Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
loki.mips.elf

Overview

General Information

Sample name:loki.mips.elf
Analysis ID:1594498
MD5:e5b4015901ad95480d84cfcf6e1118b4
SHA1:6ec988149c1a7ee6fb6d303927cff0b181ec7833
SHA256:ef974196020dc0ca0bb7a1a1baa93b6dab7df806199a34ceb7bfa7dc962a19ab
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1594498
Start date and time:2025-01-19 03:27:07 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 43s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:loki.mips.elf
Detection:MAL
Classification:mal48.linELF@0/0@1/0

Runtime Messages

Command:/tmp/loki.mips.elf
PID:5428
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
suka
Standard Error:

Process Tree

  • system is lnxubuntu20
  • loki.mips.elf (PID: 5428, Parent: 5354, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/loki.mips.elf
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-19T03:27:56.842732+010025000342Misc Attack83.222.191.9013566192.168.2.1342792TCP

Joe Sandbox Signatures

  • AV Detection
  • Networking
  • System Summary
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: loki.mips.elfAvira: detected
Source: global trafficTCP traffic: 192.168.2.13:56908 -> 83.222.3.218:13566
Source: global trafficTCP traffic: 192.168.2.13:36370 -> 83.222.12.148:13566
Source: global trafficTCP traffic: 192.168.2.13:49506 -> 83.222.97.61:13566
Source: global trafficTCP traffic: 192.168.2.13:47202 -> 83.222.188.112:13566
Source: global trafficTCP traffic: 192.168.2.13:35812 -> 83.222.111.95:13566
Source: global trafficTCP traffic: 192.168.2.13:38470 -> 83.222.76.26:13566
Source: global trafficTCP traffic: 192.168.2.13:35388 -> 83.222.220.160:13566
Source: global trafficTCP traffic: 192.168.2.13:48148 -> 83.222.3.166:13566
Source: global trafficTCP traffic: 192.168.2.13:54002 -> 83.222.130.251:13566
Source: global trafficTCP traffic: 192.168.2.13:56838 -> 83.222.123.21:13566
Source: global trafficTCP traffic: 192.168.2.13:54656 -> 83.222.234.175:13566
Source: global trafficTCP traffic: 192.168.2.13:34308 -> 83.222.39.91:13566
Source: global trafficTCP traffic: 192.168.2.13:49628 -> 83.222.104.198:13566
Source: global trafficTCP traffic: 192.168.2.13:49130 -> 83.222.175.167:13566
Source: global trafficTCP traffic: 192.168.2.13:57272 -> 83.222.217.203:13566
Source: global trafficTCP traffic: 192.168.2.13:46224 -> 83.222.172.220:13566
Source: global trafficTCP traffic: 192.168.2.13:47342 -> 83.222.166.184:13566
Source: global trafficTCP traffic: 192.168.2.13:47964 -> 83.222.113.7:13566
Source: global trafficTCP traffic: 192.168.2.13:51884 -> 83.222.245.45:13566
Source: global trafficTCP traffic: 192.168.2.13:50884 -> 83.222.120.101:13566
Source: global trafficTCP traffic: 192.168.2.13:51810 -> 83.222.140.196:13566
Source: global trafficTCP traffic: 192.168.2.13:56748 -> 83.222.127.104:13566
Source: global trafficTCP traffic: 192.168.2.13:57718 -> 83.222.100.130:13566
Source: global trafficTCP traffic: 192.168.2.13:43724 -> 83.222.15.230:13566
Source: global trafficTCP traffic: 192.168.2.13:35344 -> 83.222.125.138:13566
Source: global trafficTCP traffic: 192.168.2.13:36508 -> 83.222.251.103:13566
Source: global trafficTCP traffic: 192.168.2.13:38252 -> 83.222.58.34:13566
Source: global trafficTCP traffic: 192.168.2.13:37304 -> 83.222.195.162:13566
Source: global trafficTCP traffic: 192.168.2.13:55660 -> 83.222.233.114:13566
Source: global trafficTCP traffic: 192.168.2.13:42614 -> 83.222.73.194:13566
Source: global trafficTCP traffic: 192.168.2.13:40928 -> 83.222.62.245:13566
Source: global trafficTCP traffic: 192.168.2.13:51606 -> 83.222.159.228:13566
Source: global trafficTCP traffic: 192.168.2.13:56864 -> 83.222.173.16:13566
Source: global trafficTCP traffic: 192.168.2.13:58440 -> 83.222.235.163:13566
Source: global trafficTCP traffic: 192.168.2.13:48142 -> 83.222.61.99:13566
Source: global trafficTCP traffic: 192.168.2.13:54340 -> 83.222.8.202:13566
Source: global trafficTCP traffic: 192.168.2.13:38492 -> 83.222.39.135:13566
Source: global trafficTCP traffic: 192.168.2.13:58258 -> 83.222.50.139:13566
Source: global trafficTCP traffic: 192.168.2.13:34468 -> 83.222.9.65:13566
Source: global trafficTCP traffic: 192.168.2.13:57256 -> 83.222.113.134:13566
Source: global trafficTCP traffic: 192.168.2.13:34656 -> 83.222.204.109:13566
Source: global trafficTCP traffic: 192.168.2.13:47490 -> 83.222.237.6:13566
Source: global trafficTCP traffic: 192.168.2.13:57200 -> 83.222.143.176:13566
Source: global trafficTCP traffic: 192.168.2.13:51070 -> 83.222.168.120:13566
Source: global trafficTCP traffic: 192.168.2.13:45268 -> 83.222.35.242:13566
Source: global trafficTCP traffic: 192.168.2.13:52302 -> 83.222.59.97:13566
Source: global trafficTCP traffic: 192.168.2.13:42594 -> 83.222.231.218:13566
Source: global trafficTCP traffic: 192.168.2.13:51780 -> 83.222.69.149:13566
Source: global trafficTCP traffic: 192.168.2.13:46102 -> 83.222.234.48:13566
Source: global trafficTCP traffic: 192.168.2.13:47812 -> 83.222.56.39:13566
Source: global trafficTCP traffic: 192.168.2.13:45696 -> 83.222.148.64:13566
Source: global trafficTCP traffic: 192.168.2.13:60448 -> 83.222.241.187:13566
Source: global trafficTCP traffic: 192.168.2.13:51954 -> 83.222.199.36:13566
Source: global trafficTCP traffic: 192.168.2.13:44872 -> 83.222.71.208:13566
Source: global trafficTCP traffic: 192.168.2.13:49488 -> 83.222.101.184:13566
Source: global trafficTCP traffic: 192.168.2.13:53486 -> 83.222.86.49:13566
Source: global trafficTCP traffic: 192.168.2.13:60038 -> 83.222.37.67:13566
Source: global trafficTCP traffic: 192.168.2.13:38034 -> 83.222.55.181:13566
Source: global trafficTCP traffic: 192.168.2.13:44366 -> 83.222.244.224:13566
Source: global trafficTCP traffic: 192.168.2.13:46362 -> 83.222.45.23:13566
Source: global trafficTCP traffic: 192.168.2.13:49138 -> 83.222.210.104:13566
Source: global trafficTCP traffic: 192.168.2.13:49388 -> 83.222.120.185:13566
Source: global trafficTCP traffic: 192.168.2.13:50746 -> 83.222.66.189:13566
Source: global trafficTCP traffic: 192.168.2.13:38246 -> 83.222.78.44:13566
Source: global trafficTCP traffic: 192.168.2.13:58468 -> 83.222.237.134:13566
Source: global trafficTCP traffic: 192.168.2.13:56292 -> 83.222.84.129:13566
Source: global trafficTCP traffic: 192.168.2.13:42792 -> 83.222.191.90:13566
Source: /tmp/loki.mips.elf (PID: 5428)Socket: 127.0.0.1:14435Jump to behavior
Source: Network trafficSuricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.13:42792
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.3.218
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.3.218
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.3.218
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.3.218
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.12.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.12.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.12.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.12.148
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.97.61
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.97.61
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.188.112
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.111.95
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.188.112
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.111.95
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.76.26
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.220.160
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.76.26
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.220.160
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.220.160
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.3.166
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.220.160
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.130.251
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.3.166
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.123.21
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.130.251
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.234.175
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.123.21
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.234.175
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.39.91
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.39.91
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.104.198
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.104.198
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.167
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.217.203
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.175.167
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.217.203
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.172.220
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.172.220
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.166.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.113.7
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.166.184
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.113.7
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.245.45
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.120.101
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.245.45
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.140.196
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.120.101
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.127.104
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.140.196
Source: unknownTCP traffic detected without corresponding DNS query: 83.222.100.130
Source: global trafficDNS traffic detected: DNS query: secure-network-rebirthltd.ru
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.linELF@0/0@1/0
Source: /tmp/loki.mips.elf (PID: 5428)Queries kernel information via 'uname': Jump to behavior
Source: loki.mips.elf, 5428.1.00007fff54b2f000.00007fff54b50000.rw-.sdmp, loki.mips.elf, 5430.1.00007fff54b2f000.00007fff54b50000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/loki.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/loki.mips.elf
Source: loki.mips.elf, 5428.1.000055e0cdfa6000.000055e0ce055000.rw-.sdmp, loki.mips.elf, 5430.1.000055e0cdfa6000.000055e0ce02d000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
Source: loki.mips.elf, 5428.1.000055e0cdfa6000.000055e0ce055000.rw-.sdmp, loki.mips.elf, 5430.1.000055e0cdfa6000.000055e0ce02d000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: loki.mips.elf, 5428.1.00007fff54b2f000.00007fff54b50000.rw-.sdmp, loki.mips.elf, 5430.1.00007fff54b2f000.00007fff54b50000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1594498 Sample: loki.mips.elf Startdate: 19/01/2025 Architecture: LINUX Score: 48 13 83.222.125.138, 13566, 35344 TRI-ASTrueRecordsIncES Russian Federation 2->13 15 83.222.127.104, 13566, 56748 TRI-ASTrueRecordsIncES Russian Federation 2->15 17 65 other IPs or domains 2->17 19 Antivirus / Scanner detection for submitted sample 2->19 7 loki.mips.elf 2->7         started        signatures3 process4 process5 9 loki.mips.elf 7->9         started        11 loki.mips.elf 7->11         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
loki.mips.elf100%AviraEXP/ELF.Agent.J.8

