Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
Kloki.ppc.elf

Overview

General Information

Sample name:Kloki.ppc.elf
Analysis ID:1594486
MD5:f9a8720f5caca56f65119dc37714d908
SHA1:9b9fd97735c1263a3af14f6f0a3b1d2c73a1fd6a
SHA256:372a95c2cfbeb4a7495585f4f839942e1f099bb3734c7e300e9a595fc51fa346
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1594486
Start date and time:2025-01-19 03:07:10 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 47s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Kloki.ppc.elf
Detection:MAL
Classification:mal52.spre.linELF@0/0@1/0

Runtime Messages

Command:/tmp/Kloki.ppc.elf
PID:5491
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh (PID: 5519, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • sh (PID: 5521, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
  • gnome-shell (PID: 5521, Parent: 1383, MD5: da7a257239677622fe4b3a65972c9e87) Arguments: /usr/bin/gnome-shell
  • sh (PID: 5523, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5523, Parent: 1383, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • sh (PID: 5524, Parent: 1383, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gdm3 New Fork (PID: 5525, Parent: 1289)
  • Default (PID: 5525, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5526, Parent: 1289)
  • Default (PID: 5526, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5538, Parent: 1)
  • systemd-user-runtime-dir (PID: 5538, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-19T03:07:59.758023+010025000342Misc Attack83.222.191.9013566192.168.2.1456538TCP

Joe Sandbox Signatures

  • AV Detection
  • Spreading
  • Networking
  • System Summary
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Kloki.ppc.elfAvira: detected
Source: Kloki.ppc.elfString: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffinitsystemctltelinitcatgrepshashbashzshcshkshdashfish
Source: global trafficTCP traffic: 192.168.2.14:42828 -> 83.222.56.81:13566
Source: global trafficTCP traffic: 192.168.2.14:32790 -> 83.222.62.251:13566
Source: global trafficTCP traffic: 192.168.2.14:60350 -> 83.222.219.233:13566
Source: global trafficTCP traffic: 192.168.2.14:60814 -> 83.222.69.174:13566
Source: global trafficTCP traffic: 192.168.2.14:46620 -> 83.222.246.7:13566
Source: global trafficTCP traffic: 192.168.2.14:39868 -> 83.222.59.20:13566
Source: global trafficTCP traffic: 192.168.2.14:60246 -> 83.222.182.204:13566
Source: global trafficTCP traffic: 192.168.2.14:42552 -> 83.222.38.113:13566
Source: global trafficTCP traffic: 192.168.2.14:35132 -> 83.222.183.58:13566
Source: global trafficTCP traffic: 192.168.2.14:49784 -> 83.222.71.25:13566
Source: global trafficTCP traffic: 192.168.2.14:54456 -> 83.222.175.215:13566
Source: global trafficTCP traffic: 192.168.2.14:54926 -> 83.222.243.167:13566
Source: global trafficTCP traffic: 192.168.2.14:35626 -> 83.222.8.146:13566
Source: global trafficTCP traffic: 192.168.2.14:48938 -> 83.222.182.148:13566
Source: global trafficTCP traffic: 192.168.2.14:37956 -> 83.222.162.56:13566
Source: global trafficTCP traffic: 192.168.2.14:33274 -> 83.222.174.218:13566
Source: global trafficTCP traffic: 192.168.2.14:57370 -> 83.222.137.237:13566
Source: global trafficTCP traffic: 192.168.2.14:60858 -> 83.222.214.100:13566
Source: global trafficTCP traffic: 192.168.2.14:35982 -> 83.222.214.27:13566
Source: global trafficTCP traffic: 192.168.2.14:51214 -> 83.222.19.205:13566
Source: global trafficTCP traffic: 192.168.2.14:45210 -> 83.222.34.78:13566
Source: global trafficTCP traffic: 192.168.2.14:34926 -> 83.222.225.216:13566
Source: global trafficTCP traffic: 192.168.2.14:53876 -> 83.222.27.7:13566
Source: global trafficTCP traffic: 192.168.2.14:50722 -> 83.222.74.210:13566
Source: global trafficTCP traffic: 192.168.2.14:34100 -> 83.222.66.145:13566
Source: global trafficTCP traffic: 192.168.2.14:38196 -> 83.222.235.241:13566
Source: global trafficTCP traffic: 192.168.2.14:35746 -> 83.222.104.222:13566
Source: global trafficTCP traffic: 192.168.2.14:57064 -> 83.222.152.112:13566
Source: global trafficTCP traffic: 192.168.2.14:33762 -> 83.222.113.78:13566
Source: global trafficTCP traffic: 192.168.2.14:36150 -> 83.222.5.19:13566
Source: global trafficTCP traffic: 192.168.2.14:46920 -> 83.222.134.179:13566
Source: global trafficTCP traffic: 192.168.2.14:47988 -> 83.222.237.16:13566
Source: global trafficTCP traffic: 192.168.2.14:43898 -> 83.222.160.195:13566
Source: global trafficTCP traffic: 192.168.2.14:40694 -> 83.222.116.119:13566
Source: global trafficTCP traffic: 192.168.2.14:54422 -> 83.222.223.135:13566
Source: global trafficTCP traffic: 192.168.2.14:39174 -> 83.222.68.1:13566
Source: global trafficTCP traffic: 192.168.2.14:48946 -> 83.222.214.37:13566
Source: global trafficTCP traffic: 192.168.2.14:54874 -> 83.222.218.241:13566
Source: global trafficTCP traffic: 192.168.2.14:60466 -> 83.222.44.36:13566
Source: global trafficTCP traffic: 192.168.2.14:59800 -> 83.222.195.110:13566
Source: global trafficTCP traffic: 192.168.2.14:37938 -> 83.222.181.175:13566
Source: global trafficTCP traffic: 192.168.2.14:50250 -> 83.222.95.30:13566
Source: global trafficTCP traffic: 192.168.2.14:51562 -> 83.222.141.247:13566
Source: global trafficTCP traffic: 192.168.2.14:53020 -> 83.222.142.254:13566
Source: global trafficTCP traffic: 192.168.2.14:45476 -> 83.222.69.147:13566
Source: global trafficTCP traffic: 192.168.2.14:56658 -> 83.222.17.204:13566
Source: global trafficTCP traffic: 192.168.2.14:36956 -> 83.222.71.255:13566
Source: global trafficTCP traffic: 192.168.2.14:44904 -> 83.222.220.231:13566
Source: global trafficTCP traffic: 192.168.2.14:50638 -> 83.222.194.80:13566
Source: global trafficTCP traffic: 192.168.2.14:48576 -> 83.222.94.161:13566
Source: global trafficTCP traffic: 192.168.2.14:47858 -> 83.222.216.162:13566
Source: global trafficTCP traffic: 192.168.2.14:50706 -> 83.222.163.174:13566
Source: global trafficTCP traffic: 192.168.2.14:45570 -> 83.222.199.125:13566
Source: global trafficTCP traffic: 192.168.2.14:33330 -> 83.222.159.244:13566
Source: global trafficTCP traffic: 192.168.2.14:52690 -> 83.222.161.98:13566
Source: global trafficTCP traffic: 192.168.2.14:54888 -> 83.222.98.86:13566
Source: global trafficTCP traffic: 192.168.2.14:45078 -> 83.222.17.194:13566
Source: global trafficTCP traffic: 192.168.2.14:37000 -> 83.222.116.159:13566
Source: global trafficTCP traffic: 192.168.2.14:56202 -> 83.222.185.3:13566
Source: global trafficTCP traffic: 192.168.2.14:49256 -> 83.222.157.255:13566
Source: global trafficTCP traffic: 192.168.2.14:48122 -> 83.222.150.175:13566
Source: global trafficTCP traffic: 192.168.2.14:40504 -> 83.222.203.221:13566
Source: global trafficTCP traffic: 192.168.2.14:59404 -> 83.222.174.167:13566
Source: global trafficTCP traffic: 192.168.2.14:50404 -> 83.222.197.112:13566
Source: global trafficTCP traffic: 192.168.2.14:41780 -> 83.222.247.35:13566
Source: global trafficTCP traffic: 192.168.2.14:52200 -> 83.222.18.207:13566
Source: global trafficTCP traffic: 192.168.2.14:52314 -> 83.222.198.181:13566
Source: global trafficTCP traffic: 192.168.2.14:46690 -> 83.222.125.141:13566
Source: global trafficTCP traffic: 192.168.2.14:56026 -> 83.222.50.28:13566
Source: global trafficTCP traffic: 192.168.2.14:59566 -> 83.222.129.211:13566
Source: global trafficTCP traffic: 192.168.2.14:38780 -> 83.222.127.228:13566
Source: global trafficTCP traffic: 192.168.2.14:60212 -> 83.222.41.144:13566
Source: global trafficTCP traffic: 192.168.2.14:54056 -> 83.222.166.158:13566
Source: global trafficTCP traffic: 192.168.2.14:59424 -> 83.222.47.95:13566
Source: global trafficTCP traffic: 192.168.2.14:45210 -> 83.222.161.205:13566
Source: global trafficTCP traffic: 192.168.2.14:34134 -> 83.222.94.55:13566
Source: global trafficTCP traffic: 192.168.2.14:32826 -> 83.222.124.41:13566
Source: global trafficTCP traffic: 192.168.2.14:59114 -> 83.222.21.42:13566
Source: global trafficTCP traffic: 192.168.2.14:42176 -> 83.222.208.218:13566
Source: global trafficTCP traffic: 192.168.2.14:42872 -> 83.222.154.200:13566
Source: global trafficTCP traffic: 192.168.2.14:46174 -> 83.222.253.172:13566
Source: global trafficTCP traffic: 192.168.2.14:46118 -> 83.222.151.195:13566
Source: global trafficTCP traffic: 192.168.2.14:34446 -> 83.222.97.21:13566
Source: global trafficTCP traffic: 192.168.2.14:46014 -> 83.222.81.147:13566
Source: global trafficTCP traffic: 192.168.2.14:38652 -> 83.222.49.210:13566
Source: global trafficTCP traffic: 192.168.2.14:53916 -> 83.222.102.176:13566
Source: global trafficTCP traffic: 192.168.2.14:50766 -> 83.222.182.144:13566
Source: global trafficTCP traffic: 192.168.2.14:51958 -> 83.222.65.92:13566
Source: global trafficTCP traffic: 192.168.2.14:44836 -> 83.222.46.112:13566
Source: global trafficTCP traffic: 192.168.2.14:38004 -> 83.222.188.207:13566
Source: global trafficTCP traffic: 192.168.2.14:43872 -> 83.222.61.26:13566
Source: global trafficTCP traffic: 192.168.2.14:56844 -> 83.222.6.185:13566
Source: global trafficTCP traffic: 192.168.2.14:41500 -> 83.222.68.27:13566
Source: global trafficTCP traffic: 192.168.2.14:38462 -> 83.222.227.20:13566
Source: global trafficTCP traffic: 192.168.2.14:33724 -> 83.222.245.126:13566
Source: global trafficTCP traffic: 192.168.2.14:45400 -> 83.222.220.243:13566
Source: global trafficTCP traffic: 192.168.2.14:47330 -> 83.222.42.116:13566
Source: global trafficTCP traffic: 192.168.2.14:54382 -> 83.222.182.140:13566
Source: global trafficTCP traffic: 192.168.2.14:56538 -> 83.222.191.90:13566
Source: /tmp/Kloki.ppc.elf (PID: 5491)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.14:56538
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.56.81
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.62.251
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.56.81
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.62.251
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.219.233
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.219.233
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.174
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.174
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.174
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.246.7
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.69.174
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.59.20
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.246.7
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.59.20
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.182.204
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.38.113
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.182.204
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.38.113
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.38.113
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.38.113
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.183.58
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.71.25
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.183.58
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.215
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.71.25
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.215
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.215
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.215
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.243.167
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.243.167
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.8.146
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.8.146
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.182.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.182.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.162.56
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.162.56
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.162.56
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.162.56
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.174.218
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.174.218
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.174.218
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.137.237
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.174.218
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.214.100
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.137.237
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.214.27
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.214.100
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.214.27
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.214.27
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.19.205
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru

