnknownBrowse
    • 83.222.133.170
    xd.armGet hashmaliciousMiraiBrowse
    • 185.86.28.136
    xa9p5G1SrJGet hashmaliciousMiraiBrowse
    • 185.86.28.161
    TOqM7SNQz6Get hashmaliciousMiraiBrowse
    • 185.86.28.138

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
    Entropy (8bit):6.237062527888886
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:Kloki.m68k.elf
    File size:67'600 bytes
    MD5:8d5063d215ab0a7795f2511b80e7310a
    SHA1:0d70fcd78fe042a9b06896d30c02615a9e7236ee
    SHA256:98eb4c8c5edf1ea00cbf075b2845b28f8746c93844a03e01f6ba5d9255f932ff
    SHA512:3939ccb5a0147d38f84f0fbe3af7b779f08d1bcca18654fa495d92323eccd489154516cd90fc26190d35eb74bcaac8aa5485b3b52457a9891f119f2be1b459cb
    SSDEEP:1536:Nv5GAR311AhG/BC9sM28uMW69tISPhZHuuUTLilgoEAxn:NhGARXx/BOsMBWUDhVu3E9xn
    TLSH:8B6329DAF810DD7DF81FE77F8463050AB671A35601820F36679BB963BD321A44962F82
    File Content Preview:.ELF.......................D...4.........4. ...(.................................. ..........."...".......4....... .dt.Q............................NV..a....da....xN^NuNV..J9..&@f>"y..". QJ.g.X.#...".N."y..". QJ.f.A.....J.g.Hy....N.X.......&@N^NuNV..N^NuN

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, big endian
    Version:1 (current)
    Machine:MC68000
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x80000144
    Flags:0x0
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:67200
    Section Header Size:40
    Number of Section Headers:10
    Header String Table Index:9

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .initPROGBITS0x800000940x940x140x00x6AX002
    .textPROGBITS0x800000a80xa80xefa20x00x6AX004
    .finiPROGBITS0x8000f04a0xf04a0xe0x00x6AX002
    .rodataPROGBITS0x8000f0580xf0580x125c0x00x2A002
    .ctorsPROGBITS0x800122b80x102b80x80x00x3WA004
    .dtorsPROGBITS0x800122c00x102c00x80x00x3WA004
    .dataPROGBITS0x800122cc0x102cc0x3740x00x3WA004
    .bssNOBITS0x800126400x106400x31700x00x3WA004
    .shstrtabSTRTAB0x00x106400x3e0x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x800000000x800000000x102b40x102b46.27400x5R E0x2000.init .text .fini .rodata
    LOAD0x102b80x800122b80x800122b80x3880x34f82.97950x6RW 0x2000.ctors .dtors .data .bss
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

    Network Behavior

    Suricata IDS Alerts

    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
    2025-01-08T19:51:03.618216+01002500036ET COMPROMISED Known Compromised or Hostile Host Traffic group 19283.222.191.9013566192.168.2.1342766TCP