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure-network-rebirthltd.ru
83.222.191.90
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    83.222.235.163
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.76.26
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.69.149
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.37.67
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.188.112
    		unknownBulgaria
    		43561NET1-ASBGfalse
    83.222.233.114
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.59.97
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.130.251
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.50.139
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.3.166
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.245.45
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.241.187
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.199.36
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.101.184
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.217.203
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.71.208
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.84.129
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.39.91
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.159.228
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.231.218
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.127.104
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.58.34
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.120.101
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.73.194
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.3.218
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.120.185
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.173.16
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.15.230
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.210.104
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.168.120
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.55.181
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.35.242
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.244.224
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.56.39
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.234.175
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.8.202
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.220.160
    		unknownRussian Federation
    		25159SONICDUO-ASRUfalse
    83.222.113.7
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.86.49
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.12.148
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse
    83.222.123.21
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.62.245
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.204.109
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.234.48
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.104.198
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.166.184
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.191.90
    		secure-network-rebirthltd.ruBulgaria
    		43561NET1-ASBGfalse
    83.222.125.138
    		unknownRussian Federation
    		47328TRI-ASTrueRecordsIncESfalse
    83.222.175.167
    		unknownBulgaria
    		12615GCN-ASGCNAD-SofiaBulgariaBGfalse
    83.222.237.6
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.195.162
    		unknownRussian Federation
    		6854SYNTERRA-ASRUfalse
    83.222.39.135
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.148.64
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.78.44
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.143.176
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.111.95
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.251.103
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.97.61
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.140.196
    		unknownSwitzerland
    		31736SENSELAN-ASsenseLANGmbHCHfalse
    83.222.100.130
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.237.134
    		unknownUnited Kingdom
    		13768COGECO-PEER1CAfalse
    83.222.61.99
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.66.189
    		unknownRussian Federation
    		16285ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUfalse
    83.222.172.220
    		unknownBulgaria
    		49040KIG-UNISAT-TVBGfalse
    83.222.113.134
    		unknownRussian Federation
    		42632MNOGOBYTE-ASMoscowRussiaRUfalse
    83.222.45.23
    		unknownLuxembourg
    		8632LOL-ASluLUfalse
    83.222.9.65
    		unknownRussian Federation
    		25532MASTERHOST-ASMoscowRussiaRUfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    83.222.101.184Kloki.spc.elfGet hashmaliciousUnknownBrowse
      83.222.233.114Kloki.i686.elfGet hashmaliciousUnknownBrowse
        83.222.58.34Kloki.mips.elfGet hashmaliciousUnknownBrowse

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          secure-network-rebirthltd.ruKloki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90
          loki.arm7.elfGet hashmaliciousMiraiBrowse
          • 83.222.191.90
          Kloki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90
          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90
          loki.mpsl.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90
          loki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90
          loki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90
          loki.m68k.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90
          loki.spc.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90
          Kloki.x86.elfGet hashmaliciousUnknownBrowse
          • 83.222.191.90

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUKloki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.74.245
          loki.arm7.elfGet hashmaliciousMiraiBrowse
          • 83.222.71.84
          Kloki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.93.147
          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
          • 83.222.66.145
          loki.mpsl.elfGet hashmaliciousUnknownBrowse
          • 83.222.94.118
          loki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.95.129
          loki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.70.140
          loki.m68k.elfGet hashmaliciousUnknownBrowse
          • 83.222.71.222
          loki.spc.elfGet hashmaliciousUnknownBrowse
          • 83.222.93.121
          Kloki.x86.elfGet hashmaliciousUnknownBrowse
          • 83.222.82.115
          ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRUKloki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.74.245
          loki.arm7.elfGet hashmaliciousMiraiBrowse
          • 83.222.71.84
          Kloki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.93.147
          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
          • 83.222.66.145
          loki.mpsl.elfGet hashmaliciousUnknownBrowse
          • 83.222.94.118
          loki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.95.129
          loki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.70.140
          loki.m68k.elfGet hashmaliciousUnknownBrowse
          • 83.222.71.222
          loki.spc.elfGet hashmaliciousUnknownBrowse
          • 83.222.93.121
          Kloki.x86.elfGet hashmaliciousUnknownBrowse
          • 83.222.82.115
          COGECO-PEER1CAKloki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.224.99
          loki.arm7.elfGet hashmaliciousMiraiBrowse
          • 83.222.247.103
          Kloki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.224.152
          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
          • 83.222.243.167
          loki.mpsl.elfGet hashmaliciousUnknownBrowse
          • 83.222.228.152
          loki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.254.156
          loki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.233.216
          loki.m68k.elfGet hashmaliciousUnknownBrowse
          • 83.222.240.133
          loki.spc.elfGet hashmaliciousUnknownBrowse
          • 83.222.243.125
          Kloki.x86.elfGet hashmaliciousUnknownBrowse
          • 83.222.239.59
          LOL-ASluLUKloki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.41.144
          loki.arm7.elfGet hashmaliciousMiraiBrowse
          • 83.222.39.173
          Kloki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.39.107
          Kloki.ppc.elfGet hashmaliciousUnknownBrowse
          • 83.222.59.20
          loki.mpsl.elfGet hashmaliciousUnknownBrowse
          • 83.222.55.216
          loki.i486.elfGet hashmaliciousUnknownBrowse
          • 83.222.48.106
          loki.sh4.elfGet hashmaliciousUnknownBrowse
          • 83.222.55.60
          loki.m68k.elfGet hashmaliciousUnknownBrowse
          • 83.222.36.39
          loki.spc.elfGet hashmaliciousUnknownBrowse
          • 83.222.53.146
          Kloki.x86.elfGet hashmaliciousUnknownBrowse
          • 83.222.34.13