System Summary

barindex
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 928, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 940, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 1444, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 1610, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 1639, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 3094, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 3268, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 3420, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5474, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5519, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5521, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5523, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5524, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5526, result: successfulJump to behavior
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: ppid/proc/net/tcp/proc/self/exe/proc//status/fd//dev/null/dev/consolesocket05/proc/%d/exepkillkillkillallechowgetcurlpsbusyboxiptablesrebootshutdownhaltpoweroffinitsystemctltelinitcatgrepshashbashzshcshkshdashfish
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 928, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 940, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 1444, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 1610, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 1638, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 1639, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 3094, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 3268, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 3420, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5474, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5519, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5521, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5523, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5524, result: successfulJump to behavior
Source: /tmp/Kloki.ppc.elf (PID: 5497)SIGKILL sent: pid: 5526, result: successfulJump to behavior
Source: classification engineClassification label: mal52.spre.linELF@0/0@1/0
Source: /tmp/Kloki.ppc.elf (PID: 5491)Queries kernel information via 'uname': Jump to behavior
Source: Kloki.ppc.elf, 5491.1.00007ffd0aeaf000.00007ffd0aed0000.rw-.sdmp, Kloki.ppc.elf, 5493.1.00007ffd0aeaf000.00007ffd0aed0000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc/tmp/Kloki.ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Kloki.ppc.elf
Source: Kloki.ppc.elf, 5491.1.0000555b87f99000.0000555b88049000.rw-.sdmp, Kloki.ppc.elf, 5493.1.0000555b87f99000.0000555b88028000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc1
Source: Kloki.ppc.elf, 5491.1.0000555b87f99000.0000555b88049000.rw-.sdmp, Kloki.ppc.elf, 5493.1.0000555b87f99000.0000555b88028000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
Source: Kloki.ppc.elf, 5491.1.00007ffd0aeaf000.00007ffd0aed0000.rw-.sdmp, Kloki.ppc.elf, 5493.1.00007ffd0aeaf000.00007ffd0aed0000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1594486 Sample: Kloki.ppc.elf Startdate: 19/01/2025 Architecture: LINUX Score: 52 23 83.222.162.56, 13566, 37956 WAVENETLB Bulgaria 2->23 25 83.222.163.174, 13566, 50706 WAVENETLB Bulgaria 2->25 27 97 other IPs or domains 2->27 29 Antivirus / Scanner detection for submitted sample 2->29 8 Kloki.ppc.elf 2->8         started        10 gnome-session-binary sh gnome-shell 2->10         started        12 gnome-session-binary sh gsd-print-notifications 2->12         started        14 5 other processes 2->14 signatures3 process4 process5 16 Kloki.ppc.elf 8->16         started        18 Kloki.ppc.elf 8->18         started        process6 20 Kloki.ppc.elf 16->20         started        signatures7 31 Sample tries to kill multiple processes (SIGKILL) 20->31

