Edit tour

Linux Analysis Report
loki.arm5.elf

Overview

General Information

Sample name:	loki.arm5.elf
Analysis ID:	1594515
MD5:	1e5980444a7998538383f8a17165ad97
SHA1:	395f7f945750f78af2b55ff6875f57a5e49deaa0
SHA256:	106e968a309aac246265ec18127977d174e523ac494ebc18bec7bd6fbce4a433
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Suricata IDS alerts with low severity for network traffic

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1594515
Start date and time:	2025-01-19 04:02:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	loki.arm5.elf
Detection:	MAL
Classification:	mal48.linELF@0/0@1/0

Runtime Messages

Command:	/tmp/loki.arm5.elf
PID:	5496
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	suka
Standard Error:

Process Tree

system is lnxubuntu20

loki.arm5.elf (PID: 5496, Parent: 5415, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/loki.arm5.elf

loki.arm5.elf New Fork (PID: 5498, Parent: 5496)

loki.arm5.elf New Fork (PID: 5500, Parent: 5496)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

ET COMPROMISED Known Compromised or Hostile Host Traffic group 18

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-19T04:03:00.542570+0100	2500034	2	Misc Attack	83.222.191.90	13566	192.168.2.14	56538	TCP

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: loki.arm5.elf

ReversingLabs: Detection: 39%

Source: global traffic	TCP traffic: 192.168.2.14:51588 -> 83.222.12.208:13566
Source: global traffic	TCP traffic: 192.168.2.14:51058 -> 83.222.113.0:13566
Source: global traffic	TCP traffic: 192.168.2.14:36864 -> 83.222.18.196:13566
Source: global traffic	TCP traffic: 192.168.2.14:35628 -> 83.222.33.202:13566
Source: global traffic	TCP traffic: 192.168.2.14:53378 -> 83.222.74.66:13566
Source: global traffic	TCP traffic: 192.168.2.14:39554 -> 83.222.153.138:13566
Source: global traffic	TCP traffic: 192.168.2.14:45460 -> 83.222.110.59:13566
Source: global traffic	TCP traffic: 192.168.2.14:37178 -> 83.222.165.17:13566
Source: global traffic	TCP traffic: 192.168.2.14:52604 -> 83.222.184.49:13566
Source: global traffic	TCP traffic: 192.168.2.14:48552 -> 83.222.213.161:13566
Source: global traffic	TCP traffic: 192.168.2.14:47830 -> 83.222.111.55:13566
Source: global traffic	TCP traffic: 192.168.2.14:45880 -> 83.222.55.210:13566
Source: global traffic	TCP traffic: 192.168.2.14:35948 -> 83.222.114.253:13566
Source: global traffic	TCP traffic: 192.168.2.14:47098 -> 83.222.163.68:13566
Source: global traffic	TCP traffic: 192.168.2.14:46746 -> 83.222.180.85:13566
Source: global traffic	TCP traffic: 192.168.2.14:37534 -> 83.222.168.192:13566
Source: global traffic	TCP traffic: 192.168.2.14:52308 -> 83.222.37.25:13566
Source: global traffic	TCP traffic: 192.168.2.14:40398 -> 83.222.192.55:13566
Source: global traffic	TCP traffic: 192.168.2.14:43538 -> 83.222.222.226:13566
Source: global traffic	TCP traffic: 192.168.2.14:54414 -> 83.222.1.40:13566
Source: global traffic	TCP traffic: 192.168.2.14:38814 -> 83.222.36.154:13566
Source: global traffic	TCP traffic: 192.168.2.14:41428 -> 83.222.178.146:13566
Source: global traffic	TCP traffic: 192.168.2.14:60060 -> 83.222.214.87:13566
Source: global traffic	TCP traffic: 192.168.2.14:49472 -> 83.222.163.142:13566
Source: global traffic	TCP traffic: 192.168.2.14:38380 -> 83.222.136.120:13566
Source: global traffic	TCP traffic: 192.168.2.14:47122 -> 83.222.47.247:13566
Source: global traffic	TCP traffic: 192.168.2.14:56942 -> 83.222.175.102:13566
Source: global traffic	TCP traffic: 192.168.2.14:57348 -> 83.222.202.34:13566
Source: global traffic	TCP traffic: 192.168.2.14:54690 -> 83.222.99.109:13566
Source: global traffic	TCP traffic: 192.168.2.14:52016 -> 83.222.102.23:13566
Source: global traffic	TCP traffic: 192.168.2.14:34708 -> 83.222.194.15:13566
Source: global traffic	TCP traffic: 192.168.2.14:33800 -> 83.222.216.231:13566
Source: global traffic	TCP traffic: 192.168.2.14:39636 -> 83.222.40.152:13566
Source: global traffic	TCP traffic: 192.168.2.14:60192 -> 83.222.30.6:13566
Source: global traffic	TCP traffic: 192.168.2.14:36280 -> 83.222.122.31:13566
Source: global traffic	TCP traffic: 192.168.2.14:57492 -> 83.222.46.158:13566
Source: global traffic	TCP traffic: 192.168.2.14:54980 -> 83.222.186.224:13566
Source: global traffic	TCP traffic: 192.168.2.14:38102 -> 83.222.48.144:13566
Source: global traffic	TCP traffic: 192.168.2.14:43204 -> 83.222.55.211:13566
Source: global traffic	TCP traffic: 192.168.2.14:34330 -> 83.222.30.191:13566
Source: global traffic	TCP traffic: 192.168.2.14:58958 -> 83.222.75.77:13566
Source: global traffic	TCP traffic: 192.168.2.14:44672 -> 83.222.183.251:13566
Source: global traffic	TCP traffic: 192.168.2.14:44524 -> 83.222.179.129:13566
Source: global traffic	TCP traffic: 192.168.2.14:37166 -> 83.222.29.22:13566
Source: global traffic	TCP traffic: 192.168.2.14:54354 -> 83.222.238.131:13566
Source: global traffic	TCP traffic: 192.168.2.14:33244 -> 83.222.46.177:13566
Source: global traffic	TCP traffic: 192.168.2.14:43838 -> 83.222.146.6:13566
Source: global traffic	TCP traffic: 192.168.2.14:38976 -> 83.222.152.187:13566
Source: global traffic	TCP traffic: 192.168.2.14:43882 -> 83.222.158.183:13566
Source: global traffic	TCP traffic: 192.168.2.14:33610 -> 83.222.193.25:13566
Source: global traffic	TCP traffic: 192.168.2.14:49612 -> 83.222.214.240:13566
Source: global traffic	TCP traffic: 192.168.2.14:47066 -> 83.222.183.144:13566
Source: global traffic	TCP traffic: 192.168.2.14:59182 -> 83.222.208.232:13566
Source: global traffic	TCP traffic: 192.168.2.14:43470 -> 83.222.32.8:13566
Source: global traffic	TCP traffic: 192.168.2.14:56816 -> 83.222.187.62:13566
Source: global traffic	TCP traffic: 192.168.2.14:53110 -> 83.222.199.7:13566
Source: global traffic	TCP traffic: 192.168.2.14:38874 -> 83.222.139.126:13566
Source: global traffic	TCP traffic: 192.168.2.14:50624 -> 83.222.2.62:13566
Source: global traffic	TCP traffic: 192.168.2.14:45444 -> 83.222.255.31:13566
Source: global traffic	TCP traffic: 192.168.2.14:38876 -> 83.222.85.238:13566
Source: global traffic	TCP traffic: 192.168.2.14:50098 -> 83.222.162.131:13566
Source: global traffic	TCP traffic: 192.168.2.14:39418 -> 83.222.159.53:13566
Source: global traffic	TCP traffic: 192.168.2.14:51014 -> 83.222.137.55:13566
Source: global traffic	TCP traffic: 192.168.2.14:38806 -> 83.222.240.39:13566
Source: global traffic	TCP traffic: 192.168.2.14:49324 -> 83.222.238.177:13566
Source: global traffic	TCP traffic: 192.168.2.14:49580 -> 83.222.64.197:13566
Source: global traffic	TCP traffic: 192.168.2.14:42320 -> 83.222.161.248:13566
Source: global traffic	TCP traffic: 192.168.2.14:40512 -> 83.222.85.114:13566
Source: global traffic	TCP traffic: 192.168.2.14:40050 -> 83.222.224.118:13566
Source: global traffic	TCP traffic: 192.168.2.14:42088 -> 83.222.122.155:13566
Source: global traffic	TCP traffic: 192.168.2.14:52278 -> 83.222.180.65:13566
Source: global traffic	TCP traffic: 192.168.2.14:45824 -> 83.222.162.64:13566
Source: global traffic	TCP traffic: 192.168.2.14:44392 -> 83.222.192.164:13566
Source: global traffic	TCP traffic: 192.168.2.14:44944 -> 83.222.126.191:13566
Source: global traffic	TCP traffic: 192.168.2.14:50910 -> 83.222.195.211:13566
Source: global traffic	TCP traffic: 192.168.2.14:42670 -> 83.222.173.102:13566
Source: global traffic	TCP traffic: 192.168.2.14:53668 -> 83.222.86.76:13566
Source: global traffic	TCP traffic: 192.168.2.14:33086 -> 83.222.155.223:13566
Source: global traffic	TCP traffic: 192.168.2.14:55598 -> 83.222.132.139:13566
Source: global traffic	TCP traffic: 192.168.2.14:33050 -> 83.222.7.114:13566
Source: global traffic	TCP traffic: 192.168.2.14:57520 -> 83.222.60.71:13566
Source: global traffic	TCP traffic: 192.168.2.14:37336 -> 83.222.55.222:13566
Source: global traffic	TCP traffic: 192.168.2.14:40370 -> 83.222.63.141:13566
Source: global traffic	TCP traffic: 192.168.2.14:59434 -> 83.222.80.31:13566
Source: global traffic	TCP traffic: 192.168.2.14:50822 -> 83.222.3.202:13566
Source: global traffic	TCP traffic: 192.168.2.14:44574 -> 83.222.187.183:13566
Source: global traffic	TCP traffic: 192.168.2.14:59160 -> 83.222.11.93:13566
Source: global traffic	TCP traffic: 192.168.2.14:40294 -> 83.222.247.203:13566
Source: global traffic	TCP traffic: 192.168.2.14:48474 -> 83.222.2.118:13566
Source: global traffic	TCP traffic: 192.168.2.14:59546 -> 83.222.139.197:13566
Source: global traffic	TCP traffic: 192.168.2.14:55694 -> 83.222.73.56:13566
Source: global traffic	TCP traffic: 192.168.2.14:60402 -> 83.222.43.160:13566
Source: global traffic	TCP traffic: 192.168.2.14:49672 -> 83.222.133.198:13566
Source: global traffic	TCP traffic: 192.168.2.14:38996 -> 83.222.127.9:13566
Source: global traffic	TCP traffic: 192.168.2.14:45472 -> 83.222.81.134:13566
Source: global traffic	TCP traffic: 192.168.2.14:54476 -> 83.222.123.142:13566
Source: global traffic	TCP traffic: 192.168.2.14:39862 -> 83.222.206.179:13566
Source: global traffic	TCP traffic: 192.168.2.14:38446 -> 83.222.108.13:13566
Source: global traffic	TCP traffic: 192.168.2.14:56538 -> 83.222.191.90:13566

