Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
camp.m68k.elf

Overview

General Information

Sample name:camp.m68k.elf
Analysis ID:1589244
MD5:ba085c204b01243933791416f9a24e7f
SHA1:70a53e61eb096978cec5270e9c69d43c58d09737
SHA256:cdf5fe87c185576baeec3b38433bea9f6dac3431bca5a915dd26c6681f26fad6
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1589244
Start date and time:2025-01-11 23:55:28 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 0s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:camp.m68k.elf
Detection:MAL
Classification:mal72.troj.linELF@0/0@0/0

Runtime Messages

Command:/tmp/camp.m68k.elf
PID:5466
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
camp.m68k.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    camp.m68k.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x11cc3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11cd7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11ceb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11cff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11d13:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11d27:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11d3b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11d4f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11d63:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11d77:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11d8b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11d9f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11db3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11dc7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11ddb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11def:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11e03:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11e17:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11e2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11e3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x11e53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5482.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5482.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x11cc3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11cd7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11ceb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11cff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d13:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d27:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d3b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d4f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d63:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d77:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d8b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11d9f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11db3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11dc7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11ddb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11def:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e03:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e17:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11e53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5466.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5466.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x11cc3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11cd7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11ceb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11cff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11d13:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11d27:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11d3b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11d4f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11d63:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11d77:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11d8b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11d9f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11db3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11dc7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11ddb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11def:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11e03:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11e17:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11e2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11e3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11e53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        5470.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          Click to see the 11 entries

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: camp.m68k.elfAvira: detected
          Multi AV Scanner detection for submitted file
          Source: camp.m68k.elfVirustotal: Detection: 59%Perma Link
          Source: camp.m68k.elfReversingLabs: Detection: 65%
          Source: global trafficTCP traffic: 192.168.2.13:46664 -> 5.181.159.16:3778
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16
          Source: unknownTCP traffic detected without corresponding DNS query: 5.181.159.16

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: camp.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5482.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5466.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5470.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5468.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: camp.m68k.elf PID: 5466, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: camp.m68k.elf PID: 5468, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: camp.m68k.elf PID: 5470, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: camp.m68k.elf PID: 5482, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Initial sampleString containing 'busybox' found: /bin/busybox
          Source: Initial sampleString containing 'busybox' found: /proc/net/tcp.x86.x86_64.arm.arm5.arm6.arm7.mips.mipsel.sh4.ppc/proc/proc/%d/exe/proc/%s/statusName:%s/bin/busybox/bin/systemd/usr/bintest/tmp/condi/tmp/zxcr9999/tmp/condinetwork/var/condibot/var/zxcr9999/var/CondiBot/var/condinet/bin/watchdog5.181.159.16
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: camp.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5482.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5466.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5470.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5468.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: camp.m68k.elf PID: 5466, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: camp.m68k.elf PID: 5468, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: camp.m68k.elf PID: 5470, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: camp.m68k.elf PID: 5482, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: classification engineClassification label: mal72.troj.linELF@0/0@0/0
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/230/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/110/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/231/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/111/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/232/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/112/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/233/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/113/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/234/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/114/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/235/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/115/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/236/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/116/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/237/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/117/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/238/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/118/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/239/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/119/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/3631/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/914/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/10/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/917/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/11/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/12/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/13/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/14/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/15/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/16/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/17/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/18/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/19/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/240/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/3095/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/120/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/241/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/121/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/242/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/1/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/122/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/243/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/2/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/123/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/244/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/3/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/124/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/245/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/1588/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/125/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/4/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/246/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/126/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/5/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/247/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/127/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/6/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/248/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/128/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/7/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/249/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/129/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/8/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/800/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/9/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/1906/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/802/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/803/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/20/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/21/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/22/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/23/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/24/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/25/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/26/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/27/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/28/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/29/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/3420/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/1482/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/490/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/1480/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/250/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/371/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/130/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/251/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/131/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/252/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/132/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/253/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/254/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/1238/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/134/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/255/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/256/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/257/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/378/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/3413/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/258/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/259/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/1475/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/936/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/30/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/816/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)File opened: /proc/35/statusJump to behavior
          Source: /tmp/camp.m68k.elf (PID: 5466)Queries kernel information via 'uname': Jump to behavior
          Source: camp.m68k.elf, 5466.1.00005577ac3bc000.00005577ac441000.rw-.sdmp, camp.m68k.elf, 5468.1.00005577ac3bc000.00005577ac441000.rw-.sdmp, camp.m68k.elf, 5470.1.00005577ac3bc000.00005577ac441000.rw-.sdmp, camp.m68k.elf, 5482.1.00005577ac3bc000.00005577ac441000.rw-.sdmpBinary or memory string: wU!/etc/qemu-binfmt/m68k
          Source: camp.m68k.elf, 5466.1.00007ffe37193000.00007ffe371b4000.rw-.sdmp, camp.m68k.elf, 5468.1.00007ffe37193000.00007ffe371b4000.rw-.sdmp, camp.m68k.elf, 5470.1.00007ffe37193000.00007ffe371b4000.rw-.sdmp, camp.m68k.elf, 5482.1.00007ffe37193000.00007ffe371b4000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
          Source: camp.m68k.elf, 5466.1.00007ffe37193000.00007ffe371b4000.rw-.sdmp, camp.m68k.elf, 5468.1.00007ffe37193000.00007ffe371b4000.rw-.sdmp, camp.m68k.elf, 5470.1.00007ffe37193000.00007ffe371b4000.rw-.sdmp, camp.m68k.elf, 5482.1.00007ffe37193000.00007ffe371b4000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/camp.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/camp.m68k.elf
          Source: camp.m68k.elf, 5466.1.00005577ac3bc000.00005577ac441000.rw-.sdmp, camp.m68k.elf, 5468.1.00005577ac3bc000.00005577ac441000.rw-.sdmp, camp.m68k.elf, 5470.1.00005577ac3bc000.00005577ac441000.rw-.sdmp, camp.m68k.elf, 5482.1.00005577ac3bc000.00005577ac441000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: camp.m68k.elf, type: SAMPLE
          Source: Yara matchFile source: 5482.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5466.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5470.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5468.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: camp.m68k.elf PID: 5466, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: camp.m68k.elf PID: 5468, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: camp.m68k.elf PID: 5470, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: camp.m68k.elf PID: 5482, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: camp.m68k.elf, type: SAMPLE
          Source: Yara matchFile source: 5482.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5466.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5470.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5468.1.00007f9ff4001000.00007f9ff4016000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: camp.m68k.elf PID: 5466, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: camp.m68k.elf PID: 5468, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: camp.m68k.elf PID: 5470, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: camp.m68k.elf PID: 5482, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
          OS Credential Dumping          		11
          Security Software Discovery          		Remote ServicesData from Local System1
          Non-Standard Port          		Exfiltration Over Other Network MediumAbuse Accessibility Features