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kloki.ppc.elf100%AviraEXP/ELF.Mirai.W

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.44.36
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.214.100
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.27.7
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.65.92
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.46.112
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.34.78
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.218.241
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.161.98
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.253.172
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.182.204
    		unknownBulgaria
    		205872EXTRANET-ASBGfalse
    83.222.151.195
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.137.237
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.8.146
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.21.42
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.214.27
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.174.167
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.49.210
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.71.25
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.237.16
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.50.28
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.127.228
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.154.200
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.162.56
    		unknownBulgaria
    		31037WAVENETLBfalse
    83.222.42.116
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.214.37
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.185.3
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.18.207
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.38.113
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.68.27
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.225.216
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.56.81
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.104.222
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.97.21
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.5.19
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.19.205
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.116.159
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.129.211
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.182.148
    		unknownBulgaria
    		205872EXTRANET-ASBGfalse
    83.222.98.86
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.61.26
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.71.255
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.62.251
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.47.95
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.208.218
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.163.174
    		unknownBulgaria
    		31037WAVENETLBfalse
    83.222.150.175
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.194.80
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.161.205
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.174.218
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.113.78
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.247.35
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.41.144
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.198.181
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.6.185
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.17.194
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.125.141
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.175.215
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.227.20
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.235.241
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.199.125
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.246.7
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.160.195
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.69.147
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.94.55
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.74.210
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.181.175
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.197.112
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.245.126
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.220.243
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.219.233
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.134.179
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.216.162
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.182.144
    		unknownBulgaria
    		205872EXTRANET-ASBGfalse
    83.222.182.140
    		unknownBulgaria
    		205872EXTRANET-ASBGfalse
    83.222.141.247
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.81.147
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.94.161
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.220.231
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.183.58
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.116.119
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.124.41
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.68.1
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.166.158
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.17.204
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.102.176
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.69.174
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.188.207
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.223.135
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.142.254
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.95.30
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.59.20
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.203.221
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.159.244
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.195.110
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.157.255
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.152.112
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.66.145
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.243.167
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    secure-network-rebirthltd.ruloki.i486.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    loki.sh4.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    loki.m68k.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    loki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    Kloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    Kloki.arm7.elfGet hashmaliciousMiraiBrowse
    • 83.222.191.90
    loki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90
    Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.191.90

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    LOL-ASluLUloki.i486.elfGet hashmaliciousUnknownBrowse
    • 83.222.48.106
    loki.sh4.elfGet hashmaliciousUnknownBrowse
    • 83.222.55.60
    loki.m68k.elfGet hashmaliciousUnknownBrowse
    • 83.222.36.39
    loki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.53.146
    Kloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.34.13
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.43.208
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.55.219
    Kloki.arm7.elfGet hashmaliciousMiraiBrowse
    • 83.222.60.169
    loki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.39.188
    Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.33.155
    MASTERHOST-ASMoscowRussiaRUloki.i486.elfGet hashmaliciousUnknownBrowse
    • 83.222.19.56
    loki.sh4.elfGet hashmaliciousUnknownBrowse
    • 83.222.12.139
    loki.m68k.elfGet hashmaliciousUnknownBrowse
    • 83.222.14.120
    loki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.3.110
    Kloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.21.69
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.31.12
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.18.54
    Kloki.arm7.elfGet hashmaliciousMiraiBrowse
    • 83.222.3.229
    loki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.2.99
    Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.31.9
    SONICDUO-ASRUloki.i486.elfGet hashmaliciousUnknownBrowse
    • 83.222.213.184
    loki.sh4.elfGet hashmaliciousUnknownBrowse
    • 83.222.218.90
    loki.m68k.elfGet hashmaliciousUnknownBrowse
    • 83.222.216.188
    loki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.219.136
    Kloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.223.136
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.213.49
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.221.161
    Kloki.arm7.elfGet hashmaliciousMiraiBrowse
    • 83.222.222.50
    loki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.222.167
    Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.215.239
    LOL-ASluLUloki.i486.elfGet hashmaliciousUnknownBrowse
    • 83.222.48.106
    loki.sh4.elfGet hashmaliciousUnknownBrowse
    • 83.222.55.60
    loki.m68k.elfGet hashmaliciousUnknownBrowse
    • 83.222.36.39
    loki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.53.146
    Kloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.34.13
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.43.208
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.55.219
    Kloki.arm7.elfGet hashmaliciousMiraiBrowse
    • 83.222.60.169
    loki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.39.188
    Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.33.155
    ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUloki.i486.elfGet hashmaliciousUnknownBrowse
    • 83.222.95.129
    loki.sh4.elfGet hashmaliciousUnknownBrowse
    • 83.222.70.140
    loki.m68k.elfGet hashmaliciousUnknownBrowse
    • 83.222.71.222
    loki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.93.121
    Kloki.x86.elfGet hashmaliciousUnknownBrowse
    • 83.222.82.115
    Kloki.arm5.elfGet hashmaliciousUnknownBrowse
    • 83.222.77.162
    Kloki.spc.elfGet hashmaliciousUnknownBrowse
    • 83.222.84.27
    Kloki.arm7.elfGet hashmaliciousMiraiBrowse
    • 83.222.84.226
    loki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.82.223
    Kloki.x86_64.elfGet hashmaliciousUnknownBrowse
    • 83.222.89.99

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
    Entropy (8bit):6.181672645872047
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:Kloki.ppc.elf
    File size:62'908 bytes
    MD5:f9a8720f5caca56f65119dc37714d908
    SHA1:9b9fd97735c1263a3af14f6f0a3b1d2c73a1fd6a
    SHA256:372a95c2cfbeb4a7495585f4f839942e1f099bb3734c7e300e9a595fc51fa346
    SHA512:1fac1135c612d5b21548234e4e34eb0a9451fc02630777fb395468a79fcaba95db950cc029bab216d4d7a0af556ad4e85145a180591053dc1f660d7baf1b6005
    SSDEEP:768:sblwzXH7V0HSRTR22zGmU0WlR92o/BQ/jqL91TrooeVagIvY/zFR5txqH7Ix:9TH7Syy2iFTUc2/u1goe8gIAr5TK76
    TLSH:C0534B02731C0A57D5A35EB03A3F57E083FEAA9021F4F689251E9B4A9675E3211C6FCD
    File Content Preview:.ELF...........................4.........4. ...(..........................................................4.........dt.Q.............................!..|......$H...H..y...$8!. |...N.. .!..|.......?.............../...@..\?........+../...A..$8...})......N..

