Edit tour

Linux Analysis Report
loki.x86.elf

Overview

General Information

Sample name:	loki.x86.elf
Analysis ID:	1594500
MD5:	d3f5b03d0c1f593d02669ad6c84ce650
SHA1:	b6b5361e1b28b1f26519da89a1c71ac7f2c12f6b
SHA256:	009ec58219f65cb25abccdcc12c9096aae5ac313605e19ba37634c9676425124
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Machine Learning detection for sample

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Suricata IDS alerts with low severity for network traffic

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1594500
Start date and time:	2025-01-19 03:37:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	loki.x86.elf
Detection:	MAL
Classification:	mal52.linELF@0/0@1/0

Runtime Messages

Command:	/tmp/loki.x86.elf
PID:	6249
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	suka
Standard Error:

Process Tree

system is lnxubuntu20

loki.x86.elf (PID: 6249, Parent: 6175, MD5: d3f5b03d0c1f593d02669ad6c84ce650) Arguments: /tmp/loki.x86.elf

loki.x86.elf New Fork (PID: 6250, Parent: 6249)

loki.x86.elf New Fork (PID: 6251, Parent: 6249)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
loki.x86.elf	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4840:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
loki.x86.elf	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x69d2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
loki.x86.elf	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0x88f6:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
loki.x86.elf	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0x73b4:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
loki.x86.elf	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x69a2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

Memory Dumps

Source	Rule	Description	Author	Strings
6250.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4840:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6250.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x69d2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6250.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0x88f6:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6250.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0x73b4:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6250.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x69a2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6249.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4840:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6249.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0x69d2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6249.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0x88f6:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6249.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0x73b4:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6249.1.0000000008048000.0000000008053000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x69a2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
Click to see the 5 entries

Suricata Signatures

ET COMPROMISED Known Compromised or Hostile Host Traffic group 18

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-19T03:37:54.625800+0100	2500034	2	Misc Attack	83.222.191.90	13566	192.168.2.23	42750	TCP

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Machine Learning detection for sample