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589244 Sample: camp.m68k.elf Startdate: 11/01/2025 Architecture: LINUX Score: 72 20 5.181.159.16, 3778, 46664, 46666 MIVOCLOUDMD Moldova Republic of 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Yara detected Mirai 2->28 8 camp.m68k.elf 2->8         started        signatures3 process4 process5 10 camp.m68k.elf 8->10         started        12 camp.m68k.elf 8->12         started        14 camp.m68k.elf 8->14         started        process6 16 camp.m68k.elf 10->16         started        18 camp.m68k.elf 10->18         started       

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          camp.m68k.elf60%VirustotalBrowse
          camp.m68k.elf66%ReversingLabsLinux.Trojan.Mirai
          camp.m68k.elf100%AviraLINUX/Mirai.bonb

          Dropped Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          No contacted domains info

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          5.181.159.16
          		unknownMoldova Republic of
          		39798MIVOCLOUDMDfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          5.181.159.16camp.ppc.elfGet hashmaliciousMiraiBrowse
            camp.mpsl.elfGet hashmaliciousMiraiBrowse
              camp.arm.elfGet hashmaliciousMiraiBrowse
                camp.mips.elfGet hashmaliciousMiraiBrowse
                  camp.x86.elfGet hashmaliciousMiraiBrowse

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    MIVOCLOUDMDcamp.ppc.elfGet hashmaliciousMiraiBrowse
                    • 5.181.159.16
                    camp.mpsl.elfGet hashmaliciousMiraiBrowse
                    • 5.181.159.16
                    camp.arm.elfGet hashmaliciousMiraiBrowse
                    • 5.181.159.16
                    camp.mips.elfGet hashmaliciousMiraiBrowse
                    • 5.181.159.16
                    camp.x86.elfGet hashmaliciousMiraiBrowse
                    • 5.181.159.16
                    boatnet.x86.elfGet hashmaliciousMiraiBrowse
                    • 5.252.176.102
                    5j0fix05fy.jsGet hashmaliciousNetSupport RATBrowse
                    • 194.180.191.64
                    Update.jsGet hashmaliciousNetSupport RATBrowse
                    • 194.180.191.64
                    eBHn6qHPLz.exeGet hashmaliciousRemcosBrowse
                    • 5.181.159.153
                    eBHn6qHPLz.exeGet hashmaliciousRemcosBrowse
                    • 5.181.159.153

