Edit tour

Linux Analysis Report
m68k.elf

Overview

General Information

Sample name:	m68k.elf
Analysis ID:	1588732
MD5:	24ef579fdde7ec694409cb5ad2476c45
SHA1:	4bcf2f3979d3e6567854d67daecc85faebf06c97
SHA256:	ced0e85a26c9457902af7951b94799b31b44c91a92c1004d411d900c7146c8cc
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588732
Start date and time:	2025-01-11 04:46:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	m68k.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/m68k.elf
PID:	5413
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	wormbot
Standard Error:

Process Tree

system is lnxubuntu20

m68k.elf (PID: 5413, Parent: 5336, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/m68k.elf

m68k.elf New Fork (PID: 5415, Parent: 5413)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
m68k.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xd0eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd0ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd113:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd127:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd13b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd14f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd163:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd177:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd18b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd19f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd203:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd217:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd22b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd23f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd253:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd267:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd27b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
5413.1.00007f8a7000f000.00007f8a70011000.rw-.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xeb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x113:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x127:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x177:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x203:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x217:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x22b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x23f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x253:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x267:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5413.1.00007f8a70001000.00007f8a7000f000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xd0eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd0ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd113:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd127:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd13b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd14f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd163:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd177:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd18b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd19f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd203:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd217:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd22b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd23f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd253:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd267:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd27b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: m68k.elf PID: 5413	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x3b1a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b2e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b42:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b56:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b6a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b7e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b92:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3ba6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3be2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bf6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c0a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c1e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c32:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c46:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c5a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c6e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c82:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c96:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3caa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: m68k.elf

Virustotal: Detection: 28%

Perma Link

Source: global traffic

TCP traffic: 192.168.2.13:45926 -> 85.239.34.134:999

Source: /tmp/m68k.elf (PID: 5413)

Socket: 127.0.0.1:7567

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.34.134

System Summary

Malicious sample detected (through community Yara rule)

Source: m68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5413.1.00007f8a7000f000.00007f8a70011000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5413.1.00007f8a70001000.00007f8a7000f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: m68k.elf PID: 5413, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: m68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5413.1.00007f8a7000f000.00007f8a70011000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5413.1.00007f8a70001000.00007f8a7000f000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: m68k.elf PID: 5413, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Source: /tmp/m68k.elf (PID: 5413)

Queries kernel information via 'uname':

Jump to behavior

Source: m68k.elf, 5413.1.000055c0bb192000.000055c0bb217000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: m68k.elf, 5413.1.00007ffda383f000.00007ffda3860000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: m68k.elf, 5413.1.000055c0bb192000.000055c0bb217000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: m68k.elf, 5413.1.00007ffda383f000.00007ffda3860000.rw-.sdmp	Binary or memory string: Rx86_64/usr/bin/qemu-m68k/tmp/m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/m68k.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
m68k.elf	29%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
85.239.34.134	unknown	Russian Federation		134121	RAINBOW-HKRainbownetworklimitedHK	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
85.239.34.134	mpsl.elf	Get hash	malicious	Unknown	Browse
	harm.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	spc.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	arm.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Mirai	Browse
	arm.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
RAINBOW-HKRainbownetworklimitedHK	mpsl.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	harm.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	mips.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	spc.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	x86.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm7.elf	Get hash	malicious	Mirai	Browse	85.239.34.134
	arm.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	arm7.elf	Get hash	malicious	Unknown	Browse	85.239.34.134
	x86.elf	Get hash	malicious	Unknown	Browse	85.239.34.134

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.138103641167915
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	m68k.elf
File size:	57'944 bytes
MD5:	24ef579fdde7ec694409cb5ad2476c45
SHA1:	4bcf2f3979d3e6567854d67daecc85faebf06c97
SHA256:	ced0e85a26c9457902af7951b94799b31b44c91a92c1004d411d900c7146c8cc
SHA512:	98180065f5e929fc4ab6effb46425cc5452a6e5e459cf2eac8ee31809c655b884352acbdaf4ee73546025067114a75375b8587d4757be45c8c2129b2b04555ed
SSDEEP:	1536:CPf4fce4RRk7R8qqnQeuacWjcW0JcWcBftCuI5EGzl16quC:+0cxnk7AnQeuacWjcW0JcWcB1CuIeFqH
TLSH:	CD432ACBF401DD7EF84AD67B0C564E5D7671B2E106C3062613ABBA6BE936188291BCC1
File Content Preview:	.ELF.......................D...4...x.....4. ...(.......................T...T...............T...T...T......( ........dt.Q............................NV..a....da....<N^NuNV..J9...(f>"y...p QJ.g.X.#....pN."y...p QJ.f.A.....J.g.Hy...TN.X........(N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	57464
Section Header Size:	40
Number of Section Headers:	12
Header String Table Index:	11