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 8, 2025 19:51:03.323247910 CET4160813566192.168.2.1383.222.46.246
    Jan 8, 2025 19:51:03.326924086 CET3333213566192.168.2.1383.222.224.11
    Jan 8, 2025 19:51:03.328465939 CET135664160883.222.46.246192.168.2.13
    Jan 8, 2025 19:51:03.328519106 CET4160813566192.168.2.1383.222.46.246
    Jan 8, 2025 19:51:03.330964088 CET3787813566192.168.2.1383.222.69.33
    Jan 8, 2025 19:51:03.331795931 CET135663333283.222.224.11192.168.2.13
    Jan 8, 2025 19:51:03.331835985 CET3333213566192.168.2.1383.222.224.11
    Jan 8, 2025 19:51:03.335957050 CET135663787883.222.69.33192.168.2.13
    Jan 8, 2025 19:51:03.336009979 CET3787813566192.168.2.1383.222.69.33
    Jan 8, 2025 19:51:03.345248938 CET3787813566192.168.2.1383.222.69.33
    Jan 8, 2025 19:51:03.346779108 CET5814813566192.168.2.1383.222.238.5
    Jan 8, 2025 19:51:03.350234032 CET135663787883.222.69.33192.168.2.13
    Jan 8, 2025 19:51:03.350325108 CET3787813566192.168.2.1383.222.69.33
    Jan 8, 2025 19:51:03.351617098 CET135665814883.222.238.5192.168.2.13
    Jan 8, 2025 19:51:03.351702929 CET5814813566192.168.2.1383.222.238.5
    Jan 8, 2025 19:51:03.368352890 CET4173613566192.168.2.1383.222.65.71
    Jan 8, 2025 19:51:03.373246908 CET135664173683.222.65.71192.168.2.13
    Jan 8, 2025 19:51:03.373295069 CET4173613566192.168.2.1383.222.65.71
    Jan 8, 2025 19:51:03.393440962 CET4173613566192.168.2.1383.222.65.71
    Jan 8, 2025 19:51:03.394606113 CET3289013566192.168.2.1383.222.242.76
    Jan 8, 2025 19:51:03.397625923 CET4036413566192.168.2.1383.222.111.94
    Jan 8, 2025 19:51:03.398332119 CET135664173683.222.65.71192.168.2.13
    Jan 8, 2025 19:51:03.398406029 CET4173613566192.168.2.1383.222.65.71
    Jan 8, 2025 19:51:03.399393082 CET135663289083.222.242.76192.168.2.13
    Jan 8, 2025 19:51:03.399441004 CET3289013566192.168.2.1383.222.242.76
    Jan 8, 2025 19:51:03.400353909 CET5281013566192.168.2.1383.222.10.243
    Jan 8, 2025 19:51:03.402519941 CET135664036483.222.111.94192.168.2.13
    Jan 8, 2025 19:51:03.402559996 CET4036413566192.168.2.1383.222.111.94
    Jan 8, 2025 19:51:03.403892040 CET5017613566192.168.2.1383.222.96.107
    Jan 8, 2025 19:51:03.405102968 CET135665281083.222.10.243192.168.2.13
    Jan 8, 2025 19:51:03.405138016 CET5281013566192.168.2.1383.222.10.243
    Jan 8, 2025 19:51:03.406533957 CET3694613566192.168.2.1383.222.66.234
    Jan 8, 2025 19:51:03.408687115 CET135665017683.222.96.107192.168.2.13
    Jan 8, 2025 19:51:03.408737898 CET5017613566192.168.2.1383.222.96.107
    Jan 8, 2025 19:51:03.410737038 CET5391813566192.168.2.1383.222.17.188
    Jan 8, 2025 19:51:03.411303043 CET135663694683.222.66.234192.168.2.13
    Jan 8, 2025 19:51:03.411355019 CET3694613566192.168.2.1383.222.66.234
    Jan 8, 2025 19:51:03.414897919 CET4881613566192.168.2.1383.222.114.3
    Jan 8, 2025 19:51:03.415522099 CET135665391883.222.17.188192.168.2.13
    Jan 8, 2025 19:51:03.415565014 CET5391813566192.168.2.1383.222.17.188
    Jan 8, 2025 19:51:03.419742107 CET135664881683.222.114.3192.168.2.13
    Jan 8, 2025 19:51:03.419783115 CET4881613566192.168.2.1383.222.114.3
    Jan 8, 2025 19:51:03.420008898 CET5611413566192.168.2.1383.222.62.33
    Jan 8, 2025 19:51:03.424761057 CET135665611483.222.62.33192.168.2.13
    Jan 8, 2025 19:51:03.424807072 CET5611413566192.168.2.1383.222.62.33
    Jan 8, 2025 19:51:03.425242901 CET4300213566192.168.2.1383.222.214.28
    Jan 8, 2025 19:51:03.428277016 CET5334413566192.168.2.1383.222.232.205
    Jan 8, 2025 19:51:03.430031061 CET135664300283.222.214.28192.168.2.13
