Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:na.elf
Analysis ID:1616917
MD5:165f9c011ff7cc83315b9c0a2e4ff1d5
SHA1:810be7662716f81a84d8ce771b09812b594382f6
SHA256:8b2a2c95224cb7ddf7e91c5afa16b5c2acf4623908a68601bcad493679ceb18b
Tags:elfuser-abuse_ch
Infos:

Detection

Score:72
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Performs DNS TXT record lookups
Sample reads /proc/mounts (often used for finding a writable filesystem)
Uses STUN server to do NAT traversial
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1616917
Start date and time:2025-02-17 10:57:15 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 0s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:na.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/0@4/0
  • VT rate limit hit for: lib.libre
Command:/tmp/na.elf
PID:5437
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life
Standard Error:
  • system is lnxubuntu20
  • na.elf (PID: 5437, Parent: 5360, MD5: 165f9c011ff7cc83315b9c0a2e4ff1d5) Arguments: /tmp/na.elf
    • na.elf New Fork (PID: 5441, Parent: 5437)
    • na.elf New Fork (PID: 5442, Parent: 5437)
    • na.elf New Fork (PID: 5464, Parent: 5437)
  • cleanup
SourceRuleDescriptionAuthorStrings
na.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0xb2ac:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
na.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0xba9b:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
na.elfLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x7dd6:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x7f38:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
na.elfLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0xe08a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
na.elfLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0xb65b:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 2 entries
SourceRuleDescriptionAuthorStrings
5437.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0xb2ac:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5437.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0xba9b:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5437.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x7dd6:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x7f38:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5437.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0xe08a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5437.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0xb65b:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 2 entries
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: na.elfReversingLabs: Detection: 21%

Networking

barindex
Source: global trafficTCP traffic: 64.23.188.144 ports 0,1,2,8,9,10298
Source: unknownDNS query: name: stun.l.google.com
Source: global trafficTCP traffic: 192.168.2.13:52778 -> 64.23.188.144:10298
Source: global trafficUDP traffic: 192.168.2.13:54689 -> 74.125.250.129:19302
Source: /tmp/na.elf (PID: 5437)Socket: 127.0.0.1:43478Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownUDP traffic detected without corresponding DNS query: 162.243.19.47
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: lib.libre
Source: global trafficDNS traffic detected: DNS query: stun.l.google.com
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

barindex
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
Source: ELF static info symbol of initial sample.symtab present: no
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5437.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
Source: classification engineClassification label: mal72.troj.evad.linELF@0/0@4/0

Persistence and Installation Behavior

barindex
Source: /tmp/na.elf (PID: 5437)File: /proc/5437/mountsJump to behavior
Source: /tmp/na.elf (PID: 5441)File: /proc/5441/mountsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5420/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5420/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5420/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5421/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5421/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5421/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3122/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3122/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3122/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3117/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3117/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3117/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3114/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3114/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3114/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/914/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/914/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/914/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/917/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/917/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/917/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5277/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5277/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5277/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3134/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3134/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3134/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3375/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3375/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3375/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3132/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3132/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3132/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3095/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3095/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3095/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1745/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1745/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1745/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1866/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1866/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1866/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1588/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1588/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/884/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/884/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/884/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1982/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1982/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1982/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/765/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/765/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/765/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3246/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3246/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3246/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/800/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/800/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/767/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/767/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/767/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3641/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3641/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3641/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1906/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1906/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1906/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/802/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/802/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/803/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/803/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1748/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1748/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1748/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/5442/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3420/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3420/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3420/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1482/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1482/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1482/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/490/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/490/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1480/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1480/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1480/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1755/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1755/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1755/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1875/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1875/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/1875/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/2964/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/2964/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/2964/cmdlineJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3413/mapsJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3413/statusJump to behavior
Source: /tmp/na.elf (PID: 5441)File opened: /proc/3413/cmdlineJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: lib.libre
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
1
File and Directory Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1616917 Sample: na.elf Startdate: 17/02/2025 Architecture: LINUX Score: 72 17 lib.libre 2->17 19 stun.l.google.com 2->19 21 3 other IPs or domains 2->21 23 Malicious sample detected (through community Yara rule) 2->23 25 Multi AV Scanner detection for submitted file 2->25 27 Connects to many ports of the same IP (likely port scanning) 2->27 7 na.elf 2->7         started        signatures3 29 Performs DNS TXT record lookups 17->29 31 Uses STUN server to do NAT traversial 19->31 process4 signatures5 33 Sample reads /proc/mounts (often used for finding a writable filesystem) 7->33 10 na.elf 7->10         started        13 na.elf 7->13         started        15 na.elf 7->15         started        process6 signatures7 35 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->35