Source: loki.x86.elf

Joe Sandbox ML: detected

Source: global traffic	TCP traffic: 192.168.2.23:52720 -> 83.222.96.67:13566
Source: global traffic	TCP traffic: 192.168.2.23:53250 -> 83.222.103.245:13566
Source: global traffic	TCP traffic: 192.168.2.23:34580 -> 83.222.87.142:13566
Source: global traffic	TCP traffic: 192.168.2.23:59700 -> 83.222.78.237:13566
Source: global traffic	TCP traffic: 192.168.2.23:44696 -> 83.222.118.91:13566
Source: global traffic	TCP traffic: 192.168.2.23:42110 -> 83.222.140.194:13566
Source: global traffic	TCP traffic: 192.168.2.23:54340 -> 83.222.119.76:13566
Source: global traffic	TCP traffic: 192.168.2.23:59270 -> 83.222.183.136:13566
Source: global traffic	TCP traffic: 192.168.2.23:35972 -> 83.222.152.17:13566
Source: global traffic	TCP traffic: 192.168.2.23:54610 -> 83.222.40.112:13566
Source: global traffic	TCP traffic: 192.168.2.23:33290 -> 83.222.230.25:13566
Source: global traffic	TCP traffic: 192.168.2.23:44848 -> 83.222.212.238:13566
Source: global traffic	TCP traffic: 192.168.2.23:34708 -> 83.222.44.150:13566
Source: global traffic	TCP traffic: 192.168.2.23:33282 -> 83.222.139.151:13566
Source: global traffic	TCP traffic: 192.168.2.23:42160 -> 83.222.204.106:13566
Source: global traffic	TCP traffic: 192.168.2.23:51832 -> 83.222.22.21:13566
Source: global traffic	TCP traffic: 192.168.2.23:47804 -> 83.222.55.148:13566
Source: global traffic	TCP traffic: 192.168.2.23:55878 -> 83.222.244.115:13566
Source: global traffic	TCP traffic: 192.168.2.23:36742 -> 83.222.93.129:13566
Source: global traffic	TCP traffic: 192.168.2.23:45304 -> 83.222.53.211:13566
Source: global traffic	TCP traffic: 192.168.2.23:37818 -> 83.222.215.227:13566
Source: global traffic	TCP traffic: 192.168.2.23:43432 -> 83.222.61.4:13566
Source: global traffic	TCP traffic: 192.168.2.23:44548 -> 83.222.114.84:13566
Source: global traffic	TCP traffic: 192.168.2.23:44410 -> 83.222.26.88:13566
Source: global traffic	TCP traffic: 192.168.2.23:60574 -> 83.222.37.112:13566
Source: global traffic	TCP traffic: 192.168.2.23:52798 -> 83.222.220.2:13566
Source: global traffic	TCP traffic: 192.168.2.23:34722 -> 83.222.109.145:13566
Source: global traffic	TCP traffic: 192.168.2.23:39172 -> 83.222.164.36:13566
Source: global traffic	TCP traffic: 192.168.2.23:40030 -> 83.222.25.120:13566
Source: global traffic	TCP traffic: 192.168.2.23:51522 -> 83.222.19.70:13566
Source: global traffic	TCP traffic: 192.168.2.23:43348 -> 83.222.14.74:13566
Source: global traffic	TCP traffic: 192.168.2.23:34392 -> 83.222.225.177:13566
Source: global traffic	TCP traffic: 192.168.2.23:48738 -> 83.222.125.7:13566
Source: global traffic	TCP traffic: 192.168.2.23:35214 -> 83.222.33.113:13566
Source: global traffic	TCP traffic: 192.168.2.23:43234 -> 83.222.122.126:13566
Source: global traffic	TCP traffic: 192.168.2.23:41382 -> 83.222.242.176:13566
Source: global traffic	TCP traffic: 192.168.2.23:56834 -> 83.222.81.206:13566
Source: global traffic	TCP traffic: 192.168.2.23:51526 -> 83.222.218.154:13566
Source: global traffic	TCP traffic: 192.168.2.23:43800 -> 83.222.211.36:13566
Source: global traffic	TCP traffic: 192.168.2.23:58340 -> 83.222.227.237:13566
Source: global traffic	TCP traffic: 192.168.2.23:46702 -> 83.222.178.143:13566
Source: global traffic	TCP traffic: 192.168.2.23:43288 -> 83.222.124.80:13566
Source: global traffic	TCP traffic: 192.168.2.23:51532 -> 83.222.126.32:13566
Source: global traffic	TCP traffic: 192.168.2.23:52938 -> 83.222.117.151:13566
Source: global traffic	TCP traffic: 192.168.2.23:59228 -> 83.222.153.136:13566
Source: global traffic	TCP traffic: 192.168.2.23:35150 -> 83.222.221.167:13566
Source: global traffic	TCP traffic: 192.168.2.23:46734 -> 83.222.210.183:13566
Source: global traffic	TCP traffic: 192.168.2.23:45488 -> 83.222.65.179:13566
Source: global traffic	TCP traffic: 192.168.2.23:51272 -> 83.222.105.190:13566
Source: global traffic	TCP traffic: 192.168.2.23:53752 -> 83.222.186.138:13566
Source: global traffic	TCP traffic: 192.168.2.23:60654 -> 83.222.9.34:13566
Source: global traffic	TCP traffic: 192.168.2.23:60408 -> 83.222.48.53:13566
Source: global traffic	TCP traffic: 192.168.2.23:55046 -> 83.222.229.90:13566
Source: global traffic	TCP traffic: 192.168.2.23:55770 -> 83.222.241.151:13566
Source: global traffic	TCP traffic: 192.168.2.23:35298 -> 83.222.187.204:13566
Source: global traffic	TCP traffic: 192.168.2.23:43984 -> 83.222.233.196:13566
Source: global traffic	TCP traffic: 192.168.2.23:52980 -> 83.222.29.47:13566
Source: global traffic	TCP traffic: 192.168.2.23:57034 -> 83.222.177.55:13566
Source: global traffic	TCP traffic: 192.168.2.23:42594 -> 83.222.87.146:13566
Source: global traffic	TCP traffic: 192.168.2.23:46012 -> 83.222.198.240:13566
Source: global traffic	TCP traffic: 192.168.2.23:56630 -> 83.222.26.164:13566
Source: global traffic	TCP traffic: 192.168.2.23:45212 -> 83.222.152.236:13566
Source: global traffic	TCP traffic: 192.168.2.23:36630 -> 83.222.91.217:13566
Source: global traffic	TCP traffic: 192.168.2.23:36214 -> 83.222.79.200:13566
Source: global traffic	TCP traffic: 192.168.2.23:59414 -> 83.222.143.88:13566
Source: global traffic	TCP traffic: 192.168.2.23:57270 -> 83.222.234.116:13566
Source: global traffic	TCP traffic: 192.168.2.23:45066 -> 83.222.178.219:13566
Source: global traffic	TCP traffic: 192.168.2.23:46378 -> 83.222.253.133:13566
Source: global traffic	TCP traffic: 192.168.2.23:57758 -> 83.222.127.84:13566
Source: global traffic	TCP traffic: 192.168.2.23:49406 -> 83.222.23.70:13566
Source: global traffic	TCP traffic: 192.168.2.23:48678 -> 83.222.234.221:13566
Source: global traffic	TCP traffic: 192.168.2.23:58244 -> 83.222.159.196:13566
Source: global traffic	TCP traffic: 192.168.2.23:42374 -> 83.222.152.90:13566
Source: global traffic	TCP traffic: 192.168.2.23:46438 -> 83.222.11.156:13566
Source: global traffic	TCP traffic: 192.168.2.23:43104 -> 83.222.159.198:13566
Source: global traffic	TCP traffic: 192.168.2.23:54146 -> 83.222.69.49:13566
Source: global traffic	TCP traffic: 192.168.2.23:48882 -> 83.222.10.78:13566
Source: global traffic	TCP traffic: 192.168.2.23:48964 -> 83.222.104.80:13566
Source: global traffic	TCP traffic: 192.168.2.23:49100 -> 83.222.182.189:13566
Source: global traffic	TCP traffic: 192.168.2.23:51854 -> 83.222.23.89:13566
Source: global traffic	TCP traffic: 192.168.2.23:59242 -> 83.222.22.166:13566
Source: global traffic	TCP traffic: 192.168.2.23:43884 -> 83.222.29.69:13566
Source: global traffic	TCP traffic: 192.168.2.23:43860 -> 83.222.26.99:13566
Source: global traffic	TCP traffic: 192.168.2.23:60366 -> 83.222.177.1:13566
Source: global traffic	TCP traffic: 192.168.2.23:51618 -> 83.222.220.37:13566
Source: global traffic	TCP traffic: 192.168.2.23:47606 -> 83.222.255.124:13566
Source: global traffic	TCP traffic: 192.168.2.23:51588 -> 83.222.235.104:13566
Source: global traffic	TCP traffic: 192.168.2.23:36400 -> 83.222.204.232:13566
Source: global traffic	TCP traffic: 192.168.2.23:42980 -> 83.222.237.76:13566
Source: global traffic	TCP traffic: 192.168.2.23:36190 -> 83.222.60.5:13566
Source: global traffic	TCP traffic: 192.168.2.23:53356 -> 83.222.146.129:13566
Source: global traffic	TCP traffic: 192.168.2.23:42420 -> 83.222.54.124:13566
Source: global traffic	TCP traffic: 192.168.2.23:36418 -> 83.222.94.84:13566
Source: global traffic	TCP traffic: 192.168.2.23:56276 -> 83.222.193.21:13566
Source: global traffic	TCP traffic: 192.168.2.23:52164 -> 83.222.99.40:13566
Source: global traffic	TCP traffic: 192.168.2.23:59846 -> 83.222.36.122:13566
Source: global traffic	TCP traffic: 192.168.2.23:51408 -> 83.222.123.232:13566
Source: global traffic	TCP traffic: 192.168.2.23:43800 -> 83.222.211.248:13566
Source: global traffic	TCP traffic: 192.168.2.23:44286 -> 83.222.206.213:13566
Source: global traffic	TCP traffic: 192.168.2.23:49620 -> 83.222.17.203:13566
Source: global traffic	TCP traffic: 192.168.2.23:42688 -> 83.222.57.87:13566
Source: global traffic	TCP traffic: 192.168.2.23:44252 -> 83.222.13.56:13566
Source: global traffic	TCP traffic: 192.168.2.23:36396 -> 83.222.160.160:13566
Source: global traffic	TCP traffic: 192.168.2.23:42750 -> 83.222.191.90:13566

Source: Network traffic

Suricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.23:42750

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.96.67
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.103.245
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.87.142
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.78.237
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.118.91
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.140.194
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.119.76
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.183.136
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.152.17
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.40.112
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.230.25
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.212.238
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.44.150
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.139.151
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.204.106
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.22.21
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.55.148
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.244.115
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.93.129
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.53.211
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.215.227
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.61.4
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.114.84
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.26.88
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.37.112
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.220.2
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.109.145
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.164.36
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.25.120
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.19.70
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.14.74
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.225.177
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.125.7
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.33.113
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.122.126
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.242.176
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.81.206
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.218.154
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.211.36
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.227.237
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.178.143
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.124.80
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.126.32
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.117.151
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.153.136
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.221.167
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.65.179
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.105.190
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.186.138

Source: global traffic

DNS traffic detected: DNS query: secure-network-rebirthltd.ru

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: loki.x86.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6250.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6249.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26

