Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86.elf

Overview

General Information

Sample name:x86.elf
Analysis ID:1586874
MD5:faca7be4ee01de70bb6c53f74693077e
SHA1:661be3f86e33f5ecce194724be39a4c8ff609f26
SHA256:c71e2db836ea5c7348782b63b392185eb54314a283a9c6b0f99834b76a70e162
Tags:user-elfdigest
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1586874
Start date and time:2025-01-09 17:50:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 21s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:x86.elf
Detection:MAL
Classification:mal52.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: x86.elf

Runtime Messages

Command:/tmp/x86.elf
PID:5436
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
wormbot
Standard Error:

Process Tree

  • system is lnxubuntu20
  • x86.elf (PID: 5436, Parent: 5360, MD5: faca7be4ee01de70bb6c53f74693077e) Arguments: /tmp/x86.elf
    • x86.elf New Fork (PID: 5437, Parent: 5436)
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
x86.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x97e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x97fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9810:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9824:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9838:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x984c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9860:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x989c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x98b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x98c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x98d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x98ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9900:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9914:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9928:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x993c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9950:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9964:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9978:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
x86.elfLinux_Trojan_Mirai_122ff2e6unknownunknown
  • 0x6433:$a: 24 EB 15 89 F0 83 C8 01 EB 03 8B 5B 08 3B 43 04 72 F8 8B 4B 0C 89
x86.elfLinux_Trojan_Mirai_fa48b592unknownunknown
  • 0x8f05:$a: 31 C0 BA 01 00 00 00 B9 01 00 00 00 03 04 24 89 D7 31 D2 F7 F7 0F
x86.elfLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x4be2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

Memory Dumps

SourceRuleDescriptionAuthorStrings
5436.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x97e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x97fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9810:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9824:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9838:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x984c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9860:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x989c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x98b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x98c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x98d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x98ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9900:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9914:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9928:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x993c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9950:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9964:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x9978:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5436.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Mirai_122ff2e6unknownunknown
  • 0x6433:$a: 24 EB 15 89 F0 83 C8 01 EB 03 8B 5B 08 3B 43 04 72 F8 8B 4B 0C 89
5436.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Mirai_fa48b592unknownunknown
  • 0x8f05:$a: 31 C0 BA 01 00 00 00 B9 01 00 00 00 03 04 24 89 D7 31 D2 F7 F7 0F
5436.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x4be2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: x86.elfJoe Sandbox ML: detected
Source: global trafficTCP traffic: 192.168.2.13:45926 -> 85.239.34.134:999
Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknownTCP traffic detected without corresponding DNS query: 85.239.34.134

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5436.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5436.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown
Source: 5436.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown
Source: 5436.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: ELF static info symbol of initial sample.symtab present: no
Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5436.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: classification engineClassification label: mal52.linELF@0/0@0/0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
x86.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
85.239.34.134
unknownRussian Federation
134121RAINBOW-HKRainbownetworklimitedHKfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
85.239.34.134154.216.17.162-arm-2025-01-09T02_53_12.elfGet hashmaliciousUnknownBrowse
    ppc.elfGet hashmaliciousUnknownBrowse
      x86.elfGet hashmaliciousUnknownBrowse
        mpsl.elfGet hashmaliciousUnknownBrowse
          m68k.elfGet hashmaliciousUnknownBrowse
            arm6.elfGet hashmaliciousUnknownBrowse
              mips.elfGet hashmaliciousUnknownBrowse
                arm5.elfGet hashmaliciousUnknownBrowse
                  spc.elfGet hashmaliciousUnknownBrowse
                    sh4.elfGet hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      RAINBOW-HKRainbownetworklimitedHK154.216.17.162-arm-2025-01-09T02_53_12.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      ppc.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      x86.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      mpsl.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      m68k.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      arm6.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      mips.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      arm5.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      spc.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134
                      sh4.elfGet hashmaliciousUnknownBrowse
                      • 85.239.34.134

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      No created / dropped files found

                      Static File Info

                      General

                      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                      Entropy (8bit):6.413532199276339
                      TrID:
                      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                      File name:x86.elf
                      File size:44'724 bytes
                      MD5:faca7be4ee01de70bb6c53f74693077e
                      SHA1:661be3f86e33f5ecce194724be39a4c8ff609f26
                      SHA256:c71e2db836ea5c7348782b63b392185eb54314a283a9c6b0f99834b76a70e162
                      SHA512:d6bd61327d06cac7b037ca885b71d2ed76e011ec6e20406755f08b9614b133d47b4965baeea72d80ce67c11234019872396a3dd5086fab6a004c068a520c7e4d
                      SSDEEP:768:Zc/bwVWtLcVmJJEFzmc5cKuiYypvkioyiOEZ9kUabn7Z4ne1YIImsGro:G0WJjc5cK/Y1yBi9k7bn7Zqe1YRzGr
                      TLSH:0D134C84F643DBF6C447117420A6F73B9A30FADA3258F507D3E8B972BC53A21A50758A
                      File Content Preview:.ELF........................4...........4. ...(.....................4...4...............4...43..43......08...................8...8..................Q.td............................U..S............h....#...[]...$.............U......=@<...t..5.....8......8.