    Jan 8, 2025 19:51:03.430072069 CET4300213566192.168.2.1383.222.214.28
    Jan 8, 2025 19:51:03.431241989 CET4212613566192.168.2.1383.222.126.23
    Jan 8, 2025 19:51:03.433044910 CET135665334483.222.232.205192.168.2.13
    Jan 8, 2025 19:51:03.433082104 CET5334413566192.168.2.1383.222.232.205
    Jan 8, 2025 19:51:03.435547113 CET4107213566192.168.2.1383.222.196.94
    Jan 8, 2025 19:51:03.436033010 CET135664212683.222.126.23192.168.2.13
    Jan 8, 2025 19:51:03.436079025 CET4212613566192.168.2.1383.222.126.23
    Jan 8, 2025 19:51:03.437784910 CET3608613566192.168.2.1383.222.34.9
    Jan 8, 2025 19:51:03.440336943 CET3625613566192.168.2.1383.222.127.16
    Jan 8, 2025 19:51:03.440356016 CET135664107283.222.196.94192.168.2.13
    Jan 8, 2025 19:51:03.440397024 CET4107213566192.168.2.1383.222.196.94
    Jan 8, 2025 19:51:03.442661047 CET135663608683.222.34.9192.168.2.13
    Jan 8, 2025 19:51:03.442702055 CET3608613566192.168.2.1383.222.34.9
    Jan 8, 2025 19:51:03.443918943 CET4945813566192.168.2.1383.222.14.193
    Jan 8, 2025 19:51:03.445184946 CET135663625683.222.127.16192.168.2.13
    Jan 8, 2025 19:51:03.445225000 CET3625613566192.168.2.1383.222.127.16
    Jan 8, 2025 19:51:03.448748112 CET135664945883.222.14.193192.168.2.13
    Jan 8, 2025 19:51:03.448795080 CET4945813566192.168.2.1383.222.14.193
    Jan 8, 2025 19:51:03.450150967 CET3755613566192.168.2.1383.222.87.0
    Jan 8, 2025 19:51:03.453911066 CET6078813566192.168.2.1383.222.13.199
    Jan 8, 2025 19:51:03.454962015 CET135663755683.222.87.0192.168.2.13
    Jan 8, 2025 19:51:03.455003023 CET3755613566192.168.2.1383.222.87.0
    Jan 8, 2025 19:51:03.458816051 CET135666078883.222.13.199192.168.2.13
    Jan 8, 2025 19:51:03.458885908 CET6078813566192.168.2.1383.222.13.199
    Jan 8, 2025 19:51:03.472816944 CET6078813566192.168.2.1383.222.13.199
    Jan 8, 2025 19:51:03.475192070 CET5343813566192.168.2.1383.222.94.23
    Jan 8, 2025 19:51:03.477677107 CET135666078883.222.13.199192.168.2.13
    Jan 8, 2025 19:51:03.477724075 CET6078813566192.168.2.1383.222.13.199
    Jan 8, 2025 19:51:03.479998112 CET135665343883.222.94.23192.168.2.13
    Jan 8, 2025 19:51:03.480038881 CET5343813566192.168.2.1383.222.94.23
    Jan 8, 2025 19:51:03.480228901 CET5807613566192.168.2.1383.222.186.190
    Jan 8, 2025 19:51:03.484821081 CET3953413566192.168.2.1383.222.131.252
    Jan 8, 2025 19:51:03.484977961 CET135665807683.222.186.190192.168.2.13
    Jan 8, 2025 19:51:03.485023975 CET5807613566192.168.2.1383.222.186.190
    Jan 8, 2025 19:51:03.487560034 CET4728413566192.168.2.1383.222.168.148
    Jan 8, 2025 19:51:03.489608049 CET135663953483.222.131.252192.168.2.13
    Jan 8, 2025 19:51:03.489646912 CET3953413566192.168.2.1383.222.131.252
    Jan 8, 2025 19:51:03.490413904 CET3343213566192.168.2.1383.222.184.26
    Jan 8, 2025 19:51:03.492347002 CET135664728483.222.168.148192.168.2.13
    Jan 8, 2025 19:51:03.492387056 CET4728413566192.168.2.1383.222.168.148
    Jan 8, 2025 19:51:03.493434906 CET5308413566192.168.2.1383.222.151.246
    Jan 8, 2025 19:51:03.495191097 CET135663343283.222.184.26192.168.2.13
    Jan 8, 2025 19:51:03.495239019 CET3343213566192.168.2.1383.222.184.26
    Jan 8, 2025 19:51:03.497629881 CET5842013566192.168.2.1383.222.59.109
    Jan 8, 2025 19:51:03.498178005 CET135665308483.222.151.246192.168.2.13
    Jan 8, 2025 19:51:03.498222113 CET5308413566192.168.2.1383.222.151.246
    Jan 8, 2025 19:51:03.500530005 CET3454013566192.168.2.1383.222.18.36
    Jan 8, 2025 19:51:03.502425909 CET135665842083.222.59.109192.168.2.13
    Jan 8, 2025 19:51:03.502861977 CET5842013566192.168.2.1383.222.59.109