Source: classification engine

Classification label: mal52.linELF@0/0@1/0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
loki.x86.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
secure-network-rebirthltd.ru	83.222.191.90	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
83.222.198.240	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.152.17	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.241.151	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.183.136	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.61.4	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.19.70	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.22.166	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.91.217	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.152.90	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.122.126	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.29.47	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.211.248	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.229.90	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.177.1	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.81.206	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.211.36	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.234.116	unknown	United Kingdom	13768	COGECO-PEER1CA	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false
83.222.54.124	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.94.84	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.160.160	unknown	Bulgaria	49040	KIG-UNISAT-TVBG	false
83.222.65.179	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.220.37	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.23.70	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.178.219	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.22.21	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.36.122	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.225.177	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.40.112	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.242.176	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.124.80	unknown	Russian Federation	47328	TRI-ASTrueRecordsIncES	false
83.222.143.88	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.123.232	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.210.183	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.187.204	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.53.211	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.204.232	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.193.21	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.206.213	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.118.91	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.204.106	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.191.90	secure-network-rebirthltd.ru	Bulgaria	43561	NET1-ASBG	false
83.222.237.76	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.14.74	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.104.80	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.99.40	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.140.194	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.234.221	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.186.138	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.48.53	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.233.196	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.215.227	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.11.156	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.13.56	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.44.150	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.37.112	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.178.143	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.9.34	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.109.145	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.26.99	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.96.67	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.218.154	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.126.32	unknown	Russian Federation	47328	TRI-ASTrueRecordsIncES	false
83.222.87.142	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.127.84	unknown	Russian Federation	47328	TRI-ASTrueRecordsIncES	false
83.222.164.36	unknown	Bulgaria	31037	WAVENETLB	false
83.222.87.146	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.221.167	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.139.151	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.119.76	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.230.25	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.79.200	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.220.2	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.212.238	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.153.136	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.26.164	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.60.5	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.235.104	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.55.148	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.17.203	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.159.198	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.29.69	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.25.120	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.10.78	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.182.189	unknown	Bulgaria	205872	EXTRANET-ASBG	false
83.222.23.89	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.159.196	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.177.55	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.69.49	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.255.124	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.78.237	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.253.133	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.117.151	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
83.222.244.115	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.57.87	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.93.129	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.146.129	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.33.113	unknown	Luxembourg	8632	LOL-ASluLU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
91.189.91.43	Kloki.mips.elf	Get hash	malicious	Unknown	Browse
	loki.arm7.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	loki.arc.elf	Get hash	malicious	Unknown	Browse
	Kloki.arm5.elf	Get hash	malicious	Unknown	Browse
	Kloki.arm7.elf	Get hash	malicious	Mirai	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	arm.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	Kloki.mips.elf	Get hash	malicious	Unknown	Browse
	loki.arm7.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	loki.arc.elf	Get hash	malicious	Unknown	Browse
	Kloki.arm5.elf	Get hash	malicious	Unknown	Browse
	Kloki.arm7.elf	Get hash	malicious	Mirai	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	arm.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
secure-network-rebirthltd.ru	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.191.90
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.191.90

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
COGECO-PEER1CA	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.232.116
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.237.134
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.224.99
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.247.103
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.224.152
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.243.167
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.228.152
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.254.156
	loki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.233.216
	loki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.240.133
SYNTERRA-ASRU	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.210.211
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.195.162
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.195.159
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.196.148
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.194.13
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.195.110
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.206.80
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.211.104
	loki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.195.237
	loki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.211.69
GCN-ASGCNAD-SofiaBulgariaBG	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.174.216
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.175.167
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.176.33
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.177.157
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.173.11
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.166.158
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.169.136
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.166.153
	loki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.169.206
	loki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.173.171
SENSELAN-ASsenseLANGmbHCH	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.128.248
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.140.196
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.135.55
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.153.195
	Kloki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.136.251
	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.152.112
	loki.mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.154.185
	loki.i486.elf	Get hash	malicious	Unknown	Browse	83.222.144.139
	loki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.159.6
	loki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.155.1

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.362189907836288
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	loki.x86.elf
File size:	42'000 bytes
MD5:	d3f5b03d0c1f593d02669ad6c84ce650
SHA1:	b6b5361e1b28b1f26519da89a1c71ac7f2c12f6b
SHA256:	009ec58219f65cb25abccdcc12c9096aae5ac313605e19ba37634c9676425124
SHA512:	d0b8189d690ed8dc22b32cd93f545931828a0503266b116cf531ecd598e95c36a24073812b994263e89041f016ae1c96fffc48256a9acde1bdac5eb2f518579c
SSDEEP:	768:05mu0Vbue2KZrBnnas5AcRU+UtbjTx+tOoIiWdqAT:05mu0Vbue2KZrpas55RU3tfNkO/iwqAT
TLSH:	7F133AC4A813E9F5FC1906752077FB768B77F53A111CE997C3A9E937A842A01E60A34C
File Content Preview:	.ELF....................d...4...........4. ...(..............................................0...0......\|...........Q.td............................U..S............h....#...[]...$.............U......=@2...t..5.....0......0......u........t....h. ..........

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	41600
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0x9846	0x0	0x6	AX	16
.fini	PROGBITS	0x80518f6	0x98f6	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x8051920	0x9920	0x780	0x0	0x2	A	32
.ctors	PROGBITS	0x80530a4	0xa0a4	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x80530ac	0xa0ac	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x80530e0	0xa0e0	0x160	0x0	0x3	WA	32
.bss	NOBITS	0x8053240	0xa240	0x14e0	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0xa240	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0xa0a0	0xa0a0	6.3898	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xa0a4	0x80530a4	0x80530a4	0x19c	0x167c	4.2336	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-19T03:37:54.625800+0100	2500034	ET COMPROMISED Known Compromised or Hostile Host Traffic group 18	2	83.222.191.90	13566	192.168.2.23	42750	TCP