                      Static ELF Info

                      ELF header

                      Class:ELF32
                      Data:2's complement, little endian
                      Version:1 (current)
                      Machine:Intel 80386
                      Version Number:0x1
                      Type:EXEC (Executable file)
                      OS/ABI:UNIX - System V
                      ABI Version:0
                      Entry Point Address:0x8048184
                      Flags:0x0
                      ELF Header Size:52
                      Program Header Offset:52
                      Program Header Size:32
                      Number of Program Headers:4
                      Section Header Offset:44164
                      Section Header Size:40
                      Number of Section Headers:14
                      Header String Table Index:13

                      Sections

                      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                      NULL0x00x00x00x00x0000
                      .initPROGBITS0x80480b40xb40x1c0x00x6AX001
                      .textPROGBITS0x80480d00xd00x92470x00x6AX0016
                      .finiPROGBITS0x80513170x93170x170x00x6AX001
                      .rodataPROGBITS0x80513300x93300x10040x00x2A004
                      .eh_framePROGBITS0x80533340xa3340x54c0x00x3WA004
                      .tbssNOBITS0x80538800xa8800x80x00x403WAT004
                      .ctorsPROGBITS0x80538800xa8800x80x00x3WA004
                      .dtorsPROGBITS0x80538880xa8880x80x00x3WA004
                      .jcrPROGBITS0x80538900xa8900x40x00x3WA004
                      .got.pltPROGBITS0x80538940xa8940xc0x40x3WA004
                      .dataPROGBITS0x80538a00xa8a00x3880x00x3WA0032
                      .bssNOBITS0x8053c400xac280x2f240x00x3WA0032
                      .shstrtabSTRTAB0x00xac280x5c0x00x0001

                      Program Segments

                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                      LOAD0x00x80480000x80480000xa3340xa3346.45280x5R E0x1000.init .text .fini .rodata
                      LOAD0xa3340x80533340x80533340x8f40x38305.08030x6RW 0x1000.eh_frame .tbss .ctors .dtors .jcr .got.plt .data .bss
                      TLS0xa8800x80538800x80538800x00x80.00000x4R 0x4.tbss
                      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 9, 2025 17:50:56.717694044 CET45926999192.168.2.1385.239.34.134
                      Jan 9, 2025 17:50:56.722630978 CET9994592685.239.34.134192.168.2.13
                      Jan 9, 2025 17:50:56.722683907 CET45926999192.168.2.1385.239.34.134
                      Jan 9, 2025 17:50:56.722702980 CET45926999192.168.2.1385.239.34.134
                      Jan 9, 2025 17:50:56.727531910 CET9994592685.239.34.134192.168.2.13
                      Jan 9, 2025 17:50:56.727572918 CET45926999192.168.2.1385.239.34.134
                      Jan 9, 2025 17:50:56.732311964 CET9994592685.239.34.134192.168.2.13
                      Jan 9, 2025 17:51:06.732938051 CET45926999192.168.2.1385.239.34.134
                      Jan 9, 2025 17:51:06.738001108 CET9994592685.239.34.134192.168.2.13
                      Jan 9, 2025 17:51:06.951697111 CET9994592685.239.34.134192.168.2.13
                      Jan 9, 2025 17:51:06.951932907 CET45926999192.168.2.1385.239.34.134
                      Jan 9, 2025 17:52:07.005136967 CET45926999192.168.2.1385.239.34.134
                      Jan 9, 2025 17:52:07.011406898 CET9994592685.239.34.134192.168.2.13
                      Jan 9, 2025 17:52:07.240154028 CET9994592685.239.34.134192.168.2.13
                      Jan 9, 2025 17:52:07.240614891 CET45926999192.168.2.1385.239.34.134

                      System Behavior

                      General

                      Start time (UTC):16:50:56
                      Start date (UTC):09/01/2025
                      Path:/tmp/x86.elf
                      Arguments:/tmp/x86.elf
                      File size:44724 bytes
                      MD5 hash:faca7be4ee01de70bb6c53f74693077e

                      Chronological Activities


                      General

                      Start time (UTC):16:50:56
                      Start date (UTC):09/01/2025
                      Path:/tmp/x86.elf
                      Arguments:-
                      File size:44724 bytes
                      MD5 hash:faca7be4ee01de70bb6c53f74693077e