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
na.elf22%ReversingLabsLinux.Backdoor.Gafgyt
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.24
truefalse
    high
    stun.l.google.com
    74.125.250.129
    truefalse
      high
      lib.libre
      unknown
      unknowntrue
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        64.23.188.144
        unknownUnited States
        3064AFFINITY-FTLUStrue
        74.125.250.129
        stun.l.google.comUnited States
        15169GOOGLEUSfalse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        64.23.188.144i686.elfGet hashmaliciousUnknownBrowse
          na.elfGet hashmaliciousUnknownBrowse
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            daisy.ubuntu.comsh4.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.24
            na.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.24
            arm.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.24
            armv5l.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.25
            arm5.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.24
            i686.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.25
            i-5.8-6.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.25
            a-r.m-6.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.24
            a-r.m-4.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.25
            m-6.8-k.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.25
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            AFFINITY-FTLUSi686.elfGet hashmaliciousUnknownBrowse
            • 64.23.188.144
            na.elfGet hashmaliciousUnknownBrowse
            • 64.23.188.144
            arm7.elfGet hashmaliciousMirai, MoobotBrowse
            • 207.36.98.138
            arm7.elfGet hashmaliciousMirai, MoobotBrowse
            • 64.159.94.16
            https://gffd-5ru.pages.dev/?email=nobody@wp.pl&mail=wp.plGet hashmaliciousHTMLPhisherBrowse
            • 66.113.135.6
            sh4.elfGet hashmaliciousMirai, MoobotBrowse
            • 66.232.157.134
            telnet.x86.elfGet hashmaliciousUnknownBrowse
            • 216.219.155.110
            powerpc.elfGet hashmaliciousUnknownBrowse
            • 207.234.192.3
            3.elfGet hashmaliciousUnknownBrowse
            • 64.157.90.120
            https://eldivan.mx/?data=c2dlcmplc0BmaXJzdGFyLWJhbmsuY29tGet hashmaliciousHTMLPhisherBrowse
            • 64.23.136.73
            No context
            No context
            No created / dropped files found
            File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
            Entropy (8bit):6.269628637721311
            TrID:
            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
            File name:na.elf
            File size:71'712 bytes
            MD5:165f9c011ff7cc83315b9c0a2e4ff1d5
            SHA1:810be7662716f81a84d8ce771b09812b594382f6
            SHA256:8b2a2c95224cb7ddf7e91c5afa16b5c2acf4623908a68601bcad493679ceb18b
            SHA512:109fc0c53f66b1e007aa0ad5baff9e66c61915ee83d4ff50593ba86fc15965f401e23225be8caa6e8cc77fe2340f162fa4f2881d8986b64f541a6f9a945f4dab
            SSDEEP:1536:L4IwaYm7H0VuCryiU/wrmzTlaRabyqkiUIOlK9ov1:LeaYm7HqNyihrMERadkiU9K9ov1
            TLSH:EF636B176880C0FDC4AAD6714B6EA62BD737B07D1239B1592BD9BD2B7E5FD201F1A200
            File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@...............................................Q.......Q.....`........o..............Q.td....................................................H...._........H........

            ELF header

            Class:ELF64
            Data:2's complement, little endian
            Version:1 (current)
            Machine:Advanced Micro Devices X86-64
            Version Number:0x1
            Type:EXEC (Executable file)
            OS/ABI:UNIX - System V
            ABI Version:0
            Entry Point Address:0x400194
            Flags:0x0
            ELF Header Size:64
            Program Header Offset:64
            Program Header Size:56
            Number of Program Headers:3
            Section Header Offset:71072
            Section Header Size:64
            Number of Section Headers:10
            Header String Table Index:9
            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
            NULL0x00x00x00x00x0000
            .initPROGBITS0x4000e80xe80x130x00x6AX001
            .textPROGBITS0x4001000x1000xe4060x00x6AX0016
            .finiPROGBITS0x40e5060xe5060xe0x00x6AX001
            .rodataPROGBITS0x40e5200xe5200x27d00x00x2A0032
            .ctorsPROGBITS0x5110000x110000x100x00x3WA008
            .dtorsPROGBITS0x5110100x110100x100x00x3WA008
            .dataPROGBITS0x5110400x110400x5200x00x3WA0032
            .bssNOBITS0x5115600x115600x6a880x00x3WA0032
            .shstrtabSTRTAB0x00x115600x3e0x00x0001
            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
            LOAD0x00x4000000x4000000x10cf00x10cf06.39150x5R E0x100000.init .text .fini .rodata
            LOAD0x110000x5110000x5110000x5600x6fe82.35140x6RW 0x100000.ctors .dtors .data .bss
            GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

