Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
camp.x86.elf

Overview

General Information

Sample name:camp.x86.elf
Analysis ID:1589239
MD5:6b451baba12ac4e4f1690b2b04ab61a4
SHA1:5ad2a6a0536d39ef7e57b80ac136b2c9973260ee
SHA256:2db3cd41a5b0d964624cbbf35587877cd84276122cca2ef07698b88ef5790680
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1589239
Start date and time:2025-01-11 23:47:14 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 34s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:camp.x86.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/camp.x86.elf
PID:5521
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5521.1.0000000008048000.0000000008059000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    5521.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xd8d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd8e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd8fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd910:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd924:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd938:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd94c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd960:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd974:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd988:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd99c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd9b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd9c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd9d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd9ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xda00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xda14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xda28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xda3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xda50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xda64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5521.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_fa3ad9d0unknownunknown
    • 0xbaa:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
    5521.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
    • 0x4940:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
    5521.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_93fc3657unknownunknown
    • 0xc35:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
    Click to see the 55 entries

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: camp.x86.elfVirustotal: Detection: 44%Perma Link
    Source: camp.x86.elfReversingLabs: Detection: 47%
    Machine Learning detection for sample
    Source: camp.x86.elfJoe Sandbox ML: detected
    Source: global trafficTCP traffic: 192.168.2.15:40726 -> 5.181.159.16:3778
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
    Source: camp.x86.elfString found in binary or memory: http://upx.sf.net

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Source: Process Memory Space: camp.x86.elf PID: 5521, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: camp.x86.elf PID: 5522, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: camp.x86.elf PID: 5523, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: camp.x86.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: LOAD without section mappingsProgram segment: 0xc01000
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: Process Memory Space: camp.x86.elf PID: 5521, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: camp.x86.elf PID: 5522, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: camp.x86.elf PID: 5523, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: camp.x86.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal72.troj.evad.linELF@0/0@0/0

    Data Obfuscation

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/110/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/231/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/111/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/112/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/233/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/113/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/114/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/235/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/115/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1333/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/116/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1695/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/117/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/118/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/119/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/911/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/914/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/10/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/917/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/11/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/12/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/13/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/14/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/15/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/16/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/17/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/18/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/19/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1591/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/120/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/121/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/122/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/243/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/2/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/123/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/3/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/124/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1588/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/125/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/4/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/246/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/126/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/5/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/127/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/6/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1585/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/128/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/7/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/129/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/8/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/800/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/9/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/802/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/803/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/804/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/20/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/21/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/3407/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/22/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/23/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/24/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/25/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/26/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/27/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/28/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/29/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1484/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/490/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/250/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/130/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/251/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/131/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/132/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/133/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1479/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/378/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/258/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/259/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/931/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1595/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/812/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/933/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/30/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/3419/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/35/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/3310/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/260/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/261/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/262/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/142/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/263/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/264/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/265/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/145/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/266/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/267/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/268/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/3303/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/269/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1486/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/1806/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/3440/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/270/statusJump to behavior
    Source: /tmp/camp.x86.elf (PID: 5521)File opened: /proc/271/statusJump to behavior
    Source: camp.x86.elfSubmission file: segment LOAD with 7.9547 entropy (max. 8.0)

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: camp.x86.elf PID: 5521, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: camp.x86.elf PID: 5522, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: camp.x86.elf PID: 5523, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: camp.x86.elf PID: 5527, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 5521.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5522.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5523.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5527.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: camp.x86.elf PID: 5521, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: camp.x86.elf PID: 5522, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: camp.x86.elf PID: 5523, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: camp.x86.elf PID: 5527, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
    Obfuscated Files or Information    		1
    OS Credential Dumping    		System Service DiscoveryRemote ServicesData from Local System1
    Non-Standard Port    		Exfiltration Over Other Network MediumAbuse Accessibility Features

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589239 Sample: camp.x86.elf Startdate: 11/01/2025 Architecture: LINUX Score: 72 20 5.181.159.16, 3778, 40726, 40728 MIVOCLOUDMD Moldova Republic of 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Yara detected Mirai 2->26 28 2 other signatures 2->28 8 camp.x86.elf 2->8         started        signatures3 process4 process5 10 camp.x86.elf 8->10         started        12 camp.x86.elf 8->12         started        14 camp.x86.elf 8->14         started        process6 16 camp.x86.elf 10->16         started        18 camp.x86.elf 10->18         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    camp.x86.elf44%VirustotalBrowse
    camp.x86.elf47%ReversingLabsLinux.Backdoor.Mirai
    camp.x86.elf100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://upx.sf.netcamp.x86.elffalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      5.181.159.16
      		unknownMoldova Republic of
      		39798MIVOCLOUDMDfalse