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
          Entropy (8bit):5.322019413035321
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:loki.mips.elf
          File size:63'680 bytes
          MD5:e5b4015901ad95480d84cfcf6e1118b4
          SHA1:6ec988149c1a7ee6fb6d303927cff0b181ec7833
          SHA256:ef974196020dc0ca0bb7a1a1baa93b6dab7df806199a34ceb7bfa7dc962a19ab
          SHA512:a34ef1401692dc71a5cb240c94e26979665b8aa466c821a8b712b460c71a7d40acf3f4baf9a7be3e88cb5bc16c89e5fe4f61f4e94fbbc8e9a54a838288800cc6
          SSDEEP:1536:9rx29+jjkt0ZjHz2l7jQ7jIYj/LvaALBbLSv:7297t0Zj6KaALBHSv
          TLSH:7953B71A2E12CFEDF76D873587B78E219758339227E1D682E15CDA001E6034E645FFA8
          File Content Preview:.ELF.....................@.`...4.........4. ...(.............@...@.....p...p.................D...D.....,............dt.Q............................<...'.q....!'.......................<...'.q....!... ....'9... ......................<...'.q....!........'9.

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, big endian
          Version:1 (current)
          Machine:MIPS R3000
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x400260
          Flags:0x1007
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:63120
          Section Header Size:40
          Number of Section Headers:14
          Header String Table Index:13

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x4000940x940x8c0x00x6AX004
          .textPROGBITS0x4001200x1200xe3500x00x6AX0016
          .finiPROGBITS0x40e4700xe4700x5c0x00x6AX004
          .rodataPROGBITS0x40e4d00xe4d00x5a00x00x2A0016
          .ctorsPROGBITS0x44f0000xf0000x80x00x3WA004
          .dtorsPROGBITS0x44f0080xf0080x80x00x3WA004
          .data.rel.roPROGBITS0x44f0140xf0140xc0x00x3WA004
          .dataPROGBITS0x44f0200xf0200x2700x00x3WA0016
          .gotPROGBITS0x44f2900xf2900x39c0x40x10000003WAp0016
          .sbssNOBITS0x44f62c0xf62c0x140x00x10000003WAp004
          .bssNOBITS0x44f6400xf62c0x11980x00x3WA0016
          .mdebug.abi32PROGBITS0x7740xf62c0x00x00x0001
          .shstrtabSTRTAB0x00xf62c0x640x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x4000000x4000000xea700xea705.42150x5R E0x10000.init .text .fini .rodata
          LOAD0xf0000x44f0000x44f0000x62c0x17d84.07230x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

          Network Behavior

          Download Network PCAP: filteredfull

          Suricata IDS Alerts

          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
          2025-01-19T03:27:56.842732+01002500034ET COMPROMISED Known Compromised or Hostile Host Traffic group 18283.222.191.9013566192.168.2.1342792TCP