    Jan 8, 2025 19:51:03.505309105 CET135663454083.222.18.36192.168.2.13
    Jan 8, 2025 19:51:03.505353928 CET3454013566192.168.2.1383.222.18.36
    Jan 8, 2025 19:51:03.505666018 CET3454013566192.168.2.1383.222.18.36
    Jan 8, 2025 19:51:03.507946014 CET5213613566192.168.2.1383.222.59.144
    Jan 8, 2025 19:51:03.510432959 CET135663454083.222.18.36192.168.2.13
    Jan 8, 2025 19:51:03.510482073 CET3454013566192.168.2.1383.222.18.36
    Jan 8, 2025 19:51:03.511795044 CET5103013566192.168.2.1383.222.59.255
    Jan 8, 2025 19:51:03.512737989 CET135665213683.222.59.144192.168.2.13
    Jan 8, 2025 19:51:03.512782097 CET5213613566192.168.2.1383.222.59.144
    Jan 8, 2025 19:51:03.516638041 CET135665103083.222.59.255192.168.2.13
    Jan 8, 2025 19:51:03.516678095 CET5103013566192.168.2.1383.222.59.255
    Jan 8, 2025 19:51:03.520247936 CET5103013566192.168.2.1383.222.59.255
    Jan 8, 2025 19:51:03.521771908 CET5887413566192.168.2.1383.222.238.93
    Jan 8, 2025 19:51:03.524491072 CET3673213566192.168.2.1383.222.8.109
    Jan 8, 2025 19:51:03.525062084 CET135665103083.222.59.255192.168.2.13
    Jan 8, 2025 19:51:03.525103092 CET5103013566192.168.2.1383.222.59.255
    Jan 8, 2025 19:51:03.526644945 CET135665887483.222.238.93192.168.2.13
    Jan 8, 2025 19:51:03.526689053 CET5887413566192.168.2.1383.222.238.93
    Jan 8, 2025 19:51:03.527192116 CET3843213566192.168.2.1383.222.109.22
    Jan 8, 2025 19:51:03.529268980 CET135663673283.222.8.109192.168.2.13
    Jan 8, 2025 19:51:03.529309988 CET3673213566192.168.2.1383.222.8.109
    Jan 8, 2025 19:51:03.529957056 CET4155013566192.168.2.1383.222.46.196
    Jan 8, 2025 19:51:03.531975031 CET5512413566192.168.2.1383.222.23.60
    Jan 8, 2025 19:51:03.532007933 CET135663843283.222.109.22192.168.2.13
    Jan 8, 2025 19:51:03.532042980 CET3843213566192.168.2.1383.222.109.22
    Jan 8, 2025 19:51:03.534816027 CET135664155083.222.46.196192.168.2.13
    Jan 8, 2025 19:51:03.534859896 CET4155013566192.168.2.1383.222.46.196
    Jan 8, 2025 19:51:03.536837101 CET135665512483.222.23.60192.168.2.13
    Jan 8, 2025 19:51:03.536878109 CET5512413566192.168.2.1383.222.23.60
    Jan 8, 2025 19:51:03.537427902 CET4846413566192.168.2.1383.222.139.117
    Jan 8, 2025 19:51:03.540668011 CET5131813566192.168.2.1383.222.83.69
    Jan 8, 2025 19:51:03.542201042 CET135664846483.222.139.117192.168.2.13
    Jan 8, 2025 19:51:03.542237997 CET4846413566192.168.2.1383.222.139.117
    Jan 8, 2025 19:51:03.543342113 CET3646613566192.168.2.1383.222.52.214
    Jan 8, 2025 19:51:03.545506954 CET135665131883.222.83.69192.168.2.13
    Jan 8, 2025 19:51:03.545542955 CET5131813566192.168.2.1383.222.83.69
    Jan 8, 2025 19:51:03.546061993 CET5658413566192.168.2.1383.222.65.220
    Jan 8, 2025 19:51:03.548234940 CET3730813566192.168.2.1383.222.106.249
    Jan 8, 2025 19:51:03.548293114 CET135663646683.222.52.214192.168.2.13
    Jan 8, 2025 19:51:03.548340082 CET3646613566192.168.2.1383.222.52.214
    Jan 8, 2025 19:51:03.550899029 CET135665658483.222.65.220192.168.2.13
    Jan 8, 2025 19:51:03.550955057 CET5658413566192.168.2.1383.222.65.220
    Jan 8, 2025 19:51:03.550970078 CET4013613566192.168.2.1383.222.247.1
    Jan 8, 2025 19:51:03.553088903 CET135663730883.222.106.249192.168.2.13
    Jan 8, 2025 19:51:03.553147078 CET3730813566192.168.2.1383.222.106.249
    Jan 8, 2025 19:51:03.553641081 CET3392413566192.168.2.1383.222.239.50
    Jan 8, 2025 19:51:03.555811882 CET135664013683.222.247.1192.168.2.13
    Jan 8, 2025 19:51:03.555855036 CET4013613566192.168.2.1383.222.247.1
    Jan 8, 2025 19:51:03.556226969 CET3752413566192.168.2.1383.222.111.1