Source: /tmp/loki.arm5.elf (PID: 5496)

Socket: 127.0.0.1:14435

Jump to behavior

Source: Network traffic

Suricata IDS: 2500034 - Severity 2 - ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 : 83.222.191.90:13566 -> 192.168.2.14:56538

Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.12.208
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.12.208
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.12.208
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.12.208
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.113.0
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.113.0
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.18.196
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.18.196
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.18.196
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.33.202
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.18.196
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.33.202
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.33.202
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.74.66
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.153.138
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.33.202
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.74.66
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.153.138
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.153.138
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.165.17
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.153.138
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.165.17
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.165.17
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.184.49
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.213.161
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.165.17
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.184.49
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.111.55
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.213.161
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.55.210
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.111.55
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.114.253
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.55.210
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.163.68
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.114.253
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.180.85
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.163.68
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.168.192
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.180.85
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.168.192
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.37.25
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.37.25
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.37.25
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.192.55
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.37.25
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.192.55
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.222.226
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.222.226
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.222.226
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.222.226

Source: global traffic

DNS traffic detected: DNS query: secure-network-rebirthltd.ru

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal48.linELF@0/0@1/0

Source: /tmp/loki.arm5.elf (PID: 5496)

Queries kernel information via 'uname':

Jump to behavior

Source: loki.arm5.elf, 5496.1.0000562e5ac57000.0000562e5adcc000.rw-.sdmp, loki.arm5.elf, 5498.1.0000562e5ac57000.0000562e5ad85000.rw-.sdmp	Binary or memory string: Z.V!/etc/qemu-binfmt/arm
Source: loki.arm5.elf, 5496.1.0000562e5ac57000.0000562e5adcc000.rw-.sdmp, loki.arm5.elf, 5498.1.0000562e5ac57000.0000562e5ad85000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: loki.arm5.elf, 5496.1.00007ffec119f000.00007ffec11c0000.rw-.sdmp, loki.arm5.elf, 5498.1.00007ffec119f000.00007ffec11c0000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: loki.arm5.elf, 5496.1.00007ffec119f000.00007ffec11c0000.rw-.sdmp, loki.arm5.elf, 5498.1.00007ffec119f000.00007ffec11c0000.rw-.sdmp	Binary or memory string: lx86_64/usr/bin/qemu-arm/tmp/loki.arm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/loki.arm5.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
loki.arm5.elf	39%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
secure-network-rebirthltd.ru	83.222.191.90	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
83.222.238.131	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.114.253	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.208.232	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.132.139	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.110.59	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.222.226	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.162.64	unknown	Bulgaria	31037	WAVENETLB	false
83.222.216.231	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.240.39	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.12.208	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.186.224	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.108.13	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.3.202	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.139.126	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.122.31	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.168.192	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.60.71	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.7.114	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.30.6	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.158.183	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.85.238	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.159.53	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.224.118	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.63.141	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.85.114	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.183.251	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.86.76	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.139.197	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.247.203	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.255.31	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.155.223	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.46.177	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.48.144	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.75.77	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.11.93	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.73.56	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.29.22	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.199.7	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.33.202	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.55.222	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.214.87	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.193.25	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.192.55	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.187.183	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.206.179	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.64.197	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.127.9	unknown	Russian Federation	47328	TRI-ASTrueRecordsIncES	false
83.222.191.90	secure-network-rebirthltd.ru	Bulgaria	43561	NET1-ASBG	false
83.222.202.34	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.2.118	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.162.131	unknown	Bulgaria	31037	WAVENETLB	false
83.222.55.210	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.146.6	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.55.211	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.111.55	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.80.31	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.122.155	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.238.177	unknown	United Kingdom	13768	COGECO-PEER1CA	false
83.222.46.158	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.184.49	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.37.25	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.180.85	unknown	Bulgaria	205872	EXTRANET-ASBG	false
83.222.165.17	unknown	Bulgaria	31037	WAVENETLB	false
83.222.137.55	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.47.247	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.194.15	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.152.187	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.36.154	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.178.146	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.81.134	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.136.120	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.32.8	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.175.102	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.179.129	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.1.40	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.30.191	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.126.191	unknown	Russian Federation	47328	TRI-ASTrueRecordsIncES	false
83.222.163.68	unknown	Bulgaria	31037	WAVENETLB	false
83.222.195.211	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.163.142	unknown	Bulgaria	31037	WAVENETLB	false
83.222.40.152	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.187.62	unknown	Bulgaria	43561	NET1-ASBG	false
83.222.99.109	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.74.66	unknown	Russian Federation	16285	ASN-UMNTechnicheskayaStr18bYekaterinburgRussiaRU	false
83.222.214.240	unknown	Russian Federation	25159	SONICDUO-ASRU	false
83.222.180.65	unknown	Bulgaria	205872	EXTRANET-ASBG	false
83.222.153.138	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.113.0	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.192.164	unknown	Russian Federation	6854	SYNTERRA-ASRU	false
83.222.173.102	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.133.198	unknown	Switzerland	31736	SENSELAN-ASsenseLANGmbHCH	false
83.222.43.160	unknown	Luxembourg	8632	LOL-ASluLU	false
83.222.2.62	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.183.144	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.161.248	unknown	Bulgaria	12615	GCN-ASGCNAD-SofiaBulgariaBG	false
83.222.102.23	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.18.196	unknown	Russian Federation	25532	MASTERHOST-ASMoscowRussiaRU	false
83.222.123.142	unknown	Russian Federation	42632	MNOGOBYTE-ASMoscowRussiaRU	false
83.222.213.161	unknown	Russian Federation	25159	SONICDUO-ASRU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
83.222.168.192	Kloki.ppc.elf	Get hash	malicious	Unknown	Browse
83.222.216.231	Kloki.arm7.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
secure-network-rebirthltd.ru	loki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.i686.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.191.90
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.191.90

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SYNTERRA-ASRU	loki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.192.64
	loki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.195.117
	Kloki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.207.75
	Kloki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.192.22
	Kloki.i686.elf	Get hash	malicious	Unknown	Browse	83.222.204.106
	loki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.204.106
	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.210.211
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.195.162
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.195.159
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.196.148
COGECO-PEER1CA	loki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.247.223
	loki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.239.13
	Kloki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.251.105
	Kloki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.242.67
	Kloki.i686.elf	Get hash	malicious	Unknown	Browse	83.222.227.237
	loki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.244.115
	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.232.116
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.237.134
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.224.99
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.247.103
MNOGOBYTE-ASMoscowRussiaRU	loki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.123.192
	loki.ppc.elf	Get hash	malicious	Unknown	Browse	83.222.106.184
	Kloki.arm4.elf	Get hash	malicious	Unknown	Browse	83.222.114.40
	Kloki.m68k.elf	Get hash	malicious	Unknown	Browse	83.222.100.166
	Kloki.i686.elf	Get hash	malicious	Unknown	Browse	83.222.114.84
	loki.x86.elf	Get hash	malicious	Unknown	Browse	83.222.117.151
	Kloki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.105.103
	loki.mips.elf	Get hash	malicious	Unknown	Browse	83.222.113.134
	Kloki.sh4.elf	Get hash	malicious	Unknown	Browse	83.222.118.158
	loki.arm7.elf	Get hash	malicious	Mirai	Browse	83.222.117.74

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy (8bit):	5.9138266952272405
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	loki.arm5.elf
File size:	50'208 bytes
MD5:	1e5980444a7998538383f8a17165ad97
SHA1:	395f7f945750f78af2b55ff6875f57a5e49deaa0
SHA256:	106e968a309aac246265ec18127977d174e523ac494ebc18bec7bd6fbce4a433
SHA512:	6cf1228d73d2d52327734fad8174690c8522c0f45308786cdca64f90f7a198d17e513bb4fe065efea71ce3634721e8fc62d52ea1f0e506ca92770c38a7bd1412
SSDEEP:	768:T8LFhHe8cGmF6W2oQ2p+oRLRxCG7W+UEoRFN9+KUKemww:gh+812pBlRxCGvUpQPw
TLSH:	B4331990BC919A13C6E4137BFA6E418D372663B8E2EF72139D225F11778982F0D77642
File Content Preview:	.ELF...a..........(.........4...........4. ...(.....................................................P...............Q.td..................................-...L."....-..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x8190
Flags:	0x2
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	49808
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	4
.text	PROGBITS	0x80b0	0xb0	0xb680	0x0	0x6	AX	16
.fini	PROGBITS	0x13730	0xb730	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x13744	0xb744	0x564	0x0	0x2	A	4
.ctors	PROGBITS	0x1c000	0xc000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x1c008	0xc008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x1c014	0xc014	0x23c	0x0	0x3	WA	4
.bss	NOBITS	0x1c250	0xc250	0x1164	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xc250	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0xbca8	0xbca8	5.9961	0x5	R E	0x8000	.init .text .fini .rodata
LOAD	0xc000	0x1c000	0x1c000	0x250	0x13b4	3.1783	0x6	RW	0x8000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-19T04:03:00.542570+0100	2500034	ET COMPROMISED Known Compromised or Hostile Host Traffic group 18	2	83.222.191.90	13566	192.168.2.14	56538	TCP