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                    Entropy (8bit):6.295788252775415
                    TrID:
                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                    File name:camp.m68k.elf
                    File size:84'956 bytes
                    MD5:ba085c204b01243933791416f9a24e7f
                    SHA1:70a53e61eb096978cec5270e9c69d43c58d09737
                    SHA256:cdf5fe87c185576baeec3b38433bea9f6dac3431bca5a915dd26c6681f26fad6
                    SHA512:d56dcac175cf24ac3c9face449e01eb21e270c3ad757c3a0bdc37dec9c64d02e48dc101162d9c0e5d3a61f046961f779567b9c2c8f026229e7ef1cf36dcad1f0
                    SSDEEP:1536:XQOjxmw2V2xAYV8a2toPuYAht8f489k0rTUhrIpu1HT7ot4O9I/nPaqD:XQO4Q2Ldht8fsnrCupQ9I/PaqD
                    TLSH:8883198BF800DD7EF80FD6B74463490EB930E3910A931A377767BD93AC721A54826E85
                    File Content Preview:.ELF.......................D...4..JL.....4. ...(......................F...F....... .......F...f...f....l..(\...... .dt.Q............................NV..a....da....4N^NuNV..J9..j.f>"y..f. QJ.g.X.#...f.N."y..f. QJ.f.A.....J.g.Hy..F.N.X.......j.N^NuNV..N^NuN

                    Static ELF Info

                    ELF header

                    Class:ELF32
                    Data:2's complement, big endian
                    Version:1 (current)
                    Machine:MC68000
                    Version Number:0x1
                    Type:EXEC (Executable file)
                    OS/ABI:UNIX - System V
                    ABI Version:0
                    Entry Point Address:0x80000144
                    Flags:0x0
                    ELF Header Size:52
                    Program Header Offset:52
                    Program Header Size:32
                    Number of Program Headers:3
                    Section Header Offset:84556
                    Section Header Size:40
                    Number of Section Headers:10
                    Header String Table Index:9

                    Sections

                    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                    NULL0x00x00x00x00x0000
                    .initPROGBITS0x800000940x940x140x00x6AX002
                    .textPROGBITS0x800000a80xa80x11b5e0x00x6AX004
                    .finiPROGBITS0x80011c060x11c060xe0x00x6AX002
                    .rodataPROGBITS0x80011c140x11c140x2a880x00x2A002
                    .ctorsPROGBITS0x800166a00x146a00x80x00x3WA004
                    .dtorsPROGBITS0x800166a80x146a80x80x00x3WA004
                    .dataPROGBITS0x800166b40x146b40x3580x00x3WA004
                    .bssNOBITS0x80016a0c0x14a0c0x24f00x00x3WA004
                    .shstrtabSTRTAB0x00x14a0c0x3e0x00x0001