          Network Port Distribution

          • Total Packets: 155
          • 13566 undefined
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Jan 19, 2025 03:27:56.493956089 CET5690813566192.168.2.1383.222.3.218
          Jan 19, 2025 03:27:56.499104023 CET135665690883.222.3.218192.168.2.13
          Jan 19, 2025 03:27:56.499167919 CET5690813566192.168.2.1383.222.3.218
          Jan 19, 2025 03:27:56.515809059 CET5690813566192.168.2.1383.222.3.218
          Jan 19, 2025 03:27:56.520718098 CET135665690883.222.3.218192.168.2.13
          Jan 19, 2025 03:27:56.520787954 CET5690813566192.168.2.1383.222.3.218
          Jan 19, 2025 03:27:56.533397913 CET3637013566192.168.2.1383.222.12.148
          Jan 19, 2025 03:27:56.538640976 CET135663637083.222.12.148192.168.2.13
          Jan 19, 2025 03:27:56.538713932 CET3637013566192.168.2.1383.222.12.148
          Jan 19, 2025 03:27:56.550893068 CET3637013566192.168.2.1383.222.12.148
          Jan 19, 2025 03:27:56.555907965 CET135663637083.222.12.148192.168.2.13
          Jan 19, 2025 03:27:56.555963039 CET3637013566192.168.2.1383.222.12.148
          Jan 19, 2025 03:27:56.556119919 CET4950613566192.168.2.1383.222.97.61
          Jan 19, 2025 03:27:56.561016083 CET135664950683.222.97.61192.168.2.13
          Jan 19, 2025 03:27:56.561070919 CET4950613566192.168.2.1383.222.97.61
          Jan 19, 2025 03:27:56.561945915 CET4720213566192.168.2.1383.222.188.112
          Jan 19, 2025 03:27:56.564249992 CET3581213566192.168.2.1383.222.111.95
          Jan 19, 2025 03:27:56.566823959 CET135664720283.222.188.112192.168.2.13
          Jan 19, 2025 03:27:56.566884995 CET4720213566192.168.2.1383.222.188.112
          Jan 19, 2025 03:27:56.569089890 CET135663581283.222.111.95192.168.2.13
          Jan 19, 2025 03:27:56.569150925 CET3581213566192.168.2.1383.222.111.95
          Jan 19, 2025 03:27:56.579643011 CET3847013566192.168.2.1383.222.76.26
          Jan 19, 2025 03:27:56.584060907 CET3538813566192.168.2.1383.222.220.160
          Jan 19, 2025 03:27:56.584778070 CET135663847083.222.76.26192.168.2.13
          Jan 19, 2025 03:27:56.584846020 CET3847013566192.168.2.1383.222.76.26
          Jan 19, 2025 03:27:56.588942051 CET135663538883.222.220.160192.168.2.13
          Jan 19, 2025 03:27:56.588999033 CET3538813566192.168.2.1383.222.220.160
          Jan 19, 2025 03:27:56.598891973 CET3538813566192.168.2.1383.222.220.160
          Jan 19, 2025 03:27:56.600698948 CET4814813566192.168.2.1383.222.3.166
          Jan 19, 2025 03:27:56.604033947 CET135663538883.222.220.160192.168.2.13
          Jan 19, 2025 03:27:56.604217052 CET3538813566192.168.2.1383.222.220.160
          Jan 19, 2025 03:27:56.604480028 CET5400213566192.168.2.1383.222.130.251
          Jan 19, 2025 03:27:56.605587006 CET135664814883.222.3.166192.168.2.13
          Jan 19, 2025 03:27:56.605638027 CET4814813566192.168.2.1383.222.3.166
          Jan 19, 2025 03:27:56.608926058 CET5683813566192.168.2.1383.222.123.21
          Jan 19, 2025 03:27:56.609456062 CET135665400283.222.130.251192.168.2.13
          Jan 19, 2025 03:27:56.609529972 CET5400213566192.168.2.1383.222.130.251
          Jan 19, 2025 03:27:56.613620043 CET5465613566192.168.2.1383.222.234.175
          Jan 19, 2025 03:27:56.613990068 CET135665683883.222.123.21192.168.2.13
          Jan 19, 2025 03:27:56.614146948 CET5683813566192.168.2.1383.222.123.21
          Jan 19, 2025 03:27:56.618464947 CET135665465683.222.234.175192.168.2.13
          Jan 19, 2025 03:27:56.618516922 CET5465613566192.168.2.1383.222.234.175
          Jan 19, 2025 03:27:56.620086908 CET3430813566192.168.2.1383.222.39.91
          Jan 19, 2025 03:27:56.624893904 CET135663430883.222.39.91192.168.2.13
          Jan 19, 2025 03:27:56.624932051 CET3430813566192.168.2.1383.222.39.91
          Jan 19, 2025 03:27:56.625463963 CET4962813566192.168.2.1383.222.104.198
          Jan 19, 2025 03:27:56.630273104 CET135664962883.222.104.198192.168.2.13
          Jan 19, 2025 03:27:56.630314112 CET4962813566192.168.2.1383.222.104.198
          Jan 19, 2025 03:27:56.630449057 CET4913013566192.168.2.1383.222.175.167
          Jan 19, 2025 03:27:56.635221958 CET135664913083.222.175.167192.168.2.13
          Jan 19, 2025 03:27:56.635245085 CET5727213566192.168.2.1383.222.217.203
          Jan 19, 2025 03:27:56.635260105 CET4913013566192.168.2.1383.222.175.167
          Jan 19, 2025 03:27:56.640192032 CET135665727283.222.217.203192.168.2.13
          Jan 19, 2025 03:27:56.640259981 CET5727213566192.168.2.1383.222.217.203
          Jan 19, 2025 03:27:56.641733885 CET4622413566192.168.2.1383.222.172.220
          Jan 19, 2025 03:27:56.646652937 CET135664622483.222.172.220192.168.2.13
          Jan 19, 2025 03:27:56.646712065 CET4622413566192.168.2.1383.222.172.220
          Jan 19, 2025 03:27:56.649629116 CET4734213566192.168.2.1383.222.166.184