Network Port Distribution

Total Packets: 221
• 13566 undefined
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 19, 2025 04:03:00.182689905 CET	51588	13566	192.168.2.14	83.222.12.208
Jan 19, 2025 04:03:00.187875032 CET	13566	51588	83.222.12.208	192.168.2.14
Jan 19, 2025 04:03:00.187937975 CET	51588	13566	192.168.2.14	83.222.12.208
Jan 19, 2025 04:03:00.200212002 CET	51588	13566	192.168.2.14	83.222.12.208
Jan 19, 2025 04:03:00.205321074 CET	13566	51588	83.222.12.208	192.168.2.14
Jan 19, 2025 04:03:00.205364943 CET	51588	13566	192.168.2.14	83.222.12.208
Jan 19, 2025 04:03:00.206196070 CET	51058	13566	192.168.2.14	83.222.113.0
Jan 19, 2025 04:03:00.211046934 CET	13566	51058	83.222.113.0	192.168.2.14
Jan 19, 2025 04:03:00.211150885 CET	51058	13566	192.168.2.14	83.222.113.0
Jan 19, 2025 04:03:00.226227999 CET	36864	13566	192.168.2.14	83.222.18.196
Jan 19, 2025 04:03:00.231374979 CET	13566	36864	83.222.18.196	192.168.2.14
Jan 19, 2025 04:03:00.231545925 CET	36864	13566	192.168.2.14	83.222.18.196
Jan 19, 2025 04:03:00.243864059 CET	36864	13566	192.168.2.14	83.222.18.196
Jan 19, 2025 04:03:00.248109102 CET	35628	13566	192.168.2.14	83.222.33.202
Jan 19, 2025 04:03:00.248919964 CET	13566	36864	83.222.18.196	192.168.2.14
Jan 19, 2025 04:03:00.249105930 CET	36864	13566	192.168.2.14	83.222.18.196
Jan 19, 2025 04:03:00.253165960 CET	13566	35628	83.222.33.202	192.168.2.14
Jan 19, 2025 04:03:00.253287077 CET	35628	13566	192.168.2.14	83.222.33.202
Jan 19, 2025 04:03:00.253936052 CET	35628	13566	192.168.2.14	83.222.33.202
Jan 19, 2025 04:03:00.255688906 CET	53378	13566	192.168.2.14	83.222.74.66
Jan 19, 2025 04:03:00.258547068 CET	39554	13566	192.168.2.14	83.222.153.138
Jan 19, 2025 04:03:00.258903027 CET	13566	35628	83.222.33.202	192.168.2.14
Jan 19, 2025 04:03:00.258959055 CET	35628	13566	192.168.2.14	83.222.33.202
Jan 19, 2025 04:03:00.260587931 CET	13566	53378	83.222.74.66	192.168.2.14
Jan 19, 2025 04:03:00.260639906 CET	53378	13566	192.168.2.14	83.222.74.66
Jan 19, 2025 04:03:00.263444901 CET	13566	39554	83.222.153.138	192.168.2.14
Jan 19, 2025 04:03:00.263631105 CET	39554	13566	192.168.2.14	83.222.153.138
Jan 19, 2025 04:03:00.274353981 CET	39554	13566	192.168.2.14	83.222.153.138
Jan 19, 2025 04:03:00.277057886 CET	45460	13566	192.168.2.14	83.222.110.59
Jan 19, 2025 04:03:00.280410051 CET	37178	13566	192.168.2.14	83.222.165.17
Jan 19, 2025 04:03:00.281377077 CET	13566	39554	83.222.153.138	192.168.2.14
Jan 19, 2025 04:03:00.281436920 CET	39554	13566	192.168.2.14	83.222.153.138
Jan 19, 2025 04:03:00.282097101 CET	13566	45460	83.222.110.59	192.168.2.14
Jan 19, 2025 04:03:00.282169104 CET	45460	13566	192.168.2.14	83.222.110.59
Jan 19, 2025 04:03:00.285392046 CET	13566	37178	83.222.165.17	192.168.2.14
Jan 19, 2025 04:03:00.285563946 CET	37178	13566	192.168.2.14	83.222.165.17
Jan 19, 2025 04:03:00.294707060 CET	37178	13566	192.168.2.14	83.222.165.17
Jan 19, 2025 04:03:00.296252966 CET	52604	13566	192.168.2.14	83.222.184.49
Jan 19, 2025 04:03:00.299410105 CET	48552	13566	192.168.2.14	83.222.213.161
Jan 19, 2025 04:03:00.299974918 CET	13566	37178	83.222.165.17	192.168.2.14
Jan 19, 2025 04:03:00.300174952 CET	37178	13566	192.168.2.14	83.222.165.17
Jan 19, 2025 04:03:00.301139116 CET	13566	52604	83.222.184.49	192.168.2.14
Jan 19, 2025 04:03:00.301187992 CET	52604	13566	192.168.2.14	83.222.184.49
Jan 19, 2025 04:03:00.302894115 CET	47830	13566	192.168.2.14	83.222.111.55
Jan 19, 2025 04:03:00.304366112 CET	13566	48552	83.222.213.161	192.168.2.14
Jan 19, 2025 04:03:00.304408073 CET	48552	13566	192.168.2.14	83.222.213.161
Jan 19, 2025 04:03:00.306694031 CET	45880	13566	192.168.2.14	83.222.55.210
Jan 19, 2025 04:03:00.307744026 CET	13566	47830	83.222.111.55	192.168.2.14
Jan 19, 2025 04:03:00.307806015 CET	47830	13566	192.168.2.14	83.222.111.55
Jan 19, 2025 04:03:00.310436010 CET	35948	13566	192.168.2.14	83.222.114.253
Jan 19, 2025 04:03:00.311614037 CET	13566	45880	83.222.55.210	192.168.2.14
Jan 19, 2025 04:03:00.311662912 CET	45880	13566	192.168.2.14	83.222.55.210
Jan 19, 2025 04:03:00.313985109 CET	47098	13566	192.168.2.14	83.222.163.68
Jan 19, 2025 04:03:00.315650940 CET	13566	35948	83.222.114.253	192.168.2.14
Jan 19, 2025 04:03:00.315726995 CET	35948	13566	192.168.2.14	83.222.114.253
Jan 19, 2025 04:03:00.317572117 CET	46746	13566	192.168.2.14	83.222.180.85
Jan 19, 2025 04:03:00.318794966 CET	13566	47098	83.222.163.68	192.168.2.14
Jan 19, 2025 04:03:00.318835020 CET	47098	13566	192.168.2.14	83.222.163.68
Jan 19, 2025 04:03:00.322324038 CET	37534	13566	192.168.2.14	83.222.168.192
Jan 19, 2025 04:03:00.322494984 CET	13566	46746	83.222.180.85	192.168.2.14
Jan 19, 2025 04:03:00.322549105 CET	46746	13566	192.168.2.14	83.222.180.85
Jan 19, 2025 04:03:00.327675104 CET	13566	37534	83.222.168.192	192.168.2.14
Jan 19, 2025 04:03:00.327744961 CET	37534	13566	192.168.2.14	83.222.168.192
Jan 19, 2025 04:03:00.329726934 CET	52308	13566	192.168.2.14	83.222.37.25
Jan 19, 2025 04:03:00.334630013 CET	13566	52308	83.222.37.25	192.168.2.14
Jan 19, 2025 04:03:00.334681988 CET	52308	13566	192.168.2.14	83.222.37.25
Jan 19, 2025 04:03:00.335226059 CET	52308	13566	192.168.2.14	83.222.37.25