                    Program Segments

                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                    LOAD0x00x800000000x800000000x1469c0x1469c6.32580x5R E0x2000.init .text .fini .rodata
                    LOAD0x146a00x800166a00x800166a00x36c0x285c2.86690x6RW 0x2000.ctors .dtors .data .bss
                    GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jan 11, 2025 23:56:36.462820053 CET466643778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:36.468198061 CET3778466645.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:36.468255997 CET466643778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:36.496887922 CET466643778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:36.501831055 CET3778466645.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:36.501893044 CET466643778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:36.506685972 CET3778466645.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:42.226130009 CET466663778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:42.231267929 CET3778466665.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:42.231379986 CET466663778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:42.266972065 CET466663778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:42.271810055 CET3778466665.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:42.271876097 CET466663778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:42.276722908 CET3778466665.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:46.507560968 CET466643778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:46.512554884 CET3778466645.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:52.277549982 CET466663778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:52.282730103 CET3778466665.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:57.824013948 CET3778466645.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:57.824505091 CET466643778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:57.829411030 CET3778466645.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:58.827691078 CET466683778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:58.832778931 CET3778466685.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:58.832876921 CET466683778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:58.834304094 CET466683778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:58.839066982 CET3778466685.181.159.16192.168.2.13
                    Jan 11, 2025 23:56:58.839139938 CET466683778192.168.2.135.181.159.16
                    Jan 11, 2025 23:56:58.844000101 CET3778466685.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:03.864439011 CET3778466665.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:03.864465952 CET3778466665.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:03.864656925 CET466663778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:03.865010023 CET466663778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:03.869755030 CET3778466665.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:04.867624998 CET466703778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:04.872711897 CET3778466705.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:04.872876883 CET466703778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:04.873925924 CET466703778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:04.878788948 CET3778466705.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:04.878869057 CET466703778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:04.883780956 CET3778466705.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:20.220709085 CET3778466685.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:20.221254110 CET466683778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:20.226640940 CET3778466685.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:21.224864960 CET466723778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:21.230909109 CET3778466725.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:21.231024981 CET466723778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:21.232259035 CET466723778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:21.238116026 CET3778466725.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:21.238183022 CET466723778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:21.243946075 CET3778466725.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:26.231192112 CET3778466705.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:26.232023954 CET466703778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:26.237006903 CET3778466705.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:27.234952927 CET466743778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:27.239919901 CET3778466745.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:27.239980936 CET466743778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:27.240677118 CET466743778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:27.245454073 CET3778466745.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:27.245520115 CET466743778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:27.250299931 CET3778466745.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:42.622004986 CET3778466725.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:42.622665882 CET466723778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:42.627569914 CET3778466725.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:43.626262903 CET466763778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:43.631561041 CET3778466765.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:43.631669044 CET466763778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:43.632924080 CET466763778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:43.637731075 CET3778466765.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:43.637813091 CET466763778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:43.642661095 CET3778466765.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:48.640913963 CET3778466745.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:48.641356945 CET466743778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:48.646301031 CET3778466745.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:49.644401073 CET466783778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:49.649377108 CET3778466785.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:49.649471998 CET466783778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:49.650708914 CET466783778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:49.655531883 CET3778466785.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:49.655601978 CET466783778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:49.660470009 CET3778466785.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:53.643234968 CET466763778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:53.648657084 CET3778466765.181.159.16192.168.2.13
                    Jan 11, 2025 23:57:59.656131029 CET466783778192.168.2.135.181.159.16
                    Jan 11, 2025 23:57:59.663748026 CET3778466785.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:05.033391953 CET3778466765.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:05.033770084 CET466763778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:05.038594961 CET3778466765.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:06.036140919 CET466803778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:06.042136908 CET3778466805.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:06.042247057 CET466803778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:06.043298006 CET466803778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:06.048867941 CET3778466805.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:06.048948050 CET466803778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:06.054814100 CET3778466805.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:11.253489971 CET3778466785.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:11.254035950 CET466783778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:11.254122019 CET3778466785.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:11.254189014 CET466783778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:11.259083986 CET3778466785.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:12.257105112 CET466823778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:12.261940956 CET3778466825.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:12.262025118 CET466823778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:12.263375044 CET466823778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:12.268219948 CET3778466825.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:12.268290997 CET466823778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:12.273171902 CET3778466825.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:27.436359882 CET3778466805.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:27.436949968 CET466803778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:27.442708969 CET3778466805.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:28.440226078 CET466843778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:28.445383072 CET3778466845.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:28.445489883 CET466843778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:28.446974039 CET466843778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:28.451843023 CET3778466845.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:28.451955080 CET466843778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:28.456751108 CET3778466845.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:33.642688036 CET3778466825.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:33.643214941 CET466823778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:33.648030996 CET3778466825.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:34.646152973 CET466863778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:34.651181936 CET3778466865.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:34.651277065 CET466863778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:34.652407885 CET466863778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:34.657202959 CET3778466865.181.159.16192.168.2.13
                    Jan 11, 2025 23:58:34.657258987 CET466863778192.168.2.135.181.159.16
                    Jan 11, 2025 23:58:34.662090063 CET3778466865.181.159.16192.168.2.13

                    System Behavior

                    General

                    Start time (UTC):22:56:35
                    Start date (UTC):11/01/2025
                    Path:/tmp/camp.m68k.elf
                    Arguments:/tmp/camp.m68k.elf
                    File size:4463432 bytes
                    MD5 hash:cd177594338c77b895ae27c33f8f86cc

                    Chronological Activities


                    General

                    Start time (UTC):22:56:35
                    Start date (UTC):11/01/2025
                    Path:/tmp/camp.m68k.elf
                    Arguments:-
                    File size:4463432 bytes
                    MD5 hash:cd177594338c77b895ae27c33f8f86cc

                    Chronological Activities


                    General

                    Start time (UTC):22:56:35
                    Start date (UTC):11/01/2025
                    Path:/tmp/camp.m68k.elf
                    Arguments:-
                    File size:4463432 bytes
                    MD5 hash:cd177594338c77b895ae27c33f8f86cc

                    Chronological Activities


                    General

                    Start time (UTC):22:56:35
                    Start date (UTC):11/01/2025
                    Path:/tmp/camp.m68k.elf
                    Arguments:-
                    File size:4463432 bytes
                    MD5 hash:cd177594338c77b895ae27c33f8f86cc

                    Chronological Activities


                    General

                    Start time (UTC):22:56:41
                    Start date (UTC):11/01/2025
                    Path:/tmp/camp.m68k.elf
                    Arguments:-
                    File size:4463432 bytes
                    MD5 hash:cd177594338c77b895ae27c33f8f86cc

                    Chronological Activities


                    General

                    Start time (UTC):22:56:41
                    Start date (UTC):11/01/2025
                    Path:/tmp/camp.m68k.elf
                    Arguments:-
                    File size:4463432 bytes
                    MD5 hash:cd177594338c77b895ae27c33f8f86cc

                    Chronological Activities