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      MIVOCLOUDMDboatnet.x86.elfGet hashmaliciousMiraiBrowse
      • 5.252.176.102
      5j0fix05fy.jsGet hashmaliciousNetSupport RATBrowse
      • 194.180.191.64
      Update.jsGet hashmaliciousNetSupport RATBrowse
      • 194.180.191.64
      eBHn6qHPLz.exeGet hashmaliciousRemcosBrowse
      • 5.181.159.153
      eBHn6qHPLz.exeGet hashmaliciousRemcosBrowse
      • 5.181.159.153
      I2BJhmJou4.exeGet hashmaliciousLummaC StealerBrowse
      • 94.158.244.69
      I5jG2Os8GA.exeGet hashmaliciousLummaC StealerBrowse
      • 94.158.244.69
      OlZzqwjrwO.exeGet hashmaliciousLummaC StealerBrowse
      • 94.158.244.69
      Vd3tOP5WSD.exeGet hashmaliciousLummaC StealerBrowse
      • 94.158.244.69
      g1kWKm20Z5.exeGet hashmaliciousLummaC StealerBrowse
      • 94.158.244.69

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
      Entropy (8bit):7.952615240357714
      TrID:
      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
      File name:camp.x86.elf
      File size:34'896 bytes
      MD5:6b451baba12ac4e4f1690b2b04ab61a4
      SHA1:5ad2a6a0536d39ef7e57b80ac136b2c9973260ee
      SHA256:2db3cd41a5b0d964624cbbf35587877cd84276122cca2ef07698b88ef5790680
      SHA512:2fd843d8706a0853ee019460c7dd255c8ca63784369c1e5b953f9309742e770526fdd5b0cb56e7a74f0c04c3676fdf93b0ecaf36f43aa850d91629e285538f16
      SSDEEP:768:WzbGjwng3vdORRd5c6VobQ5g7pTjGZ+hvGhgh1TnbcuyD7UHQRjR:GdnAqKyABsibnouy8HyF
      TLSH:D2F2D00B91CDC6C6EB5F033B68AFFB0E6561C21D578B6467A7E450231801B4A866A1CE
      File Content Preview:.ELF....................X...4...........4. ...(.....................L...L...............@...@...@...................Q.td.............................-[.UPX!........T...T.......V..........?..k.I/.j....\.d*nlz.e........4.0.N..9..y...........p"Nr..]9.~...n..

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:Intel 80386
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - Linux
      ABI Version:0
      Entry Point Address:0xc08558
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:0
      Section Header Size:40
      Number of Section Headers:0
      Header String Table Index:0