Jan 19, 2025 04:03:00.336088896 CET	40398	13566	192.168.2.14	83.222.192.55
Jan 19, 2025 04:03:00.340389967 CET	13566	52308	83.222.37.25	192.168.2.14
Jan 19, 2025 04:03:00.340476990 CET	52308	13566	192.168.2.14	83.222.37.25
Jan 19, 2025 04:03:00.340970039 CET	13566	40398	83.222.192.55	192.168.2.14
Jan 19, 2025 04:03:00.341176033 CET	40398	13566	192.168.2.14	83.222.192.55
Jan 19, 2025 04:03:00.354085922 CET	43538	13566	192.168.2.14	83.222.222.226
Jan 19, 2025 04:03:00.359054089 CET	13566	43538	83.222.222.226	192.168.2.14
Jan 19, 2025 04:03:00.360965014 CET	43538	13566	192.168.2.14	83.222.222.226
Jan 19, 2025 04:03:00.386636019 CET	43538	13566	192.168.2.14	83.222.222.226
Jan 19, 2025 04:03:00.391819954 CET	13566	43538	83.222.222.226	192.168.2.14
Jan 19, 2025 04:03:00.392209053 CET	43538	13566	192.168.2.14	83.222.222.226
Jan 19, 2025 04:03:00.400262117 CET	54414	13566	192.168.2.14	83.222.1.40
Jan 19, 2025 04:03:00.405215979 CET	38814	13566	192.168.2.14	83.222.36.154
Jan 19, 2025 04:03:00.405416012 CET	13566	54414	83.222.1.40	192.168.2.14
Jan 19, 2025 04:03:00.405466080 CET	54414	13566	192.168.2.14	83.222.1.40
Jan 19, 2025 04:03:00.407102108 CET	41428	13566	192.168.2.14	83.222.178.146
Jan 19, 2025 04:03:00.408881903 CET	60060	13566	192.168.2.14	83.222.214.87
Jan 19, 2025 04:03:00.410265923 CET	13566	38814	83.222.36.154	192.168.2.14
Jan 19, 2025 04:03:00.410460949 CET	38814	13566	192.168.2.14	83.222.36.154
Jan 19, 2025 04:03:00.411914110 CET	13566	41428	83.222.178.146	192.168.2.14
Jan 19, 2025 04:03:00.412014961 CET	41428	13566	192.168.2.14	83.222.178.146
Jan 19, 2025 04:03:00.413774014 CET	13566	60060	83.222.214.87	192.168.2.14
Jan 19, 2025 04:03:00.413984060 CET	60060	13566	192.168.2.14	83.222.214.87
Jan 19, 2025 04:03:00.425909042 CET	60060	13566	192.168.2.14	83.222.214.87
Jan 19, 2025 04:03:00.427054882 CET	49472	13566	192.168.2.14	83.222.163.142
Jan 19, 2025 04:03:00.431169033 CET	13566	60060	83.222.214.87	192.168.2.14
Jan 19, 2025 04:03:00.431287050 CET	60060	13566	192.168.2.14	83.222.214.87
Jan 19, 2025 04:03:00.431329012 CET	38380	13566	192.168.2.14	83.222.136.120
Jan 19, 2025 04:03:00.431957006 CET	13566	49472	83.222.163.142	192.168.2.14
Jan 19, 2025 04:03:00.432087898 CET	49472	13566	192.168.2.14	83.222.163.142
Jan 19, 2025 04:03:00.436440945 CET	13566	38380	83.222.136.120	192.168.2.14
Jan 19, 2025 04:03:00.436494112 CET	38380	13566	192.168.2.14	83.222.136.120
Jan 19, 2025 04:03:00.440377951 CET	38380	13566	192.168.2.14	83.222.136.120
Jan 19, 2025 04:03:00.445589066 CET	13566	38380	83.222.136.120	192.168.2.14
Jan 19, 2025 04:03:00.445648909 CET	38380	13566	192.168.2.14	83.222.136.120
Jan 19, 2025 04:03:00.446686029 CET	47122	13566	192.168.2.14	83.222.47.247
Jan 19, 2025 04:03:00.448148012 CET	56942	13566	192.168.2.14	83.222.175.102
Jan 19, 2025 04:03:00.450071096 CET	57348	13566	192.168.2.14	83.222.202.34
Jan 19, 2025 04:03:00.451406002 CET	54690	13566	192.168.2.14	83.222.99.109
Jan 19, 2025 04:03:00.451500893 CET	13566	47122	83.222.47.247	192.168.2.14
Jan 19, 2025 04:03:00.451545000 CET	47122	13566	192.168.2.14	83.222.47.247
Jan 19, 2025 04:03:00.452872038 CET	52016	13566	192.168.2.14	83.222.102.23
Jan 19, 2025 04:03:00.453013897 CET	13566	56942	83.222.175.102	192.168.2.14
Jan 19, 2025 04:03:00.453057051 CET	56942	13566	192.168.2.14	83.222.175.102
Jan 19, 2025 04:03:00.454343081 CET	34708	13566	192.168.2.14	83.222.194.15
Jan 19, 2025 04:03:00.454911947 CET	13566	57348	83.222.202.34	192.168.2.14
Jan 19, 2025 04:03:00.455077887 CET	57348	13566	192.168.2.14	83.222.202.34
Jan 19, 2025 04:03:00.455765963 CET	33800	13566	192.168.2.14	83.222.216.231
Jan 19, 2025 04:03:00.456243992 CET	13566	54690	83.222.99.109	192.168.2.14
Jan 19, 2025 04:03:00.456295013 CET	54690	13566	192.168.2.14	83.222.99.109
Jan 19, 2025 04:03:00.457730055 CET	39636	13566	192.168.2.14	83.222.40.152
Jan 19, 2025 04:03:00.457745075 CET	13566	52016	83.222.102.23	192.168.2.14
Jan 19, 2025 04:03:00.457793951 CET	52016	13566	192.168.2.14	83.222.102.23
Jan 19, 2025 04:03:00.459021091 CET	60192	13566	192.168.2.14	83.222.30.6
Jan 19, 2025 04:03:00.459148884 CET	13566	34708	83.222.194.15	192.168.2.14
Jan 19, 2025 04:03:00.459311008 CET	34708	13566	192.168.2.14	83.222.194.15
Jan 19, 2025 04:03:00.460551023 CET	36280	13566	192.168.2.14	83.222.122.31
Jan 19, 2025 04:03:00.460566998 CET	13566	33800	83.222.216.231	192.168.2.14
Jan 19, 2025 04:03:00.460612059 CET	33800	13566	192.168.2.14	83.222.216.231
Jan 19, 2025 04:03:00.462500095 CET	57492	13566	192.168.2.14	83.222.46.158
Jan 19, 2025 04:03:00.462675095 CET	13566	39636	83.222.40.152	192.168.2.14
Jan 19, 2025 04:03:00.462829113 CET	39636	13566	192.168.2.14	83.222.40.152
Jan 19, 2025 04:03:00.463859081 CET	13566	60192	83.222.30.6	192.168.2.14
Jan 19, 2025 04:03:00.463902950 CET	60192	13566	192.168.2.14	83.222.30.6
Jan 19, 2025 04:03:00.464462042 CET	54980	13566	192.168.2.14	83.222.186.224
Jan 19, 2025 04:03:00.465394020 CET	13566	36280	83.222.122.31	192.168.2.14
Jan 19, 2025 04:03:00.465457916 CET	36280	13566	192.168.2.14	83.222.122.31
Jan 19, 2025 04:03:00.465929985 CET	38102	13566	192.168.2.14	83.222.48.144