            Download Network PCAP: filteredfull

            • Total Packets: 39
            • 19302 undefined
            • 10298 undefined
            • 53 (DNS)
            TimestampSource PortDest PortSource IPDest IP
            Feb 17, 2025 10:58:04.715455055 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:04.721726894 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:04.722016096 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:05.276698112 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:05.277082920 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:05.363409996 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:05.363511086 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:09.637425900 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:09.642271042 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:19.647489071 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:19.652399063 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:19.652465105 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:19.657820940 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:33.251982927 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:33.256920099 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:33.256968975 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:33.261805058 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:46.526992083 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:46.527065992 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:56.537156105 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:56.541992903 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:58:56.542046070 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:58:56.546822071 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:59:11.075551987 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:59:11.082266092 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:59:11.082344055 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:59:11.088819981 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:59:25.165926933 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:59:25.170857906 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:59:25.170919895 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:59:25.175753117 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:59:39.041024923 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:59:39.046139002 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:59:39.046221018 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 10:59:39.051506042 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:59:52.549364090 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 10:59:52.549438000 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:02.556231022 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:02.561389923 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:02.561475992 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:02.566333055 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:16.255815983 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:16.260674000 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:16.260730028 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:16.266261101 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:31.264338970 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:31.269490004 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:31.269567013 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:31.274468899 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:45.616314888 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:45.623044968 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:45.623099089 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:45.628266096 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:59.616339922 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:59.621546984 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:00:59.621682882 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:00:59.626588106 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:01:06.569900990 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:01:06.569977045 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:01:16.580174923 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:01:16.709111929 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:01:16.709242105 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:01:16.714040041 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:01:29.148597956 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:01:29.153675079 CET102985277864.23.188.144192.168.2.13
            Feb 17, 2025 11:01:29.153768063 CET5277810298192.168.2.1364.23.188.144
            Feb 17, 2025 11:01:29.158601999 CET102985277864.23.188.144192.168.2.13
            TimestampSource PortDest PortSource IPDest IP
            Feb 17, 2025 10:58:04.625294924 CET3483053192.168.2.13162.243.19.47
            Feb 17, 2025 10:58:04.711393118 CET5334830162.243.19.47192.168.2.13
            Feb 17, 2025 10:58:05.725697041 CET5564153192.168.2.138.8.8.8
            Feb 17, 2025 10:58:05.735340118 CET53556418.8.8.8192.168.2.13
            Feb 17, 2025 10:58:05.735445976 CET5468919302192.168.2.1374.125.250.129
            Feb 17, 2025 10:58:06.195111036 CET193025468974.125.250.129192.168.2.13
            Feb 17, 2025 11:00:47.306750059 CET3504553192.168.2.131.1.1.1
            Feb 17, 2025 11:00:47.306794882 CET4680153192.168.2.131.1.1.1
            Feb 17, 2025 11:00:47.314429045 CET53350451.1.1.1192.168.2.13
            Feb 17, 2025 11:00:47.314532995 CET53468011.1.1.1192.168.2.13
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Feb 17, 2025 10:58:04.625294924 CET192.168.2.13162.243.19.470xf7f9Standard query (0)lib.libre16IN (0x0001)false
            Feb 17, 2025 10:58:05.725697041 CET192.168.2.138.8.8.80x9068Standard query (0)stun.l.google.comA (IP address)IN (0x0001)false
            Feb 17, 2025 11:00:47.306750059 CET192.168.2.131.1.1.10x353Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
            Feb 17, 2025 11:00:47.306794882 CET192.168.2.131.1.1.10x4489Standard query (0)daisy.ubuntu.com28IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Feb 17, 2025 10:58:04.711393118 CET162.243.19.47192.168.2.130xf7f9No error (0)lib.libreTXT (Text strings)IN (0x0001)false
            Feb 17, 2025 10:58:05.735340118 CET8.8.8.8192.168.2.130x9068No error (0)stun.l.google.com74.125.250.129A (IP address)IN (0x0001)false
            Feb 17, 2025 11:00:47.314429045 CET1.1.1.1192.168.2.130x353No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
            Feb 17, 2025 11:00:47.314429045 CET1.1.1.1192.168.2.130x353No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

            System Behavior

            Start time (UTC):09:58:02
            Start date (UTC):17/02/2025
            Path:/tmp/na.elf
            Arguments:/tmp/na.elf
            File size:71712 bytes
            MD5 hash:165f9c011ff7cc83315b9c0a2e4ff1d5

            Start time (UTC):09:58:03
            Start date (UTC):17/02/2025
            Path:/tmp/na.elf
            Arguments:-
            File size:71712 bytes
            MD5 hash:165f9c011ff7cc83315b9c0a2e4ff1d5

            Start time (UTC):09:58:03
            Start date (UTC):17/02/2025
            Path:/tmp/na.elf
            Arguments:-
            File size:71712 bytes
            MD5 hash:165f9c011ff7cc83315b9c0a2e4ff1d5

            Start time (UTC):09:58:03
            Start date (UTC):17/02/2025
            Path:/tmp/na.elf
            Arguments:-
            File size:71712 bytes
            MD5 hash:165f9c011ff7cc83315b9c0a2e4ff1d5