Network Port Distribution

Total Packets: 224
• 13566 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 19, 2025 03:37:53.178792000 CET	43928	443	192.168.2.23	91.189.91.42
Jan 19, 2025 03:37:54.606578112 CET	52720	13566	192.168.2.23	83.222.96.67
Jan 19, 2025 03:37:54.606645107 CET	53250	13566	192.168.2.23	83.222.103.245
Jan 19, 2025 03:37:54.606642008 CET	34580	13566	192.168.2.23	83.222.87.142
Jan 19, 2025 03:37:54.606749058 CET	59700	13566	192.168.2.23	83.222.78.237
Jan 19, 2025 03:37:54.606749058 CET	44696	13566	192.168.2.23	83.222.118.91
Jan 19, 2025 03:37:54.606750965 CET	42110	13566	192.168.2.23	83.222.140.194
Jan 19, 2025 03:37:54.606750965 CET	54340	13566	192.168.2.23	83.222.119.76
Jan 19, 2025 03:37:54.606759071 CET	59270	13566	192.168.2.23	83.222.183.136
Jan 19, 2025 03:37:54.606781006 CET	35972	13566	192.168.2.23	83.222.152.17
Jan 19, 2025 03:37:54.606781006 CET	54610	13566	192.168.2.23	83.222.40.112
Jan 19, 2025 03:37:54.606781006 CET	33290	13566	192.168.2.23	83.222.230.25
Jan 19, 2025 03:37:54.606791973 CET	44848	13566	192.168.2.23	83.222.212.238
Jan 19, 2025 03:37:54.606792927 CET	34708	13566	192.168.2.23	83.222.44.150
Jan 19, 2025 03:37:54.606823921 CET	33282	13566	192.168.2.23	83.222.139.151
Jan 19, 2025 03:37:54.606842995 CET	42160	13566	192.168.2.23	83.222.204.106
Jan 19, 2025 03:37:54.606842995 CET	51832	13566	192.168.2.23	83.222.22.21
Jan 19, 2025 03:37:54.606842995 CET	47804	13566	192.168.2.23	83.222.55.148
Jan 19, 2025 03:37:54.606858015 CET	55878	13566	192.168.2.23	83.222.244.115
Jan 19, 2025 03:37:54.606869936 CET	36742	13566	192.168.2.23	83.222.93.129
Jan 19, 2025 03:37:54.606890917 CET	45304	13566	192.168.2.23	83.222.53.211
Jan 19, 2025 03:37:54.606899023 CET	37818	13566	192.168.2.23	83.222.215.227
Jan 19, 2025 03:37:54.606906891 CET	43432	13566	192.168.2.23	83.222.61.4
Jan 19, 2025 03:37:54.606920958 CET	44548	13566	192.168.2.23	83.222.114.84
Jan 19, 2025 03:37:54.606933117 CET	44410	13566	192.168.2.23	83.222.26.88
Jan 19, 2025 03:37:54.606933117 CET	60574	13566	192.168.2.23	83.222.37.112
Jan 19, 2025 03:37:54.606933117 CET	52798	13566	192.168.2.23	83.222.220.2
Jan 19, 2025 03:37:54.606950998 CET	34722	13566	192.168.2.23	83.222.109.145
Jan 19, 2025 03:37:54.606960058 CET	39172	13566	192.168.2.23	83.222.164.36
Jan 19, 2025 03:37:54.606973886 CET	40030	13566	192.168.2.23	83.222.25.120
Jan 19, 2025 03:37:54.606990099 CET	51522	13566	192.168.2.23	83.222.19.70
Jan 19, 2025 03:37:54.607029915 CET	43348	13566	192.168.2.23	83.222.14.74
Jan 19, 2025 03:37:54.607045889 CET	34392	13566	192.168.2.23	83.222.225.177
Jan 19, 2025 03:37:54.607054949 CET	48738	13566	192.168.2.23	83.222.125.7
Jan 19, 2025 03:37:54.607080936 CET	35214	13566	192.168.2.23	83.222.33.113
Jan 19, 2025 03:37:54.607129097 CET	43234	13566	192.168.2.23	83.222.122.126
Jan 19, 2025 03:37:54.607129097 CET	41382	13566	192.168.2.23	83.222.242.176
Jan 19, 2025 03:37:54.607130051 CET	56834	13566	192.168.2.23	83.222.81.206
Jan 19, 2025 03:37:54.607152939 CET	51526	13566	192.168.2.23	83.222.218.154
Jan 19, 2025 03:37:54.607156992 CET	43800	13566	192.168.2.23	83.222.211.36
Jan 19, 2025 03:37:54.607183933 CET	58340	13566	192.168.2.23	83.222.227.237
Jan 19, 2025 03:37:54.607183933 CET	46702	13566	192.168.2.23	83.222.178.143
Jan 19, 2025 03:37:54.607208967 CET	43288	13566	192.168.2.23	83.222.124.80
Jan 19, 2025 03:37:54.607211113 CET	51532	13566	192.168.2.23	83.222.126.32
Jan 19, 2025 03:37:54.607219934 CET	52938	13566	192.168.2.23	83.222.117.151
Jan 19, 2025 03:37:54.607234001 CET	59228	13566	192.168.2.23	83.222.153.136
Jan 19, 2025 03:37:54.607251883 CET	35150	13566	192.168.2.23	83.222.221.167
Jan 19, 2025 03:37:54.607269049 CET	46734	13566	192.168.2.23	83.222.210.183
Jan 19, 2025 03:37:54.607306004 CET	45488	13566	192.168.2.23	83.222.65.179
Jan 19, 2025 03:37:54.607306004 CET	51272	13566	192.168.2.23	83.222.105.190
Jan 19, 2025 03:37:54.607343912 CET	53752	13566	192.168.2.23	83.222.186.138
Jan 19, 2025 03:37:54.607347965 CET	60654	13566	192.168.2.23	83.222.9.34
Jan 19, 2025 03:37:54.607353926 CET	60408	13566	192.168.2.23	83.222.48.53
Jan 19, 2025 03:37:54.607383966 CET	55046	13566	192.168.2.23	83.222.229.90
Jan 19, 2025 03:37:54.607383966 CET	55770	13566	192.168.2.23	83.222.241.151
Jan 19, 2025 03:37:54.607393980 CET	35298	13566	192.168.2.23	83.222.187.204
Jan 19, 2025 03:37:54.607398987 CET	43984	13566	192.168.2.23	83.222.233.196
Jan 19, 2025 03:37:54.607423067 CET	52980	13566	192.168.2.23	83.222.29.47
Jan 19, 2025 03:37:54.607423067 CET	57034	13566	192.168.2.23	83.222.177.55
Jan 19, 2025 03:37:54.607434034 CET	42594	13566	192.168.2.23	83.222.87.146
Jan 19, 2025 03:37:54.607445955 CET	46012	13566	192.168.2.23	83.222.198.240
Jan 19, 2025 03:37:54.607460022 CET	56630	13566	192.168.2.23	83.222.26.164
Jan 19, 2025 03:37:54.607475042 CET	45212	13566	192.168.2.23	83.222.152.236
Jan 19, 2025 03:37:54.607482910 CET	36630	13566	192.168.2.23	83.222.91.217
Jan 19, 2025 03:37:54.607522011 CET	36214	13566	192.168.2.23	83.222.79.200
Jan 19, 2025 03:37:54.607537031 CET	59414	13566	192.168.2.23	83.222.143.88
Jan 19, 2025 03:37:54.607553959 CET	57270	13566	192.168.2.23	83.222.234.116
Jan 19, 2025 03:37:54.607570887 CET	45066	13566	192.168.2.23	83.222.178.219
Jan 19, 2025 03:37:54.607628107 CET	46378	13566	192.168.2.23	83.222.253.133
Jan 19, 2025 03:37:54.607637882 CET	57758	13566	192.168.2.23	83.222.127.84
Jan 19, 2025 03:37:54.607649088 CET	49406	13566	192.168.2.23	83.222.23.70
Jan 19, 2025 03:37:54.607665062 CET	48678	13566	192.168.2.23	83.222.234.221
Jan 19, 2025 03:37:54.607669115 CET	58244	13566	192.168.2.23	83.222.159.196
Jan 19, 2025 03:37:54.607669115 CET	42374	13566	192.168.2.23	83.222.152.90
Jan 19, 2025 03:37:54.607669115 CET	46438	13566	192.168.2.23	83.222.11.156
Jan 19, 2025 03:37:54.607669115 CET	43104	13566	192.168.2.23	83.222.159.198
Jan 19, 2025 03:37:54.607669115 CET	54146	13566	192.168.2.23	83.222.69.49
Jan 19, 2025 03:37:54.607738972 CET	48882	13566	192.168.2.23	83.222.10.78
Jan 19, 2025 03:37:54.607742071 CET	48964	13566	192.168.2.23	83.222.104.80
Jan 19, 2025 03:37:54.607742071 CET	49100	13566	192.168.2.23	83.222.182.189
Jan 19, 2025 03:37:54.607757092 CET	51854	13566	192.168.2.23	83.222.23.89
Jan 19, 2025 03:37:54.607788086 CET	59242	13566	192.168.2.23	83.222.22.166