Jan 19, 2025 04:03:00.467395067 CET	13566	57492	83.222.46.158	192.168.2.14
Jan 19, 2025 04:03:00.467439890 CET	57492	13566	192.168.2.14	83.222.46.158
Jan 19, 2025 04:03:00.467528105 CET	43204	13566	192.168.2.14	83.222.55.211
Jan 19, 2025 04:03:00.469243050 CET	34330	13566	192.168.2.14	83.222.30.191
Jan 19, 2025 04:03:00.469412088 CET	13566	54980	83.222.186.224	192.168.2.14
Jan 19, 2025 04:03:00.469573975 CET	54980	13566	192.168.2.14	83.222.186.224
Jan 19, 2025 04:03:00.470662117 CET	58958	13566	192.168.2.14	83.222.75.77
Jan 19, 2025 04:03:00.470829964 CET	13566	38102	83.222.48.144	192.168.2.14
Jan 19, 2025 04:03:00.470947981 CET	38102	13566	192.168.2.14	83.222.48.144
Jan 19, 2025 04:03:00.472141027 CET	44672	13566	192.168.2.14	83.222.183.251
Jan 19, 2025 04:03:00.472353935 CET	13566	43204	83.222.55.211	192.168.2.14
Jan 19, 2025 04:03:00.472395897 CET	43204	13566	192.168.2.14	83.222.55.211
Jan 19, 2025 04:03:00.473839045 CET	44524	13566	192.168.2.14	83.222.179.129
Jan 19, 2025 04:03:00.474112034 CET	13566	34330	83.222.30.191	192.168.2.14
Jan 19, 2025 04:03:00.474153042 CET	34330	13566	192.168.2.14	83.222.30.191
Jan 19, 2025 04:03:00.475522041 CET	13566	58958	83.222.75.77	192.168.2.14
Jan 19, 2025 04:03:00.475558043 CET	37166	13566	192.168.2.14	83.222.29.22
Jan 19, 2025 04:03:00.475569010 CET	58958	13566	192.168.2.14	83.222.75.77
Jan 19, 2025 04:03:00.476963043 CET	13566	44672	83.222.183.251	192.168.2.14
Jan 19, 2025 04:03:00.477009058 CET	44672	13566	192.168.2.14	83.222.183.251
Jan 19, 2025 04:03:00.477190971 CET	54354	13566	192.168.2.14	83.222.238.131
Jan 19, 2025 04:03:00.478665113 CET	13566	44524	83.222.179.129	192.168.2.14
Jan 19, 2025 04:03:00.478698969 CET	44524	13566	192.168.2.14	83.222.179.129
Jan 19, 2025 04:03:00.478919029 CET	33244	13566	192.168.2.14	83.222.46.177
Jan 19, 2025 04:03:00.480427027 CET	13566	37166	83.222.29.22	192.168.2.14
Jan 19, 2025 04:03:00.480473042 CET	37166	13566	192.168.2.14	83.222.29.22
Jan 19, 2025 04:03:00.480968952 CET	43838	13566	192.168.2.14	83.222.146.6
Jan 19, 2025 04:03:00.482032061 CET	13566	54354	83.222.238.131	192.168.2.14
Jan 19, 2025 04:03:00.482069016 CET	54354	13566	192.168.2.14	83.222.238.131
Jan 19, 2025 04:03:00.483707905 CET	13566	33244	83.222.46.177	192.168.2.14
Jan 19, 2025 04:03:00.483760118 CET	33244	13566	192.168.2.14	83.222.46.177
Jan 19, 2025 04:03:00.484381914 CET	38976	13566	192.168.2.14	83.222.152.187
Jan 19, 2025 04:03:00.485789061 CET	13566	43838	83.222.146.6	192.168.2.14
Jan 19, 2025 04:03:00.485841990 CET	43838	13566	192.168.2.14	83.222.146.6
Jan 19, 2025 04:03:00.486720085 CET	43882	13566	192.168.2.14	83.222.158.183
Jan 19, 2025 04:03:00.488631964 CET	33610	13566	192.168.2.14	83.222.193.25
Jan 19, 2025 04:03:00.489236116 CET	13566	38976	83.222.152.187	192.168.2.14
Jan 19, 2025 04:03:00.489283085 CET	38976	13566	192.168.2.14	83.222.152.187
Jan 19, 2025 04:03:00.490525961 CET	49612	13566	192.168.2.14	83.222.214.240
Jan 19, 2025 04:03:00.491547108 CET	13566	43882	83.222.158.183	192.168.2.14
Jan 19, 2025 04:03:00.491584063 CET	47066	13566	192.168.2.14	83.222.183.144
Jan 19, 2025 04:03:00.491668940 CET	43882	13566	192.168.2.14	83.222.158.183
Jan 19, 2025 04:03:00.492290974 CET	59182	13566	192.168.2.14	83.222.208.232
Jan 19, 2025 04:03:00.493042946 CET	43470	13566	192.168.2.14	83.222.32.8
Jan 19, 2025 04:03:00.493455887 CET	13566	33610	83.222.193.25	192.168.2.14
Jan 19, 2025 04:03:00.493499994 CET	33610	13566	192.168.2.14	83.222.193.25
Jan 19, 2025 04:03:00.493745089 CET	56816	13566	192.168.2.14	83.222.187.62
Jan 19, 2025 04:03:00.494551897 CET	53110	13566	192.168.2.14	83.222.199.7
Jan 19, 2025 04:03:00.495245934 CET	38874	13566	192.168.2.14	83.222.139.126
Jan 19, 2025 04:03:00.495472908 CET	13566	49612	83.222.214.240	192.168.2.14
Jan 19, 2025 04:03:00.495536089 CET	49612	13566	192.168.2.14	83.222.214.240
Jan 19, 2025 04:03:00.496022940 CET	50624	13566	192.168.2.14	83.222.2.62
Jan 19, 2025 04:03:00.496459961 CET	13566	47066	83.222.183.144	192.168.2.14
Jan 19, 2025 04:03:00.496511936 CET	47066	13566	192.168.2.14	83.222.183.144
Jan 19, 2025 04:03:00.496783018 CET	45444	13566	192.168.2.14	83.222.255.31
Jan 19, 2025 04:03:00.497133017 CET	13566	59182	83.222.208.232	192.168.2.14
Jan 19, 2025 04:03:00.497179985 CET	59182	13566	192.168.2.14	83.222.208.232
Jan 19, 2025 04:03:00.497462034 CET	38876	13566	192.168.2.14	83.222.85.238
Jan 19, 2025 04:03:00.497832060 CET	13566	43470	83.222.32.8	192.168.2.14
Jan 19, 2025 04:03:00.498028040 CET	43470	13566	192.168.2.14	83.222.32.8
Jan 19, 2025 04:03:00.498174906 CET	50098	13566	192.168.2.14	83.222.162.131
Jan 19, 2025 04:03:00.498512983 CET	13566	56816	83.222.187.62	192.168.2.14
Jan 19, 2025 04:03:00.498554945 CET	56816	13566	192.168.2.14	83.222.187.62
Jan 19, 2025 04:03:00.498884916 CET	39418	13566	192.168.2.14	83.222.159.53
Jan 19, 2025 04:03:00.499350071 CET	13566	53110	83.222.199.7	192.168.2.14
Jan 19, 2025 04:03:00.499424934 CET	53110	13566	192.168.2.14	83.222.199.7
Jan 19, 2025 04:03:00.499619007 CET	51014	13566	192.168.2.14	83.222.137.55
Jan 19, 2025 04:03:00.500032902 CET	13566	38874	83.222.139.126	192.168.2.14