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00xc010000xc010000x874c0x874c7.95470x5R E0x1000
      LOAD0xc400x805bc400x805bc400x00x00.00000x6RW 0x1000
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 11, 2025 23:48:05.737860918 CET407263778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:05.743055105 CET3778407265.181.159.16192.168.2.15
      Jan 11, 2025 23:48:05.743125916 CET407263778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:05.743176937 CET407263778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:05.748059034 CET3778407265.181.159.16192.168.2.15
      Jan 11, 2025 23:48:05.748112917 CET407263778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:05.753002882 CET3778407265.181.159.16192.168.2.15
      Jan 11, 2025 23:48:11.132633924 CET407283778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:11.137613058 CET3778407285.181.159.16192.168.2.15
      Jan 11, 2025 23:48:11.137695074 CET407283778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:11.137762070 CET407283778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:11.142607927 CET3778407285.181.159.16192.168.2.15
      Jan 11, 2025 23:48:11.142662048 CET407283778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:11.147530079 CET3778407285.181.159.16192.168.2.15
      Jan 11, 2025 23:48:15.753242016 CET407263778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:15.758409977 CET3778407265.181.159.16192.168.2.15
      Jan 11, 2025 23:48:21.145987034 CET407283778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:21.150887012 CET3778407285.181.159.16192.168.2.15
      Jan 11, 2025 23:48:27.126375914 CET3778407265.181.159.16192.168.2.15
      Jan 11, 2025 23:48:27.127429008 CET407263778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:27.132388115 CET3778407265.181.159.16192.168.2.15
      Jan 11, 2025 23:48:28.129507065 CET407303778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:28.134586096 CET3778407305.181.159.16192.168.2.15
      Jan 11, 2025 23:48:28.134783983 CET407303778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:28.134905100 CET407303778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:28.139743090 CET3778407305.181.159.16192.168.2.15
      Jan 11, 2025 23:48:28.139827013 CET407303778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:28.144810915 CET3778407305.181.159.16192.168.2.15
      Jan 11, 2025 23:48:32.518894911 CET3778407285.181.159.16192.168.2.15
      Jan 11, 2025 23:48:32.519326925 CET407283778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:32.524291992 CET3778407285.181.159.16192.168.2.15
      Jan 11, 2025 23:48:33.521758080 CET407323778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:33.526813030 CET3778407325.181.159.16192.168.2.15
      Jan 11, 2025 23:48:33.526927948 CET407323778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:33.527021885 CET407323778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:33.531851053 CET3778407325.181.159.16192.168.2.15
      Jan 11, 2025 23:48:33.531965017 CET407323778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:33.536803961 CET3778407325.181.159.16192.168.2.15
      Jan 11, 2025 23:48:49.517431021 CET3778407305.181.159.16192.168.2.15
      Jan 11, 2025 23:48:49.517656088 CET407303778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:49.522600889 CET3778407305.181.159.16192.168.2.15
      Jan 11, 2025 23:48:50.519577980 CET407343778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:50.525033951 CET3778407345.181.159.16192.168.2.15
      Jan 11, 2025 23:48:50.525172949 CET407343778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:50.525285959 CET407343778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:50.530145884 CET3778407345.181.159.16192.168.2.15
      Jan 11, 2025 23:48:50.530267954 CET407343778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:50.535170078 CET3778407345.181.159.16192.168.2.15
      Jan 11, 2025 23:48:54.896939039 CET3778407325.181.159.16192.168.2.15
      Jan 11, 2025 23:48:54.897211075 CET407323778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:54.902555943 CET3778407325.181.159.16192.168.2.15
      Jan 11, 2025 23:48:55.898958921 CET407363778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:55.904134989 CET3778407365.181.159.16192.168.2.15
      Jan 11, 2025 23:48:55.904233932 CET407363778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:55.904280901 CET407363778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:55.909147024 CET3778407365.181.159.16192.168.2.15
      Jan 11, 2025 23:48:55.909221888 CET407363778192.168.2.155.181.159.16
      Jan 11, 2025 23:48:55.914068937 CET3778407365.181.159.16192.168.2.15
      Jan 11, 2025 23:49:11.894735098 CET3778407345.181.159.16192.168.2.15
      Jan 11, 2025 23:49:11.895328999 CET407343778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:11.900291920 CET3778407345.181.159.16192.168.2.15
      Jan 11, 2025 23:49:12.897629976 CET407383778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:12.902654886 CET3778407385.181.159.16192.168.2.15
      Jan 11, 2025 23:49:12.902765036 CET407383778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:12.902813911 CET407383778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:12.907627106 CET3778407385.181.159.16192.168.2.15
      Jan 11, 2025 23:49:12.907701969 CET407383778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:12.912578106 CET3778407385.181.159.16192.168.2.15
      Jan 11, 2025 23:49:17.320513964 CET3778407365.181.159.16192.168.2.15
      Jan 11, 2025 23:49:17.320754051 CET407363778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:17.325633049 CET3778407365.181.159.16192.168.2.15
      Jan 11, 2025 23:49:18.322772026 CET407403778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:18.328073978 CET3778407405.181.159.16192.168.2.15
      Jan 11, 2025 23:49:18.328243971 CET407403778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:18.328244925 CET407403778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:18.333137989 CET3778407405.181.159.16192.168.2.15
      Jan 11, 2025 23:49:18.333233118 CET407403778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:18.338174105 CET3778407405.181.159.16192.168.2.15
      Jan 11, 2025 23:49:22.912780046 CET407383778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:22.917727947 CET3778407385.181.159.16192.168.2.15
      Jan 11, 2025 23:49:28.335720062 CET407403778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:28.340785027 CET3778407405.181.159.16192.168.2.15
      Jan 11, 2025 23:49:34.304315090 CET3778407385.181.159.16192.168.2.15
      Jan 11, 2025 23:49:34.304503918 CET407383778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:34.309322119 CET3778407385.181.159.16192.168.2.15
      Jan 11, 2025 23:49:35.306355000 CET407423778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:35.311398983 CET3778407425.181.159.16192.168.2.15
      Jan 11, 2025 23:49:35.311506987 CET407423778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:35.311589003 CET407423778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:35.316385984 CET3778407425.181.159.16192.168.2.15
      Jan 11, 2025 23:49:35.316457033 CET407423778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:35.321233988 CET3778407425.181.159.16192.168.2.15
      Jan 11, 2025 23:49:39.709490061 CET3778407405.181.159.16192.168.2.15
      Jan 11, 2025 23:49:39.709923983 CET407403778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:39.714982986 CET3778407405.181.159.16192.168.2.15
      Jan 11, 2025 23:49:40.712261915 CET407443778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:40.717377901 CET3778407445.181.159.16192.168.2.15
      Jan 11, 2025 23:49:40.717484951 CET407443778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:40.717603922 CET407443778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:40.722485065 CET3778407445.181.159.16192.168.2.15
      Jan 11, 2025 23:49:40.722556114 CET407443778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:40.727473974 CET3778407445.181.159.16192.168.2.15
      Jan 11, 2025 23:49:56.695128918 CET3778407425.181.159.16192.168.2.15
      Jan 11, 2025 23:49:56.695779085 CET407423778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:56.701005936 CET3778407425.181.159.16192.168.2.15
      Jan 11, 2025 23:49:57.698477983 CET407463778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:57.703449011 CET3778407465.181.159.16192.168.2.15
      Jan 11, 2025 23:49:57.703557014 CET407463778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:57.703641891 CET407463778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:57.708461046 CET3778407465.181.159.16192.168.2.15
      Jan 11, 2025 23:49:57.708535910 CET407463778192.168.2.155.181.159.16
      Jan 11, 2025 23:49:57.713463068 CET3778407465.181.159.16192.168.2.15
      Jan 11, 2025 23:50:02.168915033 CET3778407445.181.159.16192.168.2.15
      Jan 11, 2025 23:50:02.169415951 CET407443778192.168.2.155.181.159.16
      Jan 11, 2025 23:50:02.174351931 CET3778407445.181.159.16192.168.2.15
      Jan 11, 2025 23:50:03.171772957 CET407483778192.168.2.155.181.159.16
      Jan 11, 2025 23:50:03.176852942 CET3778407485.181.159.16192.168.2.15
      Jan 11, 2025 23:50:03.176975012 CET407483778192.168.2.155.181.159.16
      Jan 11, 2025 23:50:03.177047968 CET407483778192.168.2.155.181.159.16
      Jan 11, 2025 23:50:03.181931973 CET3778407485.181.159.16192.168.2.15
      Jan 11, 2025 23:50:03.182001114 CET407483778192.168.2.155.181.159.16
      Jan 11, 2025 23:50:03.186891079 CET3778407485.181.159.16192.168.2.15