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, big endian
    Version:1 (current)
    Machine:PowerPC
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x100001f0
    Flags:0x0
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:62428
    Section Header Size:40
    Number of Section Headers:12
    Header String Table Index:11

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .initPROGBITS0x100000940x940x240x00x6AX004
    .textPROGBITS0x100000b80xb80xd7d00x00x6AX004
    .finiPROGBITS0x1000d8880xd8880x200x00x6AX004
    .rodataPROGBITS0x1000d8a80xd8a80x13500x00x2A008
    .ctorsPROGBITS0x1001f0000xf0000x80x00x3WA004
    .dtorsPROGBITS0x1001f0080xf0080x80x00x3WA004
    .dataPROGBITS0x1001f0180xf0180x3440x00x3WA008
    .sdataPROGBITS0x1001f35c0xf35c0x340x00x3WA004
    .sbssNOBITS0x1001f3900xf3900x600x00x3WA004
    .bssNOBITS0x1001f3f00xf3900x310c0x00x3WA004
    .shstrtabSTRTAB0x00xf3900x4b0x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x100000000x100000000xebf80xebf86.29770x5R E0x10000.init .text .fini .rodata
    LOAD0xf0000x1001f0000x1001f0000x3900x34fc2.97230x6RW 0x10000.ctors .dtors .data .sdata .sbss .bss
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

    Network Behavior

    Download Network PCAP: filteredfull

    Suricata IDS Alerts

    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
    2025-01-19T03:07:59.758023+01002500034ET COMPROMISED Known Compromised or Hostile Host Traffic group 18283.222.191.9013566192.168.2.1456538TCP