    Jan 8, 2025 19:51:03.558491945 CET135663392483.222.239.50192.168.2.13
    Jan 8, 2025 19:51:03.558537960 CET3392413566192.168.2.1383.222.239.50
    Jan 8, 2025 19:51:03.560991049 CET135663752483.222.111.1192.168.2.13
    Jan 8, 2025 19:51:03.561029911 CET3752413566192.168.2.1383.222.111.1
    Jan 8, 2025 19:51:03.562737942 CET5419613566192.168.2.1383.222.86.170
    Jan 8, 2025 19:51:03.566485882 CET3980413566192.168.2.1383.222.145.145
    Jan 8, 2025 19:51:03.567559004 CET135665419683.222.86.170192.168.2.13
    Jan 8, 2025 19:51:03.567603111 CET5419613566192.168.2.1383.222.86.170
    Jan 8, 2025 19:51:03.570373058 CET4723813566192.168.2.1383.222.169.127
    Jan 8, 2025 19:51:03.571259022 CET135663980483.222.145.145192.168.2.13
    Jan 8, 2025 19:51:03.571297884 CET3980413566192.168.2.1383.222.145.145
    Jan 8, 2025 19:51:03.572700977 CET3514213566192.168.2.1383.222.238.177
    Jan 8, 2025 19:51:03.575161934 CET135664723883.222.169.127192.168.2.13
    Jan 8, 2025 19:51:03.575201035 CET4723813566192.168.2.1383.222.169.127
    Jan 8, 2025 19:51:03.576704979 CET4749613566192.168.2.1383.222.237.91
    Jan 8, 2025 19:51:03.577532053 CET135663514283.222.238.177192.168.2.13
    Jan 8, 2025 19:51:03.577574015 CET3514213566192.168.2.1383.222.238.177
    Jan 8, 2025 19:51:03.580671072 CET5165813566192.168.2.1383.222.199.27
    Jan 8, 2025 19:51:03.581459045 CET135664749683.222.237.91192.168.2.13
    Jan 8, 2025 19:51:03.581520081 CET4749613566192.168.2.1383.222.237.91
    Jan 8, 2025 19:51:03.584388018 CET3296013566192.168.2.1383.222.32.222
    Jan 8, 2025 19:51:03.585526943 CET135665165883.222.199.27192.168.2.13
    Jan 8, 2025 19:51:03.585557938 CET5165813566192.168.2.1383.222.199.27
    Jan 8, 2025 19:51:03.587739944 CET4893813566192.168.2.1383.222.87.171
    Jan 8, 2025 19:51:03.589174986 CET135663296083.222.32.222192.168.2.13
    Jan 8, 2025 19:51:03.589220047 CET3296013566192.168.2.1383.222.32.222
    Jan 8, 2025 19:51:03.592524052 CET135664893883.222.87.171192.168.2.13
    Jan 8, 2025 19:51:03.592560053 CET4893813566192.168.2.1383.222.87.171
    Jan 8, 2025 19:51:03.592847109 CET4191013566192.168.2.1383.222.84.171
    Jan 8, 2025 19:51:03.597606897 CET135664191083.222.84.171192.168.2.13
    Jan 8, 2025 19:51:03.597652912 CET4191013566192.168.2.1383.222.84.171
    Jan 8, 2025 19:51:03.613388062 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:51:03.618216038 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:51:03.618263006 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:51:03.622767925 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:51:03.627615929 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:51:03.627661943 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:51:03.632438898 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:51:13.632946968 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:51:13.637836933 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:51:13.839699030 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:51:13.839813948 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:51:14.209110975 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:51:14.209156990 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:52:14.259937048 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:52:14.349162102 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:52:14.607983112 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:52:14.608068943 CET4276613566192.168.2.1383.222.191.90
    Jan 8, 2025 19:52:15.208873034 CET135664276683.222.191.90192.168.2.13
    Jan 8, 2025 19:52:15.208986998 CET4276613566192.168.2.1383.222.191.90