Jan 19, 2025 03:37:54.607788086 CET	43884	13566	192.168.2.23	83.222.29.69
Jan 19, 2025 03:37:54.607829094 CET	43860	13566	192.168.2.23	83.222.26.99
Jan 19, 2025 03:37:54.607832909 CET	60366	13566	192.168.2.23	83.222.177.1
Jan 19, 2025 03:37:54.607846975 CET	51618	13566	192.168.2.23	83.222.220.37
Jan 19, 2025 03:37:54.607860088 CET	47606	13566	192.168.2.23	83.222.255.124
Jan 19, 2025 03:37:54.607867002 CET	51588	13566	192.168.2.23	83.222.235.104
Jan 19, 2025 03:37:54.607881069 CET	36400	13566	192.168.2.23	83.222.204.232
Jan 19, 2025 03:37:54.607897997 CET	42980	13566	192.168.2.23	83.222.237.76
Jan 19, 2025 03:37:54.607911110 CET	36190	13566	192.168.2.23	83.222.60.5
Jan 19, 2025 03:37:54.607949018 CET	53356	13566	192.168.2.23	83.222.146.129
Jan 19, 2025 03:37:54.607949018 CET	42420	13566	192.168.2.23	83.222.54.124
Jan 19, 2025 03:37:54.607974052 CET	36418	13566	192.168.2.23	83.222.94.84
Jan 19, 2025 03:37:54.607994080 CET	56276	13566	192.168.2.23	83.222.193.21
Jan 19, 2025 03:37:54.608017921 CET	52164	13566	192.168.2.23	83.222.99.40
Jan 19, 2025 03:37:54.608028889 CET	59846	13566	192.168.2.23	83.222.36.122
Jan 19, 2025 03:37:54.608068943 CET	51408	13566	192.168.2.23	83.222.123.232
Jan 19, 2025 03:37:54.608110905 CET	43800	13566	192.168.2.23	83.222.211.248
Jan 19, 2025 03:37:54.608117104 CET	44286	13566	192.168.2.23	83.222.206.213
Jan 19, 2025 03:37:54.608117104 CET	49620	13566	192.168.2.23	83.222.17.203
Jan 19, 2025 03:37:54.608117104 CET	42688	13566	192.168.2.23	83.222.57.87
Jan 19, 2025 03:37:54.608118057 CET	44252	13566	192.168.2.23	83.222.13.56
Jan 19, 2025 03:37:54.608207941 CET	36396	13566	192.168.2.23	83.222.160.160
Jan 19, 2025 03:37:54.611670971 CET	13566	52720	83.222.96.67	192.168.2.23
Jan 19, 2025 03:37:54.611713886 CET	13566	34580	83.222.87.142	192.168.2.23
Jan 19, 2025 03:37:54.611728907 CET	52720	13566	192.168.2.23	83.222.96.67
Jan 19, 2025 03:37:54.611743927 CET	13566	53250	83.222.103.245	192.168.2.23
Jan 19, 2025 03:37:54.611766100 CET	34580	13566	192.168.2.23	83.222.87.142
Jan 19, 2025 03:37:54.611773014 CET	13566	59700	83.222.78.237	192.168.2.23
Jan 19, 2025 03:37:54.611804008 CET	53250	13566	192.168.2.23	83.222.103.245
Jan 19, 2025 03:37:54.611824036 CET	59700	13566	192.168.2.23	83.222.78.237
Jan 19, 2025 03:37:54.611993074 CET	13566	42110	83.222.140.194	192.168.2.23
Jan 19, 2025 03:37:54.612021923 CET	13566	44696	83.222.118.91	192.168.2.23
Jan 19, 2025 03:37:54.612044096 CET	42110	13566	192.168.2.23	83.222.140.194
Jan 19, 2025 03:37:54.612049103 CET	13566	54340	83.222.119.76	192.168.2.23
Jan 19, 2025 03:37:54.612066031 CET	44696	13566	192.168.2.23	83.222.118.91
Jan 19, 2025 03:37:54.612077951 CET	13566	59270	83.222.183.136	192.168.2.23
Jan 19, 2025 03:37:54.612097979 CET	54340	13566	192.168.2.23	83.222.119.76
Jan 19, 2025 03:37:54.612107038 CET	13566	34708	83.222.44.150	192.168.2.23
Jan 19, 2025 03:37:54.612118959 CET	59270	13566	192.168.2.23	83.222.183.136
Jan 19, 2025 03:37:54.612135887 CET	13566	44848	83.222.212.238	192.168.2.23
Jan 19, 2025 03:37:54.612152100 CET	34708	13566	192.168.2.23	83.222.44.150
Jan 19, 2025 03:37:54.612164974 CET	13566	33282	83.222.139.151	192.168.2.23
Jan 19, 2025 03:37:54.612184048 CET	44848	13566	192.168.2.23	83.222.212.238
Jan 19, 2025 03:37:54.612193108 CET	13566	35972	83.222.152.17	192.168.2.23
Jan 19, 2025 03:37:54.612206936 CET	33282	13566	192.168.2.23	83.222.139.151
Jan 19, 2025 03:37:54.612221003 CET	13566	55878	83.222.244.115	192.168.2.23
Jan 19, 2025 03:37:54.612247944 CET	13566	54610	83.222.40.112	192.168.2.23
Jan 19, 2025 03:37:54.612246990 CET	35972	13566	192.168.2.23	83.222.152.17
Jan 19, 2025 03:37:54.612260103 CET	55878	13566	192.168.2.23	83.222.244.115
Jan 19, 2025 03:37:54.612277031 CET	13566	36742	83.222.93.129	192.168.2.23
Jan 19, 2025 03:37:54.612304926 CET	13566	42160	83.222.204.106	192.168.2.23
Jan 19, 2025 03:37:54.612308979 CET	54610	13566	192.168.2.23	83.222.40.112
Jan 19, 2025 03:37:54.612318993 CET	36742	13566	192.168.2.23	83.222.93.129
Jan 19, 2025 03:37:54.612333059 CET	13566	33290	83.222.230.25	192.168.2.23
Jan 19, 2025 03:37:54.612350941 CET	42160	13566	192.168.2.23	83.222.204.106
Jan 19, 2025 03:37:54.612361908 CET	13566	51832	83.222.22.21	192.168.2.23
Jan 19, 2025 03:37:54.612382889 CET	33290	13566	192.168.2.23	83.222.230.25
Jan 19, 2025 03:37:54.612399101 CET	51832	13566	192.168.2.23	83.222.22.21
Jan 19, 2025 03:37:54.612416029 CET	13566	47804	83.222.55.148	192.168.2.23
Jan 19, 2025 03:37:54.612443924 CET	13566	45304	83.222.53.211	192.168.2.23
Jan 19, 2025 03:37:54.612471104 CET	13566	37818	83.222.215.227	192.168.2.23
Jan 19, 2025 03:37:54.612494946 CET	45304	13566	192.168.2.23	83.222.53.211
Jan 19, 2025 03:37:54.612498999 CET	13566	43432	83.222.61.4	192.168.2.23
Jan 19, 2025 03:37:54.612513065 CET	37818	13566	192.168.2.23	83.222.215.227
Jan 19, 2025 03:37:54.612526894 CET	13566	44548	83.222.114.84	192.168.2.23
Jan 19, 2025 03:37:54.612555027 CET	13566	44410	83.222.26.88	192.168.2.23
Jan 19, 2025 03:37:54.612565041 CET	44548	13566	192.168.2.23	83.222.114.84
Jan 19, 2025 03:37:54.612582922 CET	13566	34722	83.222.109.145	192.168.2.23
Jan 19, 2025 03:37:54.612590075 CET	47804	13566	192.168.2.23	83.222.55.148
Jan 19, 2025 03:37:54.612590075 CET	43432	13566	192.168.2.23	83.222.61.4
Jan 19, 2025 03:37:54.612595081 CET	44410	13566	192.168.2.23	83.222.26.88
Jan 19, 2025 03:37:54.612611055 CET	13566	39172	83.222.164.36	192.168.2.23
Jan 19, 2025 03:37:54.612627983 CET	34722	13566	192.168.2.23	83.222.109.145
Jan 19, 2025 03:37:54.612700939 CET	13566	40030	83.222.25.120	192.168.2.23
Jan 19, 2025 03:37:54.612713099 CET	39172	13566	192.168.2.23	83.222.164.36
Jan 19, 2025 03:37:54.612730026 CET	13566	60574	83.222.37.112	192.168.2.23
Jan 19, 2025 03:37:54.612741947 CET	40030	13566	192.168.2.23	83.222.25.120
Jan 19, 2025 03:37:54.612761021 CET	13566	51522	83.222.19.70	192.168.2.23
Jan 19, 2025 03:37:54.612790108 CET	13566	52798	83.222.220.2	192.168.2.23
Jan 19, 2025 03:37:54.612795115 CET	60574	13566	192.168.2.23	83.222.37.112
Jan 19, 2025 03:37:54.612813950 CET	51522	13566	192.168.2.23	83.222.19.70
Jan 19, 2025 03:37:54.612817049 CET	13566	34392	83.222.225.177	192.168.2.23
Jan 19, 2025 03:37:54.612845898 CET	13566	43348	83.222.14.74	192.168.2.23
Jan 19, 2025 03:37:54.612854958 CET	34392	13566	192.168.2.23	83.222.225.177