    Network Port Distribution

    • Total Packets: 223
    • 13566 undefined
    • 53 (DNS)
    TimestampSource PortDest PortSource IPDest IP
    Jan 19, 2025 03:07:59.213601112 CET4282813566192.168.2.1483.222.56.81
    Jan 19, 2025 03:07:59.214340925 CET3279013566192.168.2.1483.222.62.251
    Jan 19, 2025 03:07:59.218544960 CET135664282883.222.56.81192.168.2.14
    Jan 19, 2025 03:07:59.218732119 CET4282813566192.168.2.1483.222.56.81
    Jan 19, 2025 03:07:59.219139099 CET135663279083.222.62.251192.168.2.14
    Jan 19, 2025 03:07:59.219198942 CET3279013566192.168.2.1483.222.62.251
    Jan 19, 2025 03:07:59.256222010 CET6035013566192.168.2.1483.222.219.233
    Jan 19, 2025 03:07:59.261063099 CET135666035083.222.219.233192.168.2.14
    Jan 19, 2025 03:07:59.261111021 CET6035013566192.168.2.1483.222.219.233
    Jan 19, 2025 03:07:59.279144049 CET6081413566192.168.2.1483.222.69.174
    Jan 19, 2025 03:07:59.284013033 CET135666081483.222.69.174192.168.2.14
    Jan 19, 2025 03:07:59.284157991 CET6081413566192.168.2.1483.222.69.174
    Jan 19, 2025 03:07:59.287559032 CET6081413566192.168.2.1483.222.69.174
    Jan 19, 2025 03:07:59.290199995 CET4662013566192.168.2.1483.222.246.7
    Jan 19, 2025 03:07:59.292351961 CET135666081483.222.69.174192.168.2.14
    Jan 19, 2025 03:07:59.292398930 CET6081413566192.168.2.1483.222.69.174
    Jan 19, 2025 03:07:59.293576002 CET3986813566192.168.2.1483.222.59.20
    Jan 19, 2025 03:07:59.295006037 CET135664662083.222.246.7192.168.2.14
    Jan 19, 2025 03:07:59.295056105 CET4662013566192.168.2.1483.222.246.7
    Jan 19, 2025 03:07:59.298427105 CET135663986883.222.59.20192.168.2.14
    Jan 19, 2025 03:07:59.298480034 CET3986813566192.168.2.1483.222.59.20
    Jan 19, 2025 03:07:59.311846972 CET6024613566192.168.2.1483.222.182.204
    Jan 19, 2025 03:07:59.315548897 CET4255213566192.168.2.1483.222.38.113
    Jan 19, 2025 03:07:59.316735029 CET135666024683.222.182.204192.168.2.14
    Jan 19, 2025 03:07:59.316804886 CET6024613566192.168.2.1483.222.182.204
    Jan 19, 2025 03:07:59.320410013 CET135664255283.222.38.113192.168.2.14
    Jan 19, 2025 03:07:59.320466995 CET4255213566192.168.2.1483.222.38.113
    Jan 19, 2025 03:07:59.331620932 CET4255213566192.168.2.1483.222.38.113
    Jan 19, 2025 03:07:59.336424112 CET135664255283.222.38.113192.168.2.14
    Jan 19, 2025 03:07:59.336472034 CET4255213566192.168.2.1483.222.38.113
    Jan 19, 2025 03:07:59.363642931 CET3513213566192.168.2.1483.222.183.58
    Jan 19, 2025 03:07:59.368360043 CET4978413566192.168.2.1483.222.71.25
    Jan 19, 2025 03:07:59.368479967 CET135663513283.222.183.58192.168.2.14
    Jan 19, 2025 03:07:59.368536949 CET3513213566192.168.2.1483.222.183.58
    Jan 19, 2025 03:07:59.372797966 CET5445613566192.168.2.1483.222.175.215
    Jan 19, 2025 03:07:59.373173952 CET135664978483.222.71.25192.168.2.14
    Jan 19, 2025 03:07:59.373228073 CET4978413566192.168.2.1483.222.71.25
    Jan 19, 2025 03:07:59.377595901 CET135665445683.222.175.215192.168.2.14
    Jan 19, 2025 03:07:59.377641916 CET5445613566192.168.2.1483.222.175.215
    Jan 19, 2025 03:07:59.378551006 CET5445613566192.168.2.1483.222.175.215
    Jan 19, 2025 03:07:59.383372068 CET135665445683.222.175.215192.168.2.14
    Jan 19, 2025 03:07:59.383414030 CET5445613566192.168.2.1483.222.175.215
    Jan 19, 2025 03:07:59.384303093 CET5492613566192.168.2.1483.222.243.167
    Jan 19, 2025 03:07:59.389151096 CET135665492683.222.243.167192.168.2.14
    Jan 19, 2025 03:07:59.389209032 CET5492613566192.168.2.1483.222.243.167
    Jan 19, 2025 03:07:59.389755964 CET3562613566192.168.2.1483.222.8.146
    Jan 19, 2025 03:07:59.394522905 CET135663562683.222.8.146192.168.2.14
    Jan 19, 2025 03:07:59.394577980 CET3562613566192.168.2.1483.222.8.146
    Jan 19, 2025 03:07:59.404088974 CET4893813566192.168.2.1483.222.182.148
    Jan 19, 2025 03:07:59.408917904 CET135664893883.222.182.148192.168.2.14
    Jan 19, 2025 03:07:59.409032106 CET4893813566192.168.2.1483.222.182.148
    Jan 19, 2025 03:07:59.411478043 CET3795613566192.168.2.1483.222.162.56
    Jan 19, 2025 03:07:59.416312933 CET135663795683.222.162.56192.168.2.14
    Jan 19, 2025 03:07:59.416373014 CET3795613566192.168.2.1483.222.162.56
    Jan 19, 2025 03:07:59.456598997 CET3795613566192.168.2.1483.222.162.56
    Jan 19, 2025 03:07:59.461436987 CET135663795683.222.162.56192.168.2.14
    Jan 19, 2025 03:07:59.461499929 CET3795613566192.168.2.1483.222.162.56
    Jan 19, 2025 03:07:59.480881929 CET3327413566192.168.2.1483.222.174.218
    Jan 19, 2025 03:07:59.485676050 CET135663327483.222.174.218192.168.2.14
    Jan 19, 2025 03:07:59.485737085 CET3327413566192.168.2.1483.222.174.218
    Jan 19, 2025 03:07:59.495532990 CET3327413566192.168.2.1483.222.174.218
    Jan 19, 2025 03:07:59.499068975 CET5737013566192.168.2.1483.222.137.237
    Jan 19, 2025 03:07:59.500344038 CET135663327483.222.174.218192.168.2.14
    Jan 19, 2025 03:07:59.500387907 CET3327413566192.168.2.1483.222.174.218
    Jan 19, 2025 03:07:59.503164053 CET6085813566192.168.2.1483.222.214.100
    Jan 19, 2025 03:07:59.503914118 CET135665737083.222.137.237192.168.2.14
    Jan 19, 2025 03:07:59.503964901 CET5737013566192.168.2.1483.222.137.237
    Jan 19, 2025 03:07:59.505211115 CET3598213566192.168.2.1483.222.214.27
    Jan 19, 2025 03:07:59.507893085 CET135666085883.222.214.100192.168.2.14
    Jan 19, 2025 03:07:59.507940054 CET6085813566192.168.2.1483.222.214.100
    Jan 19, 2025 03:07:59.509936094 CET135663598283.222.214.27192.168.2.14
    Jan 19, 2025 03:07:59.509989023 CET3598213566192.168.2.1483.222.214.27
    Jan 19, 2025 03:07:59.520608902 CET3598213566192.168.2.1483.222.214.27
    Jan 19, 2025 03:07:59.522984982 CET5121413566192.168.2.1483.222.19.205
    Jan 19, 2025 03:07:59.525441885 CET135663598283.222.214.27192.168.2.14
    Jan 19, 2025 03:07:59.525490999 CET3598213566192.168.2.1483.222.214.27
    Jan 19, 2025 03:07:59.527831078 CET135665121483.222.19.205192.168.2.14
    Jan 19, 2025 03:07:59.527873993 CET5121413566192.168.2.1483.222.19.205
    Jan 19, 2025 03:07:59.542525053 CET5121413566192.168.2.1483.222.19.205
    Jan 19, 2025 03:07:59.544589043 CET4521013566192.168.2.1483.222.34.78
    Jan 19, 2025 03:07:59.547902107 CET135665121483.222.19.205192.168.2.14
    Jan 19, 2025 03:07:59.547945976 CET5121413566192.168.2.1483.222.19.205
    Jan 19, 2025 03:07:59.548125029 CET3492613566192.168.2.1483.222.225.216
    Jan 19, 2025 03:07:59.549424887 CET135664521083.222.34.78192.168.2.14
    Jan 19, 2025 03:07:59.549479961 CET4521013566192.168.2.1483.222.34.78
    Jan 19, 2025 03:07:59.551839113 CET5387613566192.168.2.1483.222.27.7
    Jan 19, 2025 03:07:59.552898884 CET135663492683.222.225.216192.168.2.14
    Jan 19, 2025 03:07:59.552942991 CET3492613566192.168.2.1483.222.225.216
    Jan 19, 2025 03:07:59.554771900 CET5072213566192.168.2.1483.222.74.210
    Jan 19, 2025 03:07:59.556616068 CET135665387683.222.27.7192.168.2.14
    Jan 19, 2025 03:07:59.556663990 CET5387613566192.168.2.1483.222.27.7
    Jan 19, 2025 03:07:59.559518099 CET135665072283.222.74.210192.168.2.14
    Jan 19, 2025 03:07:59.559566021 CET5072213566192.168.2.1483.222.74.210
    Jan 19, 2025 03:07:59.560266018 CET5072213566192.168.2.1483.222.74.210
    Jan 19, 2025 03:07:59.562290907 CET3410013566192.168.2.1483.222.66.145
    Jan 19, 2025 03:07:59.565084934 CET135665072283.222.74.210192.168.2.14
    Jan 19, 2025 03:07:59.565128088 CET5072213566192.168.2.1483.222.74.210
    Jan 19, 2025 03:07:59.567089081 CET135663410083.222.66.145192.168.2.14
    Jan 19, 2025 03:07:59.567138910 CET3410013566192.168.2.1483.222.66.145
    Jan 19, 2025 03:07:59.568048000 CET3819613566192.168.2.1483.222.235.241
    Jan 19, 2025 03:07:59.571252108 CET3574613566192.168.2.1483.222.104.222
    Jan 19, 2025 03:07:59.572776079 CET135663819683.222.235.241192.168.2.14
    Jan 19, 2025 03:07:59.572824955 CET3819613566192.168.2.1483.222.235.241
    Jan 19, 2025 03:07:59.573566914 CET5706413566192.168.2.1483.222.152.112
    Jan 19, 2025 03:07:59.575998068 CET135663574683.222.104.222192.168.2.14
    Jan 19, 2025 03:07:59.576056957 CET3574613566192.168.2.1483.222.104.222
    Jan 19, 2025 03:07:59.576323032 CET3376213566192.168.2.1483.222.113.78
    Jan 19, 2025 03:07:59.578383923 CET135665706483.222.152.112192.168.2.14
    Jan 19, 2025 03:07:59.578414917 CET5706413566192.168.2.1483.222.152.112
    Jan 19, 2025 03:07:59.579476118 CET3615013566192.168.2.1483.222.5.19
    Jan 19, 2025 03:07:59.581028938 CET4692013566192.168.2.1483.222.134.179
    Jan 19, 2025 03:07:59.581106901 CET135663376283.222.113.78192.168.2.14