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0xcf66	0x0	0x6	AX	4
.fini	PROGBITS	0x8000d00e	0xd00e	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x8000d01c	0xd01c	0xc38	0x0	0x2	A	2
.eh_frame	PROGBITS	0x8000ec54	0xdc54	0x4	0x0	0x3	WA	4
.ctors	PROGBITS	0x8000ec58	0xdc58	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x8000ec60	0xdc60	0x8	0x0	0x3	WA	4
.jcr	PROGBITS	0x8000ec68	0xdc68	0x4	0x0	0x3	WA	4
.data	PROGBITS	0x8000ec6c	0xdc6c	0x3bc	0x0	0x3	WA	4
.bss	NOBITS	0x8000f028	0xe028	0x244c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xe028	0x4d	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0xdc54	0xdc54	6.1514	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xdc54	0x8000ec54	0x8000ec54	0x3d4	0x2820	4.8097	0x6	RW	0x1000	.eh_frame .ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 04:47:16.651823997 CET	45926	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:16.656709909 CET	999	45926	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:16.656802893 CET	45926	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:16.656980038 CET	45926	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:16.661705017 CET	999	45926	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:16.661772013 CET	45926	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:16.666490078 CET	999	45926	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:18.403772116 CET	999	45926	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:18.404767990 CET	45926	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:18.409599066 CET	999	45926	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:19.406883955 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:19.411932945 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:19.412031889 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:19.412053108 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:19.416790962 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:19.416852951 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:19.422584057 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:21.169760942 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:21.170207977 CET	45928	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:21.175122023 CET	999	45928	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:22.172117949 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:22.177012920 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:22.177093983 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:22.177109957 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:22.181838036 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:22.181885004 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:22.186635017 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:23.971451044 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:23.971879005 CET	45930	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:23.976691961 CET	999	45930	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:24.973815918 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:24.978840113 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:24.978914022 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:24.978939056 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:24.983728886 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:24.983778954 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:24.988570929 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:26.747946978 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:26.748420954 CET	45932	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:26.753293037 CET	999	45932	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:27.750874043 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:27.755765915 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:27.755846977 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:27.755913973 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:27.760668993 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:27.760724068 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:27.765486956 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:29.517414093 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:29.517743111 CET	45934	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:29.522661924 CET	999	45934	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:30.520471096 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:30.525496006 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:30.525625944 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:30.525666952 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:30.530498981 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:30.530558109 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:30.535375118 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:32.264688969 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:32.264970064 CET	45936	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:32.269956112 CET	999	45936	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:33.266541958 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:33.271410942 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:33.271461010 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:33.271478891 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:33.276262999 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:33.276298046 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:33.281054020 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:35.015505075 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:35.015669107 CET	45938	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:35.020556927 CET	999	45938	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:36.017273903 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:36.022249937 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:36.022455931 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:36.022455931 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:36.027254105 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:36.027695894 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:36.032561064 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:37.800705910 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:37.801131964 CET	45940	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:37.806026936 CET	999	45940	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:38.804048061 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:38.809108019 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:38.809195995 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:38.809237003 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:38.813998938 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:38.814088106 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:38.818908930 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:40.560376883 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:40.560619116 CET	45942	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:40.565407038 CET	999	45942	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:41.562987089 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:41.567976952 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:41.568056107 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:41.568104029 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:41.572927952 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:41.572990894 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:41.577797890 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:43.312743902 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:43.313071966 CET	45944	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:43.317912102 CET	999	45944	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:44.315535069 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:44.320688963 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:44.320807934 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:44.320897102 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:44.325767994 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:44.325858116 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:44.330780983 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:46.113369942 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:46.113626003 CET	45946	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:46.118570089 CET	999	45946	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:47.116189957 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:47.121432066 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:47.121526003 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:47.121575117 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:47.126353979 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:47.126427889 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:47.131222010 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:48.873080015 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:48.873301983 CET	45948	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:48.878268957 CET	999	45948	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:49.876837015 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:49.881887913 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:49.882044077 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:49.882078886 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:49.886907101 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:49.887003899 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:49.891885996 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:51.642751932 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:51.643017054 CET	45950	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:51.648402929 CET	999	45950	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:52.645627975 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:52.650693893 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:52.650779009 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:52.650810957 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:52.655565977 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:52.655627966 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:52.660387993 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:54.405065060 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:54.405493021 CET	45952	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:54.410330057 CET	999	45952	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:55.408093929 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:55.412980080 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:55.413080931 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:55.413124084 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:55.417923927 