          Jan 19, 2025 03:27:56.654330015 CET4796413566192.168.2.1383.222.113.7
          Jan 19, 2025 03:27:56.654598951 CET135664734283.222.166.184192.168.2.13
          Jan 19, 2025 03:27:56.654644966 CET4734213566192.168.2.1383.222.166.184
          Jan 19, 2025 03:27:56.659284115 CET135664796483.222.113.7192.168.2.13
          Jan 19, 2025 03:27:56.659356117 CET4796413566192.168.2.1383.222.113.7
          Jan 19, 2025 03:27:56.660562992 CET5188413566192.168.2.1383.222.245.45
          Jan 19, 2025 03:27:56.665282965 CET5088413566192.168.2.1383.222.120.101
          Jan 19, 2025 03:27:56.665518999 CET135665188483.222.245.45192.168.2.13
          Jan 19, 2025 03:27:56.665575981 CET5188413566192.168.2.1383.222.245.45
          Jan 19, 2025 03:27:56.666620016 CET5181013566192.168.2.1383.222.140.196
          Jan 19, 2025 03:27:56.670208931 CET135665088483.222.120.101192.168.2.13
          Jan 19, 2025 03:27:56.670254946 CET5088413566192.168.2.1383.222.120.101
          Jan 19, 2025 03:27:56.671444893 CET5674813566192.168.2.1383.222.127.104
          Jan 19, 2025 03:27:56.671475887 CET135665181083.222.140.196192.168.2.13
          Jan 19, 2025 03:27:56.671521902 CET5181013566192.168.2.1383.222.140.196
          Jan 19, 2025 03:27:56.673615932 CET5771813566192.168.2.1383.222.100.130
          Jan 19, 2025 03:27:56.675438881 CET4372413566192.168.2.1383.222.15.230
          Jan 19, 2025 03:27:56.676295996 CET135665674883.222.127.104192.168.2.13
          Jan 19, 2025 03:27:56.676345110 CET5674813566192.168.2.1383.222.127.104
          Jan 19, 2025 03:27:56.678472996 CET135665771883.222.100.130192.168.2.13
          Jan 19, 2025 03:27:56.678519964 CET5771813566192.168.2.1383.222.100.130
          Jan 19, 2025 03:27:56.680372000 CET135664372483.222.15.230192.168.2.13
          Jan 19, 2025 03:27:56.680433989 CET4372413566192.168.2.1383.222.15.230
          Jan 19, 2025 03:27:56.689398050 CET4372413566192.168.2.1383.222.15.230
          Jan 19, 2025 03:27:56.690179110 CET3534413566192.168.2.1383.222.125.138
          Jan 19, 2025 03:27:56.694730043 CET135664372483.222.15.230192.168.2.13
          Jan 19, 2025 03:27:56.694789886 CET4372413566192.168.2.1383.222.15.230
          Jan 19, 2025 03:27:56.696487904 CET135663534483.222.125.138192.168.2.13
          Jan 19, 2025 03:27:56.696547985 CET3534413566192.168.2.1383.222.125.138
          Jan 19, 2025 03:27:56.703398943 CET3650813566192.168.2.1383.222.251.103
          Jan 19, 2025 03:27:56.704386950 CET3825213566192.168.2.1383.222.58.34
          Jan 19, 2025 03:27:56.709222078 CET135663650883.222.251.103192.168.2.13
          Jan 19, 2025 03:27:56.709351063 CET3650813566192.168.2.1383.222.251.103
          Jan 19, 2025 03:27:56.710336924 CET135663825283.222.58.34192.168.2.13
          Jan 19, 2025 03:27:56.710386992 CET3825213566192.168.2.1383.222.58.34
          Jan 19, 2025 03:27:56.717931986 CET3730413566192.168.2.1383.222.195.162
          Jan 19, 2025 03:27:56.722585917 CET5566013566192.168.2.1383.222.233.114
          Jan 19, 2025 03:27:56.722805023 CET135663730483.222.195.162192.168.2.13
          Jan 19, 2025 03:27:56.722845078 CET3730413566192.168.2.1383.222.195.162
          Jan 19, 2025 03:27:56.725519896 CET4261413566192.168.2.1383.222.73.194
          Jan 19, 2025 03:27:56.727387905 CET135665566083.222.233.114192.168.2.13
          Jan 19, 2025 03:27:56.727428913 CET5566013566192.168.2.1383.222.233.114
          Jan 19, 2025 03:27:56.728435040 CET4092813566192.168.2.1383.222.62.245
          Jan 19, 2025 03:27:56.730351925 CET135664261483.222.73.194192.168.2.13
          Jan 19, 2025 03:27:56.730395079 CET4261413566192.168.2.1383.222.73.194
          Jan 19, 2025 03:27:56.731251955 CET5160613566192.168.2.1383.222.159.228
          Jan 19, 2025 03:27:56.733252048 CET135664092883.222.62.245192.168.2.13
          Jan 19, 2025 03:27:56.733299017 CET4092813566192.168.2.1383.222.62.245
          Jan 19, 2025 03:27:56.735985994 CET135665160683.222.159.228192.168.2.13
          Jan 19, 2025 03:27:56.736031055 CET5160613566192.168.2.1383.222.159.228
          Jan 19, 2025 03:27:56.737848997 CET5686413566192.168.2.1383.222.173.16
          Jan 19, 2025 03:27:56.742666006 CET135665686483.222.173.16192.168.2.13
          Jan 19, 2025 03:27:56.742710114 CET5686413566192.168.2.1383.222.173.16
          Jan 19, 2025 03:27:56.745057106 CET5686413566192.168.2.1383.222.173.16
          Jan 19, 2025 03:27:56.746546984 CET5844013566192.168.2.1383.222.235.163
          Jan 19, 2025 03:27:56.749598026 CET4814213566192.168.2.1383.222.61.99
          Jan 19, 2025 03:27:56.749973059 CET135665686483.222.173.16192.168.2.13
          Jan 19, 2025 03:27:56.750024080 CET5686413566192.168.2.1383.222.173.16
          Jan 19, 2025 03:27:56.751497984 CET135665844083.222.235.163192.168.2.13