    Jan 19, 2025 03:07:59.581149101 CET3376213566192.168.2.1483.222.113.78
    Jan 19, 2025 03:07:59.582202911 CET4798813566192.168.2.1483.222.237.16
    Jan 19, 2025 03:07:59.583254099 CET4389813566192.168.2.1483.222.160.195
    Jan 19, 2025 03:07:59.584248066 CET135663615083.222.5.19192.168.2.14
    Jan 19, 2025 03:07:59.584294081 CET3615013566192.168.2.1483.222.5.19
    Jan 19, 2025 03:07:59.584417105 CET4069413566192.168.2.1483.222.116.119
    Jan 19, 2025 03:07:59.585473061 CET5442213566192.168.2.1483.222.223.135
    Jan 19, 2025 03:07:59.585762024 CET135664692083.222.134.179192.168.2.14
    Jan 19, 2025 03:07:59.585799932 CET4692013566192.168.2.1483.222.134.179
    Jan 19, 2025 03:07:59.586452007 CET3917413566192.168.2.1483.222.68.1
    Jan 19, 2025 03:07:59.586987972 CET135664798883.222.237.16192.168.2.14
    Jan 19, 2025 03:07:59.587035894 CET4798813566192.168.2.1483.222.237.16
    Jan 19, 2025 03:07:59.587716103 CET4894613566192.168.2.1483.222.214.37
    Jan 19, 2025 03:07:59.588025093 CET135664389883.222.160.195192.168.2.14
    Jan 19, 2025 03:07:59.588088036 CET4389813566192.168.2.1483.222.160.195
    Jan 19, 2025 03:07:59.589149952 CET135664069483.222.116.119192.168.2.14
    Jan 19, 2025 03:07:59.589188099 CET4069413566192.168.2.1483.222.116.119
    Jan 19, 2025 03:07:59.589206934 CET5487413566192.168.2.1483.222.218.241
    Jan 19, 2025 03:07:59.590306044 CET135665442283.222.223.135192.168.2.14
    Jan 19, 2025 03:07:59.590358973 CET5442213566192.168.2.1483.222.223.135
    Jan 19, 2025 03:07:59.591253996 CET135663917483.222.68.1192.168.2.14
    Jan 19, 2025 03:07:59.591304064 CET3917413566192.168.2.1483.222.68.1
    Jan 19, 2025 03:07:59.592197895 CET6046613566192.168.2.1483.222.44.36
    Jan 19, 2025 03:07:59.592554092 CET135664894683.222.214.37192.168.2.14
    Jan 19, 2025 03:07:59.592597008 CET4894613566192.168.2.1483.222.214.37
    Jan 19, 2025 03:07:59.594044924 CET135665487483.222.218.241192.168.2.14
    Jan 19, 2025 03:07:59.594084978 CET5487413566192.168.2.1483.222.218.241
    Jan 19, 2025 03:07:59.594340086 CET5980013566192.168.2.1483.222.195.110
    Jan 19, 2025 03:07:59.596908092 CET3793813566192.168.2.1483.222.181.175
    Jan 19, 2025 03:07:59.596946955 CET135666046683.222.44.36192.168.2.14
    Jan 19, 2025 03:07:59.596991062 CET6046613566192.168.2.1483.222.44.36
    Jan 19, 2025 03:07:59.599000931 CET5025013566192.168.2.1483.222.95.30
    Jan 19, 2025 03:07:59.599215984 CET135665980083.222.195.110192.168.2.14
    Jan 19, 2025 03:07:59.599256039 CET5980013566192.168.2.1483.222.195.110
    Jan 19, 2025 03:07:59.601543903 CET5156213566192.168.2.1483.222.141.247
    Jan 19, 2025 03:07:59.601713896 CET135663793883.222.181.175192.168.2.14
    Jan 19, 2025 03:07:59.601758957 CET3793813566192.168.2.1483.222.181.175
    Jan 19, 2025 03:07:59.603660107 CET5302013566192.168.2.1483.222.142.254
    Jan 19, 2025 03:07:59.603787899 CET135665025083.222.95.30192.168.2.14
    Jan 19, 2025 03:07:59.603831053 CET5025013566192.168.2.1483.222.95.30
    Jan 19, 2025 03:07:59.606229067 CET4547613566192.168.2.1483.222.69.147
    Jan 19, 2025 03:07:59.606319904 CET135665156283.222.141.247192.168.2.14
    Jan 19, 2025 03:07:59.606368065 CET5156213566192.168.2.1483.222.141.247
    Jan 19, 2025 03:07:59.608464956 CET135665302083.222.142.254192.168.2.14
    Jan 19, 2025 03:07:59.608519077 CET5302013566192.168.2.1483.222.142.254
    Jan 19, 2025 03:07:59.608596087 CET5665813566192.168.2.1483.222.17.204
    Jan 19, 2025 03:07:59.610992908 CET135664547683.222.69.147192.168.2.14
    Jan 19, 2025 03:07:59.611043930 CET4547613566192.168.2.1483.222.69.147
    Jan 19, 2025 03:07:59.613353968 CET3695613566192.168.2.1483.222.71.255
    Jan 19, 2025 03:07:59.613380909 CET135665665883.222.17.204192.168.2.14
    Jan 19, 2025 03:07:59.613431931 CET5665813566192.168.2.1483.222.17.204
    Jan 19, 2025 03:07:59.616580009 CET4490413566192.168.2.1483.222.220.231
    Jan 19, 2025 03:07:59.618114948 CET135663695683.222.71.255192.168.2.14
    Jan 19, 2025 03:07:59.618182898 CET3695613566192.168.2.1483.222.71.255
    Jan 19, 2025 03:07:59.619442940 CET5063813566192.168.2.1483.222.194.80
    Jan 19, 2025 03:07:59.621402979 CET135664490483.222.220.231192.168.2.14
    Jan 19, 2025 03:07:59.621462107 CET4490413566192.168.2.1483.222.220.231
    Jan 19, 2025 03:07:59.621885061 CET4857613566192.168.2.1483.222.94.161
    Jan 19, 2025 03:07:59.624202013 CET135665063883.222.194.80192.168.2.14
    Jan 19, 2025 03:07:59.624243975 CET5063813566192.168.2.1483.222.194.80
    Jan 19, 2025 03:07:59.624792099 CET4785813566192.168.2.1483.222.216.162
    Jan 19, 2025 03:07:59.626658916 CET135664857683.222.94.161192.168.2.14
    Jan 19, 2025 03:07:59.626717091 CET4857613566192.168.2.1483.222.94.161
    Jan 19, 2025 03:07:59.627159119 CET5070613566192.168.2.1483.222.163.174
    Jan 19, 2025 03:07:59.629677057 CET135664785883.222.216.162192.168.2.14
    Jan 19, 2025 03:07:59.629717112 CET4785813566192.168.2.1483.222.216.162
    Jan 19, 2025 03:07:59.630139112 CET4557013566192.168.2.1483.222.199.125
    Jan 19, 2025 03:07:59.631977081 CET135665070683.222.163.174192.168.2.14
    Jan 19, 2025 03:07:59.632020950 CET5070613566192.168.2.1483.222.163.174
    Jan 19, 2025 03:07:59.632579088 CET3333013566192.168.2.1483.222.159.244
    Jan 19, 2025 03:07:59.634927034 CET135664557083.222.199.125192.168.2.14
    Jan 19, 2025 03:07:59.634973049 CET4557013566192.168.2.1483.222.199.125
    Jan 19, 2025 03:07:59.635570049 CET5269013566192.168.2.1483.222.161.98
    Jan 19, 2025 03:07:59.637299061 CET135663333083.222.159.244192.168.2.14
    Jan 19, 2025 03:07:59.637342930 CET3333013566192.168.2.1483.222.159.244
    Jan 19, 2025 03:07:59.638163090 CET5488813566192.168.2.1483.222.98.86
    Jan 19, 2025 03:07:59.640336990 CET135665269083.222.161.98192.168.2.14
    Jan 19, 2025 03:07:59.640371084 CET5269013566192.168.2.1483.222.161.98
    Jan 19, 2025 03:07:59.641586065 CET4507813566192.168.2.1483.222.17.194
    Jan 19, 2025 03:07:59.644556999 CET3700013566192.168.2.1483.222.116.159
    Jan 19, 2025 03:07:59.644865036 CET135665488883.222.98.86192.168.2.14
    Jan 19, 2025 03:07:59.644905090 CET5488813566192.168.2.1483.222.98.86
    Jan 19, 2025 03:07:59.646286011 CET135664507883.222.17.194192.168.2.14
    Jan 19, 2025 03:07:59.646321058 CET4507813566192.168.2.1483.222.17.194
    Jan 19, 2025 03:07:59.647217035 CET5620213566192.168.2.1483.222.185.3
    Jan 19, 2025 03:07:59.649321079 CET135663700083.222.116.159192.168.2.14
    Jan 19, 2025 03:07:59.649363995 CET3700013566192.168.2.1483.222.116.159
    Jan 19, 2025 03:07:59.652019978 CET135665620283.222.185.3192.168.2.14
    Jan 19, 2025 03:07:59.652075052 CET5620213566192.168.2.1483.222.185.3
    Jan 19, 2025 03:07:59.652682066 CET4925613566192.168.2.1483.222.157.255
    Jan 19, 2025 03:07:59.656928062 CET4812213566192.168.2.1483.222.150.175
    Jan 19, 2025 03:07:59.657526016 CET135664925683.222.157.255192.168.2.14
    Jan 19, 2025 03:07:59.657576084 CET4925613566192.168.2.1483.222.157.255
    Jan 19, 2025 03:07:59.661006927 CET4050413566192.168.2.1483.222.203.221
    Jan 19, 2025 03:07:59.661722898 CET135664812283.222.150.175192.168.2.14
    Jan 19, 2025 03:07:59.661771059 CET4812213566192.168.2.1483.222.150.175
    Jan 19, 2025 03:07:59.665324926 CET5940413566192.168.2.1483.222.174.167
    Jan 19, 2025 03:07:59.665741920 CET135664050483.222.203.221192.168.2.14
    Jan 19, 2025 03:07:59.665781021 CET4050413566192.168.2.1483.222.203.221
    Jan 19, 2025 03:07:59.669527054 CET5040413566192.168.2.1483.222.197.112
    Jan 19, 2025 03:07:59.670108080 CET135665940483.222.174.167192.168.2.14
    Jan 19, 2025 03:07:59.670154095 CET5940413566192.168.2.1483.222.174.167
    Jan 19, 2025 03:07:59.673758030 CET4178013566192.168.2.1483.222.247.35
    Jan 19, 2025 03:07:59.675329924 CET135665040483.222.197.112192.168.2.14
    Jan 19, 2025 03:07:59.675378084 CET5040413566192.168.2.1483.222.197.112
    Jan 19, 2025 03:07:59.678186893 CET5220013566192.168.2.1483.222.18.207
    Jan 19, 2025 03:07:59.679636955 CET135664178083.222.247.35192.168.2.14
    Jan 19, 2025 03:07:59.679671049 CET4178013566192.168.2.1483.222.247.35
    Jan 19, 2025 03:07:59.682378054 CET5231413566192.168.2.1483.222.198.181
    Jan 19, 2025 03:07:59.682969093 CET135665220083.222.18.207192.168.2.14
    Jan 19, 2025 03:07:59.683017969 CET5220013566192.168.2.1483.222.18.207
    Jan 19, 2025 03:07:59.686541080 CET4669013566192.168.2.1483.222.125.141
    Jan 19, 2025 03:07:59.687205076 CET135665231483.222.198.181192.168.2.14