Jan 19, 2025 04:03:00.500078917 CET	38874	13566	192.168.2.14	83.222.139.126
Jan 19, 2025 04:03:00.500327110 CET	38806	13566	192.168.2.14	83.222.240.39
Jan 19, 2025 04:03:00.500822067 CET	13566	50624	83.222.2.62	192.168.2.14
Jan 19, 2025 04:03:00.500891924 CET	50624	13566	192.168.2.14	83.222.2.62
Jan 19, 2025 04:03:00.501087904 CET	49324	13566	192.168.2.14	83.222.238.177
Jan 19, 2025 04:03:00.501737118 CET	13566	45444	83.222.255.31	192.168.2.14
Jan 19, 2025 04:03:00.501799107 CET	49580	13566	192.168.2.14	83.222.64.197
Jan 19, 2025 04:03:00.501914978 CET	45444	13566	192.168.2.14	83.222.255.31
Jan 19, 2025 04:03:00.502310038 CET	13566	38876	83.222.85.238	192.168.2.14
Jan 19, 2025 04:03:00.502353907 CET	38876	13566	192.168.2.14	83.222.85.238
Jan 19, 2025 04:03:00.502495050 CET	42320	13566	192.168.2.14	83.222.161.248
Jan 19, 2025 04:03:00.503042936 CET	13566	50098	83.222.162.131	192.168.2.14
Jan 19, 2025 04:03:00.503099918 CET	50098	13566	192.168.2.14	83.222.162.131
Jan 19, 2025 04:03:00.503232956 CET	40512	13566	192.168.2.14	83.222.85.114
Jan 19, 2025 04:03:00.503745079 CET	13566	39418	83.222.159.53	192.168.2.14
Jan 19, 2025 04:03:00.503794909 CET	39418	13566	192.168.2.14	83.222.159.53
Jan 19, 2025 04:03:00.503966093 CET	40050	13566	192.168.2.14	83.222.224.118
Jan 19, 2025 04:03:00.504492044 CET	13566	51014	83.222.137.55	192.168.2.14
Jan 19, 2025 04:03:00.504601002 CET	51014	13566	192.168.2.14	83.222.137.55
Jan 19, 2025 04:03:00.504700899 CET	42088	13566	192.168.2.14	83.222.122.155
Jan 19, 2025 04:03:00.505182981 CET	13566	38806	83.222.240.39	192.168.2.14
Jan 19, 2025 04:03:00.505259991 CET	38806	13566	192.168.2.14	83.222.240.39
Jan 19, 2025 04:03:00.505481005 CET	52278	13566	192.168.2.14	83.222.180.65
Jan 19, 2025 04:03:00.505877018 CET	13566	49324	83.222.238.177	192.168.2.14
Jan 19, 2025 04:03:00.505935907 CET	49324	13566	192.168.2.14	83.222.238.177
Jan 19, 2025 04:03:00.506194115 CET	45824	13566	192.168.2.14	83.222.162.64
Jan 19, 2025 04:03:00.506582975 CET	13566	49580	83.222.64.197	192.168.2.14
Jan 19, 2025 04:03:00.506640911 CET	49580	13566	192.168.2.14	83.222.64.197
Jan 19, 2025 04:03:00.506889105 CET	44392	13566	192.168.2.14	83.222.192.164
Jan 19, 2025 04:03:00.507397890 CET	13566	42320	83.222.161.248	192.168.2.14
Jan 19, 2025 04:03:00.507445097 CET	42320	13566	192.168.2.14	83.222.161.248
Jan 19, 2025 04:03:00.507605076 CET	44944	13566	192.168.2.14	83.222.126.191
Jan 19, 2025 04:03:00.508059978 CET	13566	40512	83.222.85.114	192.168.2.14
Jan 19, 2025 04:03:00.508142948 CET	40512	13566	192.168.2.14	83.222.85.114
Jan 19, 2025 04:03:00.508352041 CET	50910	13566	192.168.2.14	83.222.195.211
Jan 19, 2025 04:03:00.508740902 CET	13566	40050	83.222.224.118	192.168.2.14
Jan 19, 2025 04:03:00.508785009 CET	40050	13566	192.168.2.14	83.222.224.118
Jan 19, 2025 04:03:00.509071112 CET	42670	13566	192.168.2.14	83.222.173.102
Jan 19, 2025 04:03:00.509510994 CET	13566	42088	83.222.122.155	192.168.2.14
Jan 19, 2025 04:03:00.509557009 CET	42088	13566	192.168.2.14	83.222.122.155
Jan 19, 2025 04:03:00.509788036 CET	53668	13566	192.168.2.14	83.222.86.76
Jan 19, 2025 04:03:00.510319948 CET	13566	52278	83.222.180.65	192.168.2.14
Jan 19, 2025 04:03:00.510366917 CET	52278	13566	192.168.2.14	83.222.180.65
Jan 19, 2025 04:03:00.510494947 CET	33086	13566	192.168.2.14	83.222.155.223
Jan 19, 2025 04:03:00.511054039 CET	13566	45824	83.222.162.64	192.168.2.14
Jan 19, 2025 04:03:00.511172056 CET	45824	13566	192.168.2.14	83.222.162.64
Jan 19, 2025 04:03:00.511329889 CET	55598	13566	192.168.2.14	83.222.132.139
Jan 19, 2025 04:03:00.511734009 CET	13566	44392	83.222.192.164	192.168.2.14
Jan 19, 2025 04:03:00.511789083 CET	44392	13566	192.168.2.14	83.222.192.164
Jan 19, 2025 04:03:00.512098074 CET	33050	13566	192.168.2.14	83.222.7.114
Jan 19, 2025 04:03:00.512459040 CET	13566	44944	83.222.126.191	192.168.2.14
Jan 19, 2025 04:03:00.512509108 CET	44944	13566	192.168.2.14	83.222.126.191
Jan 19, 2025 04:03:00.512691021 CET	57520	13566	192.168.2.14	83.222.60.71
Jan 19, 2025 04:03:00.513220072 CET	13566	50910	83.222.195.211	192.168.2.14
Jan 19, 2025 04:03:00.513278008 CET	50910	13566	192.168.2.14	83.222.195.211
Jan 19, 2025 04:03:00.513397932 CET	37336	13566	192.168.2.14	83.222.55.222
Jan 19, 2025 04:03:00.513839960 CET	13566	42670	83.222.173.102	192.168.2.14
Jan 19, 2025 04:03:00.513909101 CET	42670	13566	192.168.2.14	83.222.173.102
Jan 19, 2025 04:03:00.514113903 CET	40370	13566	192.168.2.14	83.222.63.141
Jan 19, 2025 04:03:00.514606953 CET	13566	53668	83.222.86.76	192.168.2.14
Jan 19, 2025 04:03:00.514663935 CET	53668	13566	192.168.2.14	83.222.86.76
Jan 19, 2025 04:03:00.514872074 CET	59434	13566	192.168.2.14	83.222.80.31
Jan 19, 2025 04:03:00.515350103 CET	13566	33086	83.222.155.223	192.168.2.14
Jan 19, 2025 04:03:00.515388966 CET	33086	13566	192.168.2.14	83.222.155.223
Jan 19, 2025 04:03:00.515572071 CET	50822	13566	192.168.2.14	83.222.3.202
Jan 19, 2025 04:03:00.516237974 CET	13566	55598	83.222.132.139	192.168.2.14
Jan 19, 2025 04:03:00.516304970 CET	44574	13566	192.168.2.14	83.222.187.183
Jan 19, 2025 04:03:00.516397953 CET	55598	13566	192.168.2.14	83.222.132.139