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 8, 2025 19:51:03.599761009 CET4040453192.168.2.138.8.8.8
    Jan 8, 2025 19:51:03.611172915 CET53404048.8.8.8192.168.2.13

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jan 8, 2025 19:51:03.599761009 CET192.168.2.138.8.8.80xfb52Standard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jan 8, 2025 19:51:03.611172915 CET8.8.8.8192.168.2.130xfb52No error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):18:51:02
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.m68k.elf
    Arguments:/tmp/Kloki.m68k.elf
    File size:4463432 bytes
    MD5 hash:cd177594338c77b895ae27c33f8f86cc

    Chronological Activities


    General

    Start time (UTC):18:51:02
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.m68k.elf
    Arguments:-
    File size:4463432 bytes
    MD5 hash:cd177594338c77b895ae27c33f8f86cc

    Chronological Activities


    General

    Start time (UTC):18:51:02
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.m68k.elf
    Arguments:-
    File size:4463432 bytes
    MD5 hash:cd177594338c77b895ae27c33f8f86cc

    Chronological Activities


    General

    Start time (UTC):18:51:02
    Start date (UTC):08/01/2025
    Path:/tmp/Kloki.m68k.elf
    Arguments:-
    File size:4463432 bytes
    MD5 hash:cd177594338c77b895ae27c33f8f86cc

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/bin/gnome-shell
    Arguments:/usr/bin/gnome-shell
    File size:23168 bytes
    MD5 hash:da7a257239677622fe4b3a65972c9e87

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gsd-print-notifications
    Arguments:/usr/libexec/gsd-print-notifications
    File size:51840 bytes
    MD5 hash:71539698aa691718cee775d6b9450ae2

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/libexec/gsd-rfkill
    Arguments:/usr/libexec/gsd-rfkill
    File size:51808 bytes
    MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/sbin/gdm3
    Arguments:-
    File size:453296 bytes
    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/etc/gdm3/PrimeOff/Default
    Arguments:/etc/gdm3/PrimeOff/Default
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/usr/sbin/gdm3
    Arguments:-
    File size:453296 bytes
    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

    Chronological Activities


    General

    Start time (UTC):18:51:03
    Start date (UTC):08/01/2025
    Path:/etc/gdm3/PrimeOff/Default
    Arguments:/etc/gdm3/PrimeOff/Default
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    Chronological Activities


    General

    Start time (UTC):18:51:13
    Start date (UTC):08/01/2025
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Chronological Activities


    General

    Start time (UTC):18:51:13
    Start date (UTC):08/01/2025
    Path:/lib/systemd/systemd-user-runtime-dir
    Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
    File size:22672 bytes
    MD5 hash:d55f4b0847f88131dbcfb07435178e54

    Chronological Activities