    Jan 19, 2025 03:07:59.687247038 CET5231413566192.168.2.1483.222.198.181
    Jan 19, 2025 03:07:59.691323042 CET135664669083.222.125.141192.168.2.14
    Jan 19, 2025 03:07:59.691389084 CET4669013566192.168.2.1483.222.125.141
    Jan 19, 2025 03:07:59.704314947 CET5602613566192.168.2.1483.222.50.28
    Jan 19, 2025 03:07:59.710232973 CET135665602683.222.50.28192.168.2.14
    Jan 19, 2025 03:07:59.710289001 CET5602613566192.168.2.1483.222.50.28
    Jan 19, 2025 03:07:59.710541010 CET5956613566192.168.2.1483.222.129.211
    Jan 19, 2025 03:07:59.716264963 CET135665956683.222.129.211192.168.2.14
    Jan 19, 2025 03:07:59.716325998 CET5956613566192.168.2.1483.222.129.211
    Jan 19, 2025 03:07:59.716516972 CET3878013566192.168.2.1483.222.127.228
    Jan 19, 2025 03:07:59.718445063 CET6021213566192.168.2.1483.222.41.144
    Jan 19, 2025 03:07:59.719820023 CET5405613566192.168.2.1483.222.166.158
    Jan 19, 2025 03:07:59.720876932 CET5942413566192.168.2.1483.222.47.95
    Jan 19, 2025 03:07:59.721600056 CET4521013566192.168.2.1483.222.161.205
    Jan 19, 2025 03:07:59.722151041 CET135663878083.222.127.228192.168.2.14
    Jan 19, 2025 03:07:59.722196102 CET3878013566192.168.2.1483.222.127.228
    Jan 19, 2025 03:07:59.722353935 CET3413413566192.168.2.1483.222.94.55
    Jan 19, 2025 03:07:59.723119974 CET3282613566192.168.2.1483.222.124.41
    Jan 19, 2025 03:07:59.723504066 CET135666021283.222.41.144192.168.2.14
    Jan 19, 2025 03:07:59.723551035 CET6021213566192.168.2.1483.222.41.144
    Jan 19, 2025 03:07:59.723870039 CET5911413566192.168.2.1483.222.21.42
    Jan 19, 2025 03:07:59.724534035 CET135665405683.222.166.158192.168.2.14
    Jan 19, 2025 03:07:59.724569082 CET5405613566192.168.2.1483.222.166.158
    Jan 19, 2025 03:07:59.724596977 CET4217613566192.168.2.1483.222.208.218
    Jan 19, 2025 03:07:59.725327969 CET4287213566192.168.2.1483.222.154.200
    Jan 19, 2025 03:07:59.726058960 CET4617413566192.168.2.1483.222.253.172
    Jan 19, 2025 03:07:59.726807117 CET4611813566192.168.2.1483.222.151.195
    Jan 19, 2025 03:07:59.727539062 CET3444613566192.168.2.1483.222.97.21
    Jan 19, 2025 03:07:59.728008032 CET135665942483.222.47.95192.168.2.14
    Jan 19, 2025 03:07:59.728049040 CET5942413566192.168.2.1483.222.47.95
    Jan 19, 2025 03:07:59.728301048 CET4601413566192.168.2.1483.222.81.147
    Jan 19, 2025 03:07:59.728539944 CET135664521083.222.161.205192.168.2.14
    Jan 19, 2025 03:07:59.728555918 CET135663413483.222.94.55192.168.2.14
    Jan 19, 2025 03:07:59.728593111 CET4521013566192.168.2.1483.222.161.205
    Jan 19, 2025 03:07:59.728596926 CET3413413566192.168.2.1483.222.94.55
    Jan 19, 2025 03:07:59.728868008 CET135663282683.222.124.41192.168.2.14
    Jan 19, 2025 03:07:59.728919029 CET3282613566192.168.2.1483.222.124.41
    Jan 19, 2025 03:07:59.729054928 CET3865213566192.168.2.1483.222.49.210
    Jan 19, 2025 03:07:59.729753971 CET135665911483.222.21.42192.168.2.14
    Jan 19, 2025 03:07:59.729784012 CET5391613566192.168.2.1483.222.102.176
    Jan 19, 2025 03:07:59.729799986 CET5911413566192.168.2.1483.222.21.42
    Jan 19, 2025 03:07:59.730293036 CET135664217683.222.208.218192.168.2.14
    Jan 19, 2025 03:07:59.730334997 CET4217613566192.168.2.1483.222.208.218
    Jan 19, 2025 03:07:59.730524063 CET5076613566192.168.2.1483.222.182.144
    Jan 19, 2025 03:07:59.731021881 CET135664287283.222.154.200192.168.2.14
    Jan 19, 2025 03:07:59.731070995 CET4287213566192.168.2.1483.222.154.200
    Jan 19, 2025 03:07:59.731295109 CET5195813566192.168.2.1483.222.65.92
    Jan 19, 2025 03:07:59.731815100 CET135664617483.222.253.172192.168.2.14
    Jan 19, 2025 03:07:59.731853008 CET4617413566192.168.2.1483.222.253.172
    Jan 19, 2025 03:07:59.732053995 CET4483613566192.168.2.1483.222.46.112
    Jan 19, 2025 03:07:59.732534885 CET135664611883.222.151.195192.168.2.14
    Jan 19, 2025 03:07:59.732577085 CET4611813566192.168.2.1483.222.151.195
    Jan 19, 2025 03:07:59.732777119 CET3800413566192.168.2.1483.222.188.207
    Jan 19, 2025 03:07:59.733208895 CET135663444683.222.97.21192.168.2.14
    Jan 19, 2025 03:07:59.733251095 CET3444613566192.168.2.1483.222.97.21
    Jan 19, 2025 03:07:59.733525038 CET4387213566192.168.2.1483.222.61.26
    Jan 19, 2025 03:07:59.734045982 CET135664601483.222.81.147192.168.2.14
    Jan 19, 2025 03:07:59.734100103 CET4601413566192.168.2.1483.222.81.147
    Jan 19, 2025 03:07:59.734236002 CET5684413566192.168.2.1483.222.6.185
    Jan 19, 2025 03:07:59.734709024 CET135663865283.222.49.210192.168.2.14
    Jan 19, 2025 03:07:59.734756947 CET3865213566192.168.2.1483.222.49.210
    Jan 19, 2025 03:07:59.734981060 CET4150013566192.168.2.1483.222.68.27
    Jan 19, 2025 03:07:59.735541105 CET135665391683.222.102.176192.168.2.14
    Jan 19, 2025 03:07:59.735583067 CET5391613566192.168.2.1483.222.102.176
    Jan 19, 2025 03:07:59.735717058 CET3846213566192.168.2.1483.222.227.20
    Jan 19, 2025 03:07:59.736251116 CET135665076683.222.182.144192.168.2.14
    Jan 19, 2025 03:07:59.736293077 CET5076613566192.168.2.1483.222.182.144
    Jan 19, 2025 03:07:59.736428976 CET3372413566192.168.2.1483.222.245.126
    Jan 19, 2025 03:07:59.737122059 CET135665195883.222.65.92192.168.2.14
    Jan 19, 2025 03:07:59.737165928 CET5195813566192.168.2.1483.222.65.92
    Jan 19, 2025 03:07:59.737824917 CET135664483683.222.46.112192.168.2.14
    Jan 19, 2025 03:07:59.737884045 CET4483613566192.168.2.1483.222.46.112
    Jan 19, 2025 03:07:59.738111973 CET4540013566192.168.2.1483.222.220.243
    Jan 19, 2025 03:07:59.738491058 CET135663800483.222.188.207192.168.2.14
    Jan 19, 2025 03:07:59.738538980 CET3800413566192.168.2.1483.222.188.207
    Jan 19, 2025 03:07:59.738868952 CET4733013566192.168.2.1483.222.42.116
    Jan 19, 2025 03:07:59.739203930 CET135664387283.222.61.26192.168.2.14
    Jan 19, 2025 03:07:59.739259005 CET4387213566192.168.2.1483.222.61.26
    Jan 19, 2025 03:07:59.739641905 CET5438213566192.168.2.1483.222.182.140
    Jan 19, 2025 03:07:59.739903927 CET135665684483.222.6.185192.168.2.14
    Jan 19, 2025 03:07:59.739943027 CET5684413566192.168.2.1483.222.6.185
    Jan 19, 2025 03:07:59.740747929 CET135664150083.222.68.27192.168.2.14
    Jan 19, 2025 03:07:59.740814924 CET4150013566192.168.2.1483.222.68.27
    Jan 19, 2025 03:07:59.741435051 CET135663846283.222.227.20192.168.2.14
    Jan 19, 2025 03:07:59.741483927 CET3846213566192.168.2.1483.222.227.20
    Jan 19, 2025 03:07:59.742094040 CET135663372483.222.245.126192.168.2.14
    Jan 19, 2025 03:07:59.742136955 CET3372413566192.168.2.1483.222.245.126
    Jan 19, 2025 03:07:59.743849993 CET135664540083.222.220.243192.168.2.14
    Jan 19, 2025 03:07:59.743899107 CET4540013566192.168.2.1483.222.220.243
    Jan 19, 2025 03:07:59.744168997 CET135664733083.222.42.116192.168.2.14
    Jan 19, 2025 03:07:59.744214058 CET4733013566192.168.2.1483.222.42.116
    Jan 19, 2025 03:07:59.744390011 CET135665438283.222.182.140192.168.2.14
    Jan 19, 2025 03:07:59.744441032 CET5438213566192.168.2.1483.222.182.140
    Jan 19, 2025 03:07:59.753168106 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:07:59.758023024 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:07:59.758086920 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:07:59.758980989 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:07:59.763797045 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:07:59.763907909 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:07:59.768845081 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:08:09.764431000 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:08:09.769843102 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:08:09.967988014 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:08:09.968065977 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:08:10.347167969 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:08:10.347389936 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:09:10.392666101 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:09:10.397641897 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:09:10.600224972 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:09:10.600495100 CET5653813566192.168.2.1483.222.191.90
    Jan 19, 2025 03:09:11.705914974 CET135665653883.222.191.90192.168.2.14
    Jan 19, 2025 03:09:11.706315041 CET5653813566192.168.2.1483.222.191.90
    TimestampSource PortDest PortSource IPDest IP
    Jan 19, 2025 03:07:59.741883993 CET3596153192.168.2.148.8.8.8
    Jan 19, 2025 03:07:59.751983881 CET53359618.8.8.8192.168.2.14