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:55.417989016 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:55.422702074 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:57.187570095 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:57.188108921 CET	45954	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:57.192872047 CET	999	45954	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:58.191061020 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:58.197199106 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:58.197280884 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:58.197335005 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:58.202193022 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:58.202300072 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:58.207143068 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:59.953387022 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:47:59.953536987 CET	45956	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:47:59.958422899 CET	999	45956	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:00.956737041 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:00.961726904 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:00.961818933 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:00.961857080 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:00.966608047 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:00.966692924 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:00.971524000 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:02.719039917 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:02.719280958 CET	45958	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:02.724139929 CET	999	45958	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:03.721272945 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:03.726171970 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:03.726258039 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:03.726258039 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:03.731021881 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:03.731085062 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:03.735822916 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:05.482893944 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:05.483391047 CET	45960	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:05.488327026 CET	999	45960	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:06.485541105 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:06.490550041 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:06.490618944 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:06.490638971 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:06.495446920 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:06.495501041 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:06.500466108 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:08.252284050 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:08.252563000 CET	45962	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:08.257328033 CET	999	45962	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:09.254523039 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:09.259556055 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:09.259637117 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:09.259638071 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:09.264415979 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:09.264477015 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:09.270196915 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:11.017827034 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:11.018017054 CET	45964	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:11.022865057 CET	999	45964	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:12.021708965 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:12.026671886 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:12.026751041 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:12.026767969 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:12.031569004 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:12.031636953 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:12.036423922 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:13.781404972 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:13.781759024 CET	45966	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:13.786549091 CET	999	45966	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:14.783767939 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:14.788793087 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:14.788887978 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:14.788907051 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:14.793759108 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:14.793966055 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:14.798835993 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:16.566284895 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:16.566684961 CET	45968	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:16.571451902 CET	999	45968	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:17.568484068 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:17.574184895 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:17.574263096 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:17.574294090 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:17.580368996 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:17.580434084 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:17.585324049 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:19.326764107 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:19.326984882 CET	45970	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:19.332011938 CET	999	45970	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:20.329266071 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:20.334218979 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:20.334314108 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:20.334325075 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:20.339160919 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:20.339229107 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:20.343976974 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:22.094981909 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:22.095383883 CET	45972	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:22.100334883 CET	999	45972	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:23.099734068 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:23.104865074 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:23.104942083 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:23.104979038 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:23.109824896 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:23.109894037 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:23.114995003 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:24.883335114 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:24.883636951 CET	45974	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:24.888391018 CET	999	45974	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:25.885987043 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:25.891267061 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:25.891382933 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:25.891488075 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:25.896264076 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:25.896409988 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:25.901259899 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:27.643080950 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:27.644422054 CET	45976	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:27.649219036 CET	999	45976	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:28.647197962 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:28.652406931 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:28.652503967 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:28.652559996 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:28.657272100 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:28.657335997 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:28.662201881 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:30.420604944 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:30.421092033 CET	45978	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:30.426433086 CET	999	45978	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:31.423737049 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:31.429879904 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:31.429960012 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:31.430087090 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:31.434854984 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:31.434921026 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:31.440516949 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:33.201786995 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:33.202373981 CET	45980	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:33.207405090 CET	999	45980	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:34.204901934 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:34.209959030 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:34.210052967 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:34.210094929 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:34.214912891 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:34.214979887 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:34.219870090 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:35.990783930 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:35.991470098 CET	45982	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:35.999690056 CET	999	45982	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:36.994424105 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:37.003880978 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:37.003992081 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:37.004041910 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:37.010986090 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:37.011070967 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:37.015885115 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:38.765000105 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:38.765346050 CET	45984	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:38.770283937 CET	999	45984	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:39.768064976 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:39.774561882 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:39.774640083 