Jan 19, 2025 03:37:54.612860918 CET	52798	13566	192.168.2.23	83.222.220.2
Jan 19, 2025 03:37:54.612873077 CET	13566	48738	83.222.125.7	192.168.2.23
Jan 19, 2025 03:37:54.612900019 CET	43348	13566	192.168.2.23	83.222.14.74
Jan 19, 2025 03:37:54.612900972 CET	13566	35214	83.222.33.113	192.168.2.23
Jan 19, 2025 03:37:54.612916946 CET	48738	13566	192.168.2.23	83.222.125.7
Jan 19, 2025 03:37:54.612930059 CET	13566	43234	83.222.122.126	192.168.2.23
Jan 19, 2025 03:37:54.612942934 CET	35214	13566	192.168.2.23	83.222.33.113
Jan 19, 2025 03:37:54.612958908 CET	13566	41382	83.222.242.176	192.168.2.23
Jan 19, 2025 03:37:54.613008022 CET	13566	56834	83.222.81.206	192.168.2.23
Jan 19, 2025 03:37:54.613043070 CET	13566	43800	83.222.211.36	192.168.2.23
Jan 19, 2025 03:37:54.613070965 CET	13566	51526	83.222.218.154	192.168.2.23
Jan 19, 2025 03:37:54.613085985 CET	43800	13566	192.168.2.23	83.222.211.36
Jan 19, 2025 03:37:54.613090038 CET	43234	13566	192.168.2.23	83.222.122.126
Jan 19, 2025 03:37:54.613090038 CET	41382	13566	192.168.2.23	83.222.242.176
Jan 19, 2025 03:37:54.613090038 CET	56834	13566	192.168.2.23	83.222.81.206
Jan 19, 2025 03:37:54.613099098 CET	13566	58340	83.222.227.237	192.168.2.23
Jan 19, 2025 03:37:54.613126993 CET	13566	46702	83.222.178.143	192.168.2.23
Jan 19, 2025 03:37:54.613140106 CET	58340	13566	192.168.2.23	83.222.227.237
Jan 19, 2025 03:37:54.613154888 CET	13566	51532	83.222.126.32	192.168.2.23
Jan 19, 2025 03:37:54.613176107 CET	46702	13566	192.168.2.23	83.222.178.143
Jan 19, 2025 03:37:54.613183975 CET	13566	43288	83.222.124.80	192.168.2.23
Jan 19, 2025 03:37:54.613194942 CET	51532	13566	192.168.2.23	83.222.126.32
Jan 19, 2025 03:37:54.613204002 CET	51526	13566	192.168.2.23	83.222.218.154
Jan 19, 2025 03:37:54.613213062 CET	13566	52938	83.222.117.151	192.168.2.23
Jan 19, 2025 03:37:54.613231897 CET	43288	13566	192.168.2.23	83.222.124.80
Jan 19, 2025 03:37:54.613240957 CET	13566	59228	83.222.153.136	192.168.2.23
Jan 19, 2025 03:37:54.613255978 CET	52938	13566	192.168.2.23	83.222.117.151
Jan 19, 2025 03:37:54.613269091 CET	13566	35150	83.222.221.167	192.168.2.23
Jan 19, 2025 03:37:54.613286018 CET	59228	13566	192.168.2.23	83.222.153.136
Jan 19, 2025 03:37:54.613296032 CET	13566	46734	83.222.210.183	192.168.2.23
Jan 19, 2025 03:37:54.613320112 CET	35150	13566	192.168.2.23	83.222.221.167
Jan 19, 2025 03:37:54.613325119 CET	13566	45488	83.222.65.179	192.168.2.23
Jan 19, 2025 03:37:54.613353968 CET	13566	51272	83.222.105.190	192.168.2.23
Jan 19, 2025 03:37:54.613382101 CET	13566	60654	83.222.9.34	192.168.2.23
Jan 19, 2025 03:37:54.613409996 CET	13566	53752	83.222.186.138	192.168.2.23
Jan 19, 2025 03:37:54.613420010 CET	60654	13566	192.168.2.23	83.222.9.34
Jan 19, 2025 03:37:54.613437891 CET	13566	60408	83.222.48.53	192.168.2.23
Jan 19, 2025 03:37:54.613457918 CET	53752	13566	192.168.2.23	83.222.186.138
Jan 19, 2025 03:37:54.613466024 CET	13566	35298	83.222.187.204	192.168.2.23
Jan 19, 2025 03:37:54.613460064 CET	46734	13566	192.168.2.23	83.222.210.183
Jan 19, 2025 03:37:54.613460064 CET	45488	13566	192.168.2.23	83.222.65.179
Jan 19, 2025 03:37:54.613461018 CET	51272	13566	192.168.2.23	83.222.105.190
Jan 19, 2025 03:37:54.613488913 CET	60408	13566	192.168.2.23	83.222.48.53
Jan 19, 2025 03:37:54.613495111 CET	13566	55046	83.222.229.90	192.168.2.23
Jan 19, 2025 03:37:54.613506079 CET	35298	13566	192.168.2.23	83.222.187.204
Jan 19, 2025 03:37:54.613526106 CET	13566	55770	83.222.241.151	192.168.2.23
Jan 19, 2025 03:37:54.613537073 CET	55046	13566	192.168.2.23	83.222.229.90
Jan 19, 2025 03:37:54.613558054 CET	13566	43984	83.222.233.196	192.168.2.23
Jan 19, 2025 03:37:54.613564014 CET	55770	13566	192.168.2.23	83.222.241.151
Jan 19, 2025 03:37:54.613594055 CET	13566	52980	83.222.29.47	192.168.2.23
Jan 19, 2025 03:37:54.613606930 CET	43984	13566	192.168.2.23	83.222.233.196
Jan 19, 2025 03:37:54.613621950 CET	13566	57034	83.222.177.55	192.168.2.23
Jan 19, 2025 03:37:54.613641024 CET	52980	13566	192.168.2.23	83.222.29.47
Jan 19, 2025 03:37:54.613651037 CET	13566	42594	83.222.87.146	192.168.2.23
Jan 19, 2025 03:37:54.613662004 CET	57034	13566	192.168.2.23	83.222.177.55
Jan 19, 2025 03:37:54.613678932 CET	13566	46012	83.222.198.240	192.168.2.23
Jan 19, 2025 03:37:54.613692045 CET	42594	13566	192.168.2.23	83.222.87.146
Jan 19, 2025 03:37:54.613706112 CET	13566	56630	83.222.26.164	192.168.2.23
Jan 19, 2025 03:37:54.613719940 CET	46012	13566	192.168.2.23	83.222.198.240
Jan 19, 2025 03:37:54.613734961 CET	13566	45212	83.222.152.236	192.168.2.23
Jan 19, 2025 03:37:54.613745928 CET	56630	13566	192.168.2.23	83.222.26.164
Jan 19, 2025 03:37:54.613764048 CET	13566	36630	83.222.91.217	192.168.2.23
Jan 19, 2025 03:37:54.613784075 CET	45212	13566	192.168.2.23	83.222.152.236
Jan 19, 2025 03:37:54.613791943 CET	13566	36214	83.222.79.200	192.168.2.23
Jan 19, 2025 03:37:54.613810062 CET	36630	13566	192.168.2.23	83.222.91.217
Jan 19, 2025 03:37:54.613820076 CET	13566	59414	83.222.143.88	192.168.2.23
Jan 19, 2025 03:37:54.613837004 CET	36214	13566	192.168.2.23	83.222.79.200
Jan 19, 2025 03:37:54.613847971 CET	13566	57270	83.222.234.116	192.168.2.23
Jan 19, 2025 03:37:54.613861084 CET	59414	13566	192.168.2.23	83.222.143.88
Jan 19, 2025 03:37:54.613876104 CET	13566	45066	83.222.178.219	192.168.2.23
Jan 19, 2025 03:37:54.613889933 CET	57270	13566	192.168.2.23	83.222.234.116
Jan 19, 2025 03:37:54.613903046 CET	13566	46378	83.222.253.133	192.168.2.23
Jan 19, 2025 03:37:54.613922119 CET	45066	13566	192.168.2.23	83.222.178.219
Jan 19, 2025 03:37:54.613930941 CET	13566	57758	83.222.127.84	192.168.2.23
Jan 19, 2025 03:37:54.613948107 CET	46378	13566	192.168.2.23	83.222.253.133
Jan 19, 2025 03:37:54.613959074 CET	13566	49406	83.222.23.70	192.168.2.23
Jan 19, 2025 03:37:54.613976002 CET	57758	13566	192.168.2.23	83.222.127.84
Jan 19, 2025 03:37:54.613986015 CET	13566	48678	83.222.234.221	192.168.2.23
Jan 19, 2025 03:37:54.613997936 CET	49406	13566	192.168.2.23	83.222.23.70
Jan 19, 2025 03:37:54.614013910 CET	13566	48882	83.222.10.78	192.168.2.23
Jan 19, 2025 03:37:54.614032030 CET	48678	13566	192.168.2.23	83.222.234.221
Jan 19, 2025 03:37:54.614042997 CET	13566	58244	83.222.159.196	192.168.2.23
Jan 19, 2025 03:37:54.614056110 CET	48882	13566	192.168.2.23	83.222.10.78
Jan 19, 2025 03:37:54.614070892 CET	13566	42374	83.222.152.90	192.168.2.23