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jan 19, 2025 03:07:59.741883993 CET192.168.2.148.8.8.80xaa2fStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jan 19, 2025 03:07:59.751983881 CET8.8.8.8192.168.2.140xaa2fNo error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/tmp/Kloki.ppc.elf
    Arguments:/tmp/Kloki.ppc.elf
    File size:5388968 bytes
    MD5 hash:ae65271c943d3451b7f026d1fadccea6

    File Activities

    Process Activities

    System Activities

    Network Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/tmp/Kloki.ppc.elf
    Arguments:-
    File size:5388968 bytes
    MD5 hash:ae65271c943d3451b7f026d1fadccea6

    File Activities

    Process Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/tmp/Kloki.ppc.elf
    Arguments:-
    File size:5388968 bytes
    MD5 hash:ae65271c943d3451b7f026d1fadccea6

    Process Activities

    Network Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/tmp/Kloki.ppc.elf
    Arguments:-
    File size:5388968 bytes
    MD5 hash:ae65271c943d3451b7f026d1fadccea6

    File Activities

    Process Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Process Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Process Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    File Activities

    Process Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/usr/bin/gnome-shell
    Arguments:/usr/bin/gnome-shell
    File size:23168 bytes
    MD5 hash:da7a257239677622fe4b3a65972c9e87

    File Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Process Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    File Activities

    Process Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/usr/libexec/gsd-print-notifications
    Arguments:/usr/libexec/gsd-print-notifications
    File size:51840 bytes
    MD5 hash:71539698aa691718cee775d6b9450ae2

    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/usr/libexec/gnome-session-binary
    Arguments:-
    File size:334664 bytes
    MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

    Process Activities


    General

    Start time (UTC):02:07:58
    Start date (UTC):19/01/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    File Activities


    General

    Start time (UTC):02:07:59
    Start date (UTC):19/01/2025
    Path:/usr/sbin/gdm3
    Arguments:-
    File size:453296 bytes
    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

    Process Activities


    General

    Start time (UTC):02:07:59
    Start date (UTC):19/01/2025
    Path:/etc/gdm3/PrimeOff/Default
    Arguments:/etc/gdm3/PrimeOff/Default
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    File Activities


    General

    Start time (UTC):02:07:59
    Start date (UTC):19/01/2025
    Path:/usr/sbin/gdm3
    Arguments:-
    File size:453296 bytes
    MD5 hash:2492e2d8d34f9377e3e530a61a15674f

    Process Activities


    General

    Start time (UTC):02:07:59
    Start date (UTC):19/01/2025
    Path:/etc/gdm3/PrimeOff/Default
    Arguments:/etc/gdm3/PrimeOff/Default
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    File Activities


    General

    Start time (UTC):02:08:09
    Start date (UTC):19/01/2025
    Path:/usr/lib/systemd/systemd
    Arguments:-
    File size:1620224 bytes
    MD5 hash:9b2bec7092a40488108543f9334aab75

    Process Activities


    General

    Start time (UTC):02:08:09
    Start date (UTC):19/01/2025
    Path:/lib/systemd/systemd-user-runtime-dir
    Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
    File size:22672 bytes
    MD5 hash:d55f4b0847f88131dbcfb07435178e54

    File Activities

    Process Activities