Jan 19, 2025 04:03:00.516987085 CET	13566	33050	83.222.7.114	192.168.2.14
Jan 19, 2025 04:03:00.517004967 CET	59160	13566	192.168.2.14	83.222.11.93
Jan 19, 2025 04:03:00.517050028 CET	33050	13566	192.168.2.14	83.222.7.114
Jan 19, 2025 04:03:00.517546892 CET	13566	57520	83.222.60.71	192.168.2.14
Jan 19, 2025 04:03:00.517604113 CET	57520	13566	192.168.2.14	83.222.60.71
Jan 19, 2025 04:03:00.517704010 CET	40294	13566	192.168.2.14	83.222.247.203
Jan 19, 2025 04:03:00.518220901 CET	13566	37336	83.222.55.222	192.168.2.14
Jan 19, 2025 04:03:00.518296957 CET	37336	13566	192.168.2.14	83.222.55.222
Jan 19, 2025 04:03:00.518395901 CET	48474	13566	192.168.2.14	83.222.2.118
Jan 19, 2025 04:03:00.518913031 CET	13566	40370	83.222.63.141	192.168.2.14
Jan 19, 2025 04:03:00.518959045 CET	40370	13566	192.168.2.14	83.222.63.141
Jan 19, 2025 04:03:00.519103050 CET	59546	13566	192.168.2.14	83.222.139.197
Jan 19, 2025 04:03:00.519649982 CET	13566	59434	83.222.80.31	192.168.2.14
Jan 19, 2025 04:03:00.519704103 CET	59434	13566	192.168.2.14	83.222.80.31
Jan 19, 2025 04:03:00.519824028 CET	55694	13566	192.168.2.14	83.222.73.56
Jan 19, 2025 04:03:00.520396948 CET	13566	50822	83.222.3.202	192.168.2.14
Jan 19, 2025 04:03:00.520445108 CET	50822	13566	192.168.2.14	83.222.3.202
Jan 19, 2025 04:03:00.520529032 CET	60402	13566	192.168.2.14	83.222.43.160
Jan 19, 2025 04:03:00.521147966 CET	13566	44574	83.222.187.183	192.168.2.14
Jan 19, 2025 04:03:00.521194935 CET	44574	13566	192.168.2.14	83.222.187.183
Jan 19, 2025 04:03:00.521339893 CET	49672	13566	192.168.2.14	83.222.133.198
Jan 19, 2025 04:03:00.521832943 CET	13566	59160	83.222.11.93	192.168.2.14
Jan 19, 2025 04:03:00.521876097 CET	59160	13566	192.168.2.14	83.222.11.93
Jan 19, 2025 04:03:00.521969080 CET	38996	13566	192.168.2.14	83.222.127.9
Jan 19, 2025 04:03:00.522505999 CET	13566	40294	83.222.247.203	192.168.2.14
Jan 19, 2025 04:03:00.522552013 CET	40294	13566	192.168.2.14	83.222.247.203
Jan 19, 2025 04:03:00.522722960 CET	45472	13566	192.168.2.14	83.222.81.134
Jan 19, 2025 04:03:00.523240089 CET	13566	48474	83.222.2.118	192.168.2.14
Jan 19, 2025 04:03:00.523315907 CET	48474	13566	192.168.2.14	83.222.2.118
Jan 19, 2025 04:03:00.523417950 CET	54476	13566	192.168.2.14	83.222.123.142
Jan 19, 2025 04:03:00.523911953 CET	13566	59546	83.222.139.197	192.168.2.14
Jan 19, 2025 04:03:00.523960114 CET	59546	13566	192.168.2.14	83.222.139.197
Jan 19, 2025 04:03:00.524108887 CET	39862	13566	192.168.2.14	83.222.206.179
Jan 19, 2025 04:03:00.524594069 CET	13566	55694	83.222.73.56	192.168.2.14
Jan 19, 2025 04:03:00.524714947 CET	55694	13566	192.168.2.14	83.222.73.56
Jan 19, 2025 04:03:00.524871111 CET	38446	13566	192.168.2.14	83.222.108.13
Jan 19, 2025 04:03:00.525398970 CET	13566	60402	83.222.43.160	192.168.2.14
Jan 19, 2025 04:03:00.526248932 CET	60402	13566	192.168.2.14	83.222.43.160
Jan 19, 2025 04:03:00.526262045 CET	13566	49672	83.222.133.198	192.168.2.14
Jan 19, 2025 04:03:00.526335955 CET	49672	13566	192.168.2.14	83.222.133.198
Jan 19, 2025 04:03:00.526809931 CET	13566	38996	83.222.127.9	192.168.2.14
Jan 19, 2025 04:03:00.526858091 CET	38996	13566	192.168.2.14	83.222.127.9
Jan 19, 2025 04:03:00.527587891 CET	13566	45472	83.222.81.134	192.168.2.14
Jan 19, 2025 04:03:00.527652025 CET	45472	13566	192.168.2.14	83.222.81.134
Jan 19, 2025 04:03:00.528234959 CET	13566	54476	83.222.123.142	192.168.2.14
Jan 19, 2025 04:03:00.528321981 CET	54476	13566	192.168.2.14	83.222.123.142
Jan 19, 2025 04:03:00.528966904 CET	13566	39862	83.222.206.179	192.168.2.14
Jan 19, 2025 04:03:00.529015064 CET	39862	13566	192.168.2.14	83.222.206.179
Jan 19, 2025 04:03:00.529717922 CET	13566	38446	83.222.108.13	192.168.2.14
Jan 19, 2025 04:03:00.529772997 CET	38446	13566	192.168.2.14	83.222.108.13
Jan 19, 2025 04:03:00.537703991 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:03:00.542570114 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:03:00.542728901 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:03:00.544454098 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:03:00.549448013 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:03:00.549577951 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:03:00.554650068 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:03:10.554613113 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:03:10.559740067 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:03:10.766478062 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:03:10.767244101 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:03:11.113066912 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:03:11.113254070 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:04:11.171952963 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:04:11.177000046 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:04:11.365968943 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:04:11.366199970 CET	56538	13566	192.168.2.14	83.222.191.90
Jan 19, 2025 04:04:12.114937067 CET	13566	56538	83.222.191.90	192.168.2.14
Jan 19, 2025 04:04:12.115395069 CET	56538	13566	192.168.2.14	83.222.191.90