Jan 19, 2025 03:37:54.614097118 CET	58244	13566	192.168.2.23	83.222.159.196
Jan 19, 2025 03:37:54.614101887 CET	13566	51854	83.222.23.89	192.168.2.23
Jan 19, 2025 03:37:54.614129066 CET	42374	13566	192.168.2.23	83.222.152.90
Jan 19, 2025 03:37:54.614147902 CET	13566	46438	83.222.11.156	192.168.2.23
Jan 19, 2025 03:37:54.614161968 CET	51854	13566	192.168.2.23	83.222.23.89
Jan 19, 2025 03:37:54.614208937 CET	46438	13566	192.168.2.23	83.222.11.156
Jan 19, 2025 03:37:54.617860079 CET	13566	43104	83.222.159.198	192.168.2.23
Jan 19, 2025 03:37:54.617888927 CET	13566	54146	83.222.69.49	192.168.2.23
Jan 19, 2025 03:37:54.617916107 CET	13566	43884	83.222.29.69	192.168.2.23
Jan 19, 2025 03:37:54.617943048 CET	13566	59242	83.222.22.166	192.168.2.23
Jan 19, 2025 03:37:54.617969990 CET	13566	48964	83.222.104.80	192.168.2.23
Jan 19, 2025 03:37:54.617989063 CET	59242	13566	192.168.2.23	83.222.22.166
Jan 19, 2025 03:37:54.617996931 CET	13566	49100	83.222.182.189	192.168.2.23
Jan 19, 2025 03:37:54.618025064 CET	13566	43860	83.222.26.99	192.168.2.23
Jan 19, 2025 03:37:54.618031979 CET	48964	13566	192.168.2.23	83.222.104.80
Jan 19, 2025 03:37:54.618031979 CET	49100	13566	192.168.2.23	83.222.182.189
Jan 19, 2025 03:37:54.618052959 CET	13566	60366	83.222.177.1	192.168.2.23
Jan 19, 2025 03:37:54.618046999 CET	43104	13566	192.168.2.23	83.222.159.198
Jan 19, 2025 03:37:54.618046999 CET	54146	13566	192.168.2.23	83.222.69.49
Jan 19, 2025 03:37:54.618047953 CET	43884	13566	192.168.2.23	83.222.29.69
Jan 19, 2025 03:37:54.618067980 CET	43860	13566	192.168.2.23	83.222.26.99
Jan 19, 2025 03:37:54.618081093 CET	13566	51618	83.222.220.37	192.168.2.23
Jan 19, 2025 03:37:54.618113041 CET	13566	51588	83.222.235.104	192.168.2.23
Jan 19, 2025 03:37:54.618113041 CET	60366	13566	192.168.2.23	83.222.177.1
Jan 19, 2025 03:37:54.618133068 CET	51618	13566	192.168.2.23	83.222.220.37
Jan 19, 2025 03:37:54.618143082 CET	13566	47606	83.222.255.124	192.168.2.23
Jan 19, 2025 03:37:54.618170023 CET	13566	36400	83.222.204.232	192.168.2.23
Jan 19, 2025 03:37:54.618191004 CET	47606	13566	192.168.2.23	83.222.255.124
Jan 19, 2025 03:37:54.618196964 CET	13566	42980	83.222.237.76	192.168.2.23
Jan 19, 2025 03:37:54.618210077 CET	36400	13566	192.168.2.23	83.222.204.232
Jan 19, 2025 03:37:54.618225098 CET	13566	36190	83.222.60.5	192.168.2.23
Jan 19, 2025 03:37:54.618252993 CET	13566	53356	83.222.146.129	192.168.2.23
Jan 19, 2025 03:37:54.618279934 CET	13566	36418	83.222.94.84	192.168.2.23
Jan 19, 2025 03:37:54.618305922 CET	13566	42420	83.222.54.124	192.168.2.23
Jan 19, 2025 03:37:54.618313074 CET	53356	13566	192.168.2.23	83.222.146.129
Jan 19, 2025 03:37:54.618324995 CET	51588	13566	192.168.2.23	83.222.235.104
Jan 19, 2025 03:37:54.618324995 CET	42980	13566	192.168.2.23	83.222.237.76
Jan 19, 2025 03:37:54.618324995 CET	36190	13566	192.168.2.23	83.222.60.5
Jan 19, 2025 03:37:54.618334055 CET	13566	56276	83.222.193.21	192.168.2.23
Jan 19, 2025 03:37:54.618346930 CET	36418	13566	192.168.2.23	83.222.94.84
Jan 19, 2025 03:37:54.618351936 CET	42420	13566	192.168.2.23	83.222.54.124
Jan 19, 2025 03:37:54.618366003 CET	13566	52164	83.222.99.40	192.168.2.23
Jan 19, 2025 03:37:54.618382931 CET	56276	13566	192.168.2.23	83.222.193.21
Jan 19, 2025 03:37:54.618397951 CET	13566	59846	83.222.36.122	192.168.2.23
Jan 19, 2025 03:37:54.618410110 CET	52164	13566	192.168.2.23	83.222.99.40
Jan 19, 2025 03:37:54.618427992 CET	13566	51408	83.222.123.232	192.168.2.23
Jan 19, 2025 03:37:54.618454933 CET	13566	43800	83.222.211.248	192.168.2.23
Jan 19, 2025 03:37:54.618483067 CET	13566	44286	83.222.206.213	192.168.2.23
Jan 19, 2025 03:37:54.618501902 CET	43800	13566	192.168.2.23	83.222.211.248
Jan 19, 2025 03:37:54.618509054 CET	13566	42688	83.222.57.87	192.168.2.23
Jan 19, 2025 03:37:54.618537903 CET	13566	49620	83.222.17.203	192.168.2.23
Jan 19, 2025 03:37:54.618566036 CET	13566	36396	83.222.160.160	192.168.2.23
Jan 19, 2025 03:37:54.618570089 CET	59846	13566	192.168.2.23	83.222.36.122
Jan 19, 2025 03:37:54.618571997 CET	44286	13566	192.168.2.23	83.222.206.213
Jan 19, 2025 03:37:54.618570089 CET	51408	13566	192.168.2.23	83.222.123.232
Jan 19, 2025 03:37:54.618571997 CET	42688	13566	192.168.2.23	83.222.57.87
Jan 19, 2025 03:37:54.618587017 CET	49620	13566	192.168.2.23	83.222.17.203
Jan 19, 2025 03:37:54.618592978 CET	13566	44252	83.222.13.56	192.168.2.23
Jan 19, 2025 03:37:54.618614912 CET	36396	13566	192.168.2.23	83.222.160.160
Jan 19, 2025 03:37:54.618635893 CET	44252	13566	192.168.2.23	83.222.13.56
Jan 19, 2025 03:37:54.620974064 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:37:54.625799894 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:37:54.625983000 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:37:54.625983000 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:37:54.630947113 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:37:54.631135941 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:37:54.636183023 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:37:58.810249090 CET	42836	443	192.168.2.23	91.189.91.43
Jan 19, 2025 03:37:59.578181028 CET	42516	80	192.168.2.23	109.202.202.202
Jan 19, 2025 03:38:04.633486032 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:38:04.638787985 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:38:04.837249041 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:38:04.837678909 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:38:05.207526922 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:38:05.207762957 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:38:14.680115938 CET	43928	443	192.168.2.23	91.189.91.42
Jan 19, 2025 03:38:24.918772936 CET	42836	443	192.168.2.23	91.189.91.43
Jan 19, 2025 03:38:29.013962030 CET	42516	80	192.168.2.23	109.202.202.202
Jan 19, 2025 03:38:55.634637117 CET	43928	443	192.168.2.23	91.189.91.42
Jan 19, 2025 03:39:05.257297993 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:39:05.262435913 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:39:05.460933924 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:39:05.461345911 CET	42750	13566	192.168.2.23	83.222.191.90
Jan 19, 2025 03:39:06.207020998 CET	13566	42750	83.222.191.90	192.168.2.23
Jan 19, 2025 03:39:06.207257032 CET	42750	13566	192.168.2.23	83.222.191.90