          Jan 19, 2025 03:27:56.751544952 CET5844013566192.168.2.1383.222.235.163
          Jan 19, 2025 03:27:56.754482031 CET135664814283.222.61.99192.168.2.13
          Jan 19, 2025 03:27:56.754530907 CET4814213566192.168.2.1383.222.61.99
          Jan 19, 2025 03:27:56.756555080 CET5434013566192.168.2.1383.222.8.202
          Jan 19, 2025 03:27:56.761487007 CET135665434083.222.8.202192.168.2.13
          Jan 19, 2025 03:27:56.761549950 CET5434013566192.168.2.1383.222.8.202
          Jan 19, 2025 03:27:56.762268066 CET5434013566192.168.2.1383.222.8.202
          Jan 19, 2025 03:27:56.763262987 CET3849213566192.168.2.1383.222.39.135
          Jan 19, 2025 03:27:56.765568972 CET5825813566192.168.2.1383.222.50.139
          Jan 19, 2025 03:27:56.767179012 CET135665434083.222.8.202192.168.2.13
          Jan 19, 2025 03:27:56.767234087 CET5434013566192.168.2.1383.222.8.202
          Jan 19, 2025 03:27:56.767628908 CET3446813566192.168.2.1383.222.9.65
          Jan 19, 2025 03:27:56.768140078 CET135663849283.222.39.135192.168.2.13
          Jan 19, 2025 03:27:56.768183947 CET3849213566192.168.2.1383.222.39.135
          Jan 19, 2025 03:27:56.769846916 CET5725613566192.168.2.1383.222.113.134
          Jan 19, 2025 03:27:56.770452976 CET135665825883.222.50.139192.168.2.13
          Jan 19, 2025 03:27:56.770498991 CET5825813566192.168.2.1383.222.50.139
          Jan 19, 2025 03:27:56.772466898 CET135663446883.222.9.65192.168.2.13
          Jan 19, 2025 03:27:56.772504091 CET3446813566192.168.2.1383.222.9.65
          Jan 19, 2025 03:27:56.772733927 CET3465613566192.168.2.1383.222.204.109
          Jan 19, 2025 03:27:56.774655104 CET135665725683.222.113.134192.168.2.13
          Jan 19, 2025 03:27:56.774703026 CET5725613566192.168.2.1383.222.113.134
          Jan 19, 2025 03:27:56.776164055 CET4749013566192.168.2.1383.222.237.6
          Jan 19, 2025 03:27:56.777597904 CET135663465683.222.204.109192.168.2.13
          Jan 19, 2025 03:27:56.777637005 CET3465613566192.168.2.1383.222.204.109
          Jan 19, 2025 03:27:56.778858900 CET5720013566192.168.2.1383.222.143.176
          Jan 19, 2025 03:27:56.780651093 CET5107013566192.168.2.1383.222.168.120
          Jan 19, 2025 03:27:56.780971050 CET135664749083.222.237.6192.168.2.13
          Jan 19, 2025 03:27:56.781023026 CET4749013566192.168.2.1383.222.237.6
          Jan 19, 2025 03:27:56.782747984 CET4526813566192.168.2.1383.222.35.242
          Jan 19, 2025 03:27:56.783691883 CET135665720083.222.143.176192.168.2.13
          Jan 19, 2025 03:27:56.783735037 CET5720013566192.168.2.1383.222.143.176
          Jan 19, 2025 03:27:56.785126925 CET5230213566192.168.2.1383.222.59.97
          Jan 19, 2025 03:27:56.785474062 CET135665107083.222.168.120192.168.2.13
          Jan 19, 2025 03:27:56.785554886 CET5107013566192.168.2.1383.222.168.120
          Jan 19, 2025 03:27:56.787583113 CET135664526883.222.35.242192.168.2.13
          Jan 19, 2025 03:27:56.787625074 CET4526813566192.168.2.1383.222.35.242
          Jan 19, 2025 03:27:56.788543940 CET4259413566192.168.2.1383.222.231.218
          Jan 19, 2025 03:27:56.789956093 CET135665230283.222.59.97192.168.2.13
          Jan 19, 2025 03:27:56.790009975 CET5230213566192.168.2.1383.222.59.97
          Jan 19, 2025 03:27:56.791342974 CET5178013566192.168.2.1383.222.69.149
          Jan 19, 2025 03:27:56.793380976 CET135664259483.222.231.218192.168.2.13
          Jan 19, 2025 03:27:56.793426037 CET4259413566192.168.2.1383.222.231.218
          Jan 19, 2025 03:27:56.793447018 CET4610213566192.168.2.1383.222.234.48
          Jan 19, 2025 03:27:56.795676947 CET4781213566192.168.2.1383.222.56.39
          Jan 19, 2025 03:27:56.796185017 CET135665178083.222.69.149192.168.2.13
          Jan 19, 2025 03:27:56.796227932 CET5178013566192.168.2.1383.222.69.149
          Jan 19, 2025 03:27:56.797943115 CET4569613566192.168.2.1383.222.148.64
          Jan 19, 2025 03:27:56.798237085 CET135664610283.222.234.48192.168.2.13
          Jan 19, 2025 03:27:56.798274040 CET4610213566192.168.2.1383.222.234.48
          Jan 19, 2025 03:27:56.800076008 CET6044813566192.168.2.1383.222.241.187
          Jan 19, 2025 03:27:56.800550938 CET135664781283.222.56.39192.168.2.13
          Jan 19, 2025 03:27:56.800596952 CET4781213566192.168.2.1383.222.56.39
          Jan 19, 2025 03:27:56.802530050 CET5195413566192.168.2.1383.222.199.36
          Jan 19, 2025 03:27:56.802766085 CET135664569683.222.148.64192.168.2.13
          Jan 19, 2025 03:27:56.802814960 CET4569613566192.168.2.1383.222.148.64
          Jan 19, 2025 03:27:56.804533958 CET4487213566192.168.2.1383.222.71.208
          Jan 19, 2025 03:27:56.804944992 CET135666044883.222.241.187192.168.2.13
          Jan 19, 2025 03:27:56.804986954 CET6044813566192.168.2.1383.222.241.187