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 19, 2025 04:03:00.527098894 CET	49913	53	192.168.2.14	8.8.8.8
Jan 19, 2025 04:03:00.536047935 CET	53	49913	8.8.8.8	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 19, 2025 04:03:00.527098894 CET	192.168.2.14	8.8.8.8	0x49de	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 19, 2025 04:03:00.536047935 CET	8.8.8.8	192.168.2.14	0x49de	No error (0)	secure-network-rebirthltd.ru		83.222.191.90	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: loki.arm5.elf PID: 5496, Parent PID: 5415

General

Start time (UTC):	03:02:58
Start date (UTC):	19/01/2025
Path:	/tmp/loki.arm5.elf
Arguments:	/tmp/loki.arm5.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

File Activities

File Opened

File Read

File Moved

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: loki.arm5.elf PID: 5498, Parent PID: 5496

General

Start time (UTC):	03:02:58
Start date (UTC):	19/01/2025
Path:	/tmp/loki.arm5.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Thread Sleep

Chronological Activities

Analysis Process: loki.arm5.elf PID: 5500, Parent PID: 5496

General

Start time (UTC):	03:02:58
Start date (UTC):	19/01/2025
Path:	/tmp/loki.arm5.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report loki.arm5.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: loki.arm5.elf PID: 5496, Parent PID: 5415

General

File Activities

File Opened

File Read

File Moved

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: loki.arm5.elf PID: 5498, Parent PID: 5496

General

File Activities

File Opened

File Read

Process Activities

Linux Analysis Report
loki.arm5.elf