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 19, 2025 03:37:54.608160019 CET	37256	53	192.168.2.23	8.8.8.8
Jan 19, 2025 03:37:54.620860100 CET	53	37256	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 19, 2025 03:37:54.608160019 CET	192.168.2.23	8.8.8.8	0x3ed2	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 19, 2025 03:37:54.620860100 CET	8.8.8.8	192.168.2.23	0x3ed2	No error (0)	secure-network-rebirthltd.ru		83.222.191.90	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: loki.x86.elf PID: 6249, Parent PID: 6175

General

Start time (UTC):	02:37:53
Start date (UTC):	19/01/2025
Path:	/tmp/loki.x86.elf
Arguments:	/tmp/loki.x86.elf
File size:	42000 bytes
MD5 hash:	d3f5b03d0c1f593d02669ad6c84ce650

File Activities

File Opened

File Moved

Process Activities

Process Forked

Prctl Requested

Chronological Activities

Analysis Process: loki.x86.elf PID: 6250, Parent PID: 6249

General

Start time (UTC):	02:37:53
Start date (UTC):	19/01/2025
Path:	/tmp/loki.x86.elf
Arguments:	-
File size:	42000 bytes
MD5 hash:	d3f5b03d0c1f593d02669ad6c84ce650

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Chronological Activities

Analysis Process: loki.x86.elf PID: 6251, Parent PID: 6249

General

Start time (UTC):	02:37:54
Start date (UTC):	19/01/2025
Path:	/tmp/loki.x86.elf
Arguments:	-
File size:	42000 bytes
MD5 hash:	d3f5b03d0c1f593d02669ad6c84ce650

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report loki.x86.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: loki.x86.elf PID: 6249, Parent PID: 6175

General

File Activities

File Opened

File Moved

Process Activities

Process Forked

Prctl Requested

Chronological Activities

Analysis Process: loki.x86.elf PID: 6250, Parent PID: 6249

General

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Chronological Activities

Analysis Process: loki.x86.elf PID: 6251, Parent PID: 6249

General

Linux Analysis Report
loki.x86.elf