      System Behavior

      General

      Start time (UTC):22:48:05
      Start date (UTC):11/01/2025
      Path:/tmp/camp.x86.elf
      Arguments:/tmp/camp.x86.elf
      File size:34896 bytes
      MD5 hash:6b451baba12ac4e4f1690b2b04ab61a4

      Chronological Activities


      General

      Start time (UTC):22:48:05
      Start date (UTC):11/01/2025
      Path:/tmp/camp.x86.elf
      Arguments:-
      File size:34896 bytes
      MD5 hash:6b451baba12ac4e4f1690b2b04ab61a4

      Chronological Activities


      General

      Start time (UTC):22:48:05
      Start date (UTC):11/01/2025
      Path:/tmp/camp.x86.elf
      Arguments:-
      File size:34896 bytes
      MD5 hash:6b451baba12ac4e4f1690b2b04ab61a4

      Chronological Activities


      General

      Start time (UTC):22:48:05
      Start date (UTC):11/01/2025
      Path:/tmp/camp.x86.elf
      Arguments:-
      File size:34896 bytes
      MD5 hash:6b451baba12ac4e4f1690b2b04ab61a4

      Chronological Activities


      General

      Start time (UTC):22:48:10
      Start date (UTC):11/01/2025
      Path:/tmp/camp.x86.elf
      Arguments:-
      File size:34896 bytes
      MD5 hash:6b451baba12ac4e4f1690b2b04ab61a4

      Chronological Activities


      General

      Start time (UTC):22:48:10
      Start date (UTC):11/01/2025
      Path:/tmp/camp.x86.elf
      Arguments:-
      File size:34896 bytes
      MD5 hash:6b451baba12ac4e4f1690b2b04ab61a4

      Chronological Activities