          Jan 19, 2025 03:27:56.807223082 CET4948813566192.168.2.1383.222.101.184
          Jan 19, 2025 03:27:56.807327032 CET135665195483.222.199.36192.168.2.13
          Jan 19, 2025 03:27:56.807378054 CET5195413566192.168.2.1383.222.199.36
          Jan 19, 2025 03:27:56.808947086 CET5348613566192.168.2.1383.222.86.49
          Jan 19, 2025 03:27:56.809381962 CET135664487283.222.71.208192.168.2.13
          Jan 19, 2025 03:27:56.809423923 CET4487213566192.168.2.1383.222.71.208
          Jan 19, 2025 03:27:56.811425924 CET6003813566192.168.2.1383.222.37.67
          Jan 19, 2025 03:27:56.812071085 CET135664948883.222.101.184192.168.2.13
          Jan 19, 2025 03:27:56.812119961 CET4948813566192.168.2.1383.222.101.184
          Jan 19, 2025 03:27:56.813200951 CET3803413566192.168.2.1383.222.55.181
          Jan 19, 2025 03:27:56.813755989 CET135665348683.222.86.49192.168.2.13
          Jan 19, 2025 03:27:56.813786030 CET5348613566192.168.2.1383.222.86.49
          Jan 19, 2025 03:27:56.815829039 CET4436613566192.168.2.1383.222.244.224
          Jan 19, 2025 03:27:56.816184998 CET135666003883.222.37.67192.168.2.13
          Jan 19, 2025 03:27:56.816231966 CET6003813566192.168.2.1383.222.37.67
          Jan 19, 2025 03:27:56.818080902 CET135663803483.222.55.181192.168.2.13
          Jan 19, 2025 03:27:56.818098068 CET4636213566192.168.2.1383.222.45.23
          Jan 19, 2025 03:27:56.818128109 CET3803413566192.168.2.1383.222.55.181
          Jan 19, 2025 03:27:56.820339918 CET4913813566192.168.2.1383.222.210.104
          Jan 19, 2025 03:27:56.820583105 CET135664436683.222.244.224192.168.2.13
          Jan 19, 2025 03:27:56.820621014 CET4436613566192.168.2.1383.222.244.224
          Jan 19, 2025 03:27:56.821468115 CET4938813566192.168.2.1383.222.120.185
          Jan 19, 2025 03:27:56.822433949 CET5074613566192.168.2.1383.222.66.189
          Jan 19, 2025 03:27:56.822886944 CET135664636283.222.45.23192.168.2.13
          Jan 19, 2025 03:27:56.822926044 CET4636213566192.168.2.1383.222.45.23
          Jan 19, 2025 03:27:56.823597908 CET3824613566192.168.2.1383.222.78.44
          Jan 19, 2025 03:27:56.824460030 CET5846813566192.168.2.1383.222.237.134
          Jan 19, 2025 03:27:56.825083971 CET135664913883.222.210.104192.168.2.13
          Jan 19, 2025 03:27:56.825122118 CET4913813566192.168.2.1383.222.210.104
          Jan 19, 2025 03:27:56.825349092 CET5629213566192.168.2.1383.222.84.129
          Jan 19, 2025 03:27:56.826272964 CET135664938883.222.120.185192.168.2.13
          Jan 19, 2025 03:27:56.826308966 CET4938813566192.168.2.1383.222.120.185
          Jan 19, 2025 03:27:56.827183962 CET135665074683.222.66.189192.168.2.13
          Jan 19, 2025 03:27:56.827231884 CET5074613566192.168.2.1383.222.66.189
          Jan 19, 2025 03:27:56.828406096 CET135663824683.222.78.44192.168.2.13
          Jan 19, 2025 03:27:56.828459024 CET3824613566192.168.2.1383.222.78.44
          Jan 19, 2025 03:27:56.829287052 CET135665846883.222.237.134192.168.2.13
          Jan 19, 2025 03:27:56.829441071 CET5846813566192.168.2.1383.222.237.134
          Jan 19, 2025 03:27:56.830180883 CET135665629283.222.84.129192.168.2.13
          Jan 19, 2025 03:27:56.830229998 CET5629213566192.168.2.1383.222.84.129
          Jan 19, 2025 03:27:56.837955952 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:27:56.842731953 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:27:56.842778921 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:27:56.844387054 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:27:56.850033045 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:27:56.850115061 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:27:56.855489969 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:28:06.854954958 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:28:06.860296011 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:28:07.359489918 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:28:07.359628916 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:28:07.497812986 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:28:07.497914076 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:29:07.541021109 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:29:07.546104908 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:29:07.748541117 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:29:07.748796940 CET4279213566192.168.2.1383.222.191.90
          Jan 19, 2025 03:29:08.445868015 CET135664279283.222.191.90192.168.2.13
          Jan 19, 2025 03:29:08.446314096 CET4279213566192.168.2.1383.222.191.90
          TimestampSource PortDest PortSource IPDest IP
          Jan 19, 2025 03:27:56.827630043 CET3836753192.168.2.138.8.8.8
          Jan 19, 2025 03:27:56.836941957 CET53383678.8.8.8192.168.2.13