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:39.774658918 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:39.779596090 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:39.779663086 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:39.784526110 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:41.533092022 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:41.533401012 CET	45986	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:41.538258076 CET	999	45986	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:42.535913944 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:42.540838003 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:42.540905952 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:42.540970087 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:42.545708895 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:42.545756102 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:42.550501108 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:44.298626900 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:44.298990965 CET	45988	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:44.303781033 CET	999	45988	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:45.300894022 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:45.305819035 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:45.305924892 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:45.305962086 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:45.310729980 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:45.310834885 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:45.315675974 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:47.061321020 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:47.062021971 CET	45990	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:47.066790104 CET	999	45990	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:48.064718962 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:48.069763899 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:48.069844007 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:48.069869995 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:48.074656963 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:48.074727058 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:48.079518080 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:49.828577042 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:49.828816891 CET	45992	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:49.833662987 CET	999	45992	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:50.830530882 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:50.835433960 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:50.835510969 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:50.835535049 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:50.840329885 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:50.840394974 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:50.845210075 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:52.594651937 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:52.594954014 CET	45994	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:52.599693060 CET	999	45994	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:53.596714020 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:53.601849079 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:53.601929903 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:53.601942062 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:53.606800079 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:53.606853962 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:53.611689091 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:55.358572006 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:55.358742952 CET	45996	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:55.363581896 CET	999	45996	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:56.360522985 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:56.365294933 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:56.365379095 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:56.365401983 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:56.370160103 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:56.370219946 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:56.375024080 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:58.123738050 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:58.124003887 CET	45998	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:58.128720999 CET	999	45998	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:59.125693083 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:59.130455971 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:59.130525112 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:59.130557060 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:59.135333061 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:48:59.135415077 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:48:59.140132904 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:00.893395901 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:00.893572092 CET	46000	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:00.898379087 CET	999	46000	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:01.896469116 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:01.901376009 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:01.901447058 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:01.901460886 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:01.906359911 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:01.906411886 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:01.911292076 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:03.675705910 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:03.675957918 CET	46002	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:03.680871010 CET	999	46002	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:04.688530922 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:04.693483114 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:04.693568945 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:04.693614960 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:04.698371887 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:04.698436022 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:04.703902006 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:06.487720966 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:06.487942934 CET	46004	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:06.492799044 CET	999	46004	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:07.490714073 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:07.495608091 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:07.495692968 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:07.495731115 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:07.500493050 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:07.500550985 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:07.505315065 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:09.266567945 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:09.266746998 CET	46006	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:09.271492958 CET	999	46006	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:10.268604040 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:10.273674965 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:10.273772001 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:10.273772001 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:10.278726101 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:10.278794050 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:10.283857107 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:12.032120943 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:12.032330990 CET	46008	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:12.037223101 CET	999	46008	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:13.034336090 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:13.039345026 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:13.039417028 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:13.039472103 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:13.044362068 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:13.044420958 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:13.049320936 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:14.815882921 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:14.816365957 CET	46010	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:14.821163893 CET	999	46010	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:15.819086075 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:15.823973894 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:15.824043036 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:15.824067116 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:15.828874111 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:15.828988075 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:15.833931923 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:17.597014904 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:17.597239971 CET	46012	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:17.602163076 CET	999	46012	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:18.599978924 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:18.604938984 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:18.605019093 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:18.605066061 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:18.609858036 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:18.609920979 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:18.614768982 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:20.360522032 CET	999	46014	85.239.34.134	192.168.2.13
Jan 11, 2025 04:49:20.360883951 CET	46014	999	192.168.2.13	85.239.34.134
Jan 11, 2025 04:49:20.365820885 CET	999	46014	85.239.34.134	192.168.2.13

System Behavior

Analysis Process: m68k.elf PID: 5413, Parent PID: 5336

General

Start time (UTC):	03:47:15
Start date (UTC):	11/01/2025
Path:	/tmp/m68k.elf
Arguments:	/tmp/m68k.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: m68k.elf PID: 5415, Parent PID: 5413

General

Start time (UTC):	03:47:15
Start date (UTC):	11/01/2025
Path:	/tmp/m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report m68k.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: m68k.elf PID: 5413, Parent PID: 5336

General

Chronological Activities

Analysis Process: m68k.elf PID: 5415, Parent PID: 5413

General

Chronological Activities

Linux Analysis Report
m68k.elf