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jan 19, 2025 03:27:56.827630043 CET192.168.2.138.8.8.80xe67fStandard query (0)secure-network-rebirthltd.ruA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jan 19, 2025 03:27:56.836941957 CET8.8.8.8192.168.2.130xe67fNo error (0)secure-network-rebirthltd.ru83.222.191.90A (IP address)IN (0x0001)false

          System Behavior

          General

          Start time (UTC):02:27:55
          Start date (UTC):19/01/2025
          Path:/tmp/loki.mips.elf
          Arguments:/tmp/loki.mips.elf
          File size:5777432 bytes
          MD5 hash:0083f1f0e77be34ad27f849842bbb00c

          File Activities

          Process Activities

          System Activities

          Network Activities


          General

          Start time (UTC):02:27:55
          Start date (UTC):19/01/2025
          Path:/tmp/loki.mips.elf
          Arguments:-
          File size:5777432 bytes
          MD5 hash:0083f1f0e77be34ad27f849842bbb00c

          File Activities

          Process Activities


          General

          Start time (UTC):02:27:55
          Start date (UTC):19/01/2025
          Path:/tmp/loki.mips.elf
          Arguments:-
          File size:5777432 bytes
          MD5 hash:0083f1f0e77be34ad27f849842bbb00c

          Process Activities

          Network Activities