Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.arm7.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.arm7.elf
Analysis ID:1617283
MD5:2fdb4bd0b099468192f93fab4abf7c29
SHA1:0adb023b82f3249ec9d96115fa8b4b532e56bb20
SHA256:39d979395c6cdfd163bd48e070a244d253456b2fec07e8b05e55bbfa4a4ea1b7
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:68
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1617283
Start date and time:2025-02-17 17:27:30 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.arm7.elf
Detection:MAL
Classification:mal68.troj.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
PID:5528
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5530.1.00007fb640017000.00007fb64002f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    5530.1.00007fb640017000.00007fb64002f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x1542c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15440:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15454:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15468:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1547c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15490:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15508:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1551c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15530:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15544:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15558:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1556c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15580:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15594:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x155a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x155bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5538.1.00007fb640017000.00007fb64002f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5538.1.00007fb640017000.00007fb64002f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x1542c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15440:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15454:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15468:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1547c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15490:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15508:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1551c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15530:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15544:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15558:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1556c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15580:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15594:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x155a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x155bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5528.1.00007fb640017000.00007fb64002f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        Click to see the 11 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        • AV Detection
        • Networking
        • System Summary
        • Data Obfuscation
        • Persistence and Installation Behavior
        • Hooking and other Techniques for Hiding and Protection
        • Malware Analysis System Evasion
        • Stealing of Sensitive Information
        • Remote Access Functionality

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elfVirustotal: Detection: 40%Perma Link
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elfReversingLabs: Detection: 36%
        Source: global trafficTCP traffic: 192.168.2.15:60482 -> 61.7.209.115:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: unknownTCP traffic detected without corresponding DNS query: 61.7.209.115
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elfString found in binary or memory: http://upx.sf.net

        System Summary

        barindex
        Source: 5530.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5538.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5528.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5532.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5530, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5532, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5538, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: LOAD without section mappingsProgram segment: 0x8000
        Source: 5530.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5538.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5528.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5532.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5530, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5532, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5538, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: classification engineClassification label: mal68.troj.evad.linELF@0/0@0/0

        Data Obfuscation

        barindex
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/3881/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/110/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/231/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/111/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/112/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/233/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/113/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/114/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/235/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/115/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1333/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/116/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1695/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/117/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/118/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/119/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/911/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/914/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/10/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/917/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/11/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/12/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/13/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/14/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/15/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/16/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/17/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/18/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/19/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1591/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/120/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/121/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/122/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/243/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/2/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/123/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/3/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/124/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1588/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/125/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/4/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/246/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/126/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/5/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/127/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/6/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1585/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/128/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/7/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/129/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/8/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/800/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/9/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/802/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/803/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/804/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/20/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/21/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/3407/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/22/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/23/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/24/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/25/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/26/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/27/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/28/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/29/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1484/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/490/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/250/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/130/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/251/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/131/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/132/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/133/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1479/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/378/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/258/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/259/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/931/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1595/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/812/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/933/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/30/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/3419/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/35/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/3310/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/260/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/261/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/262/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/142/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/263/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/264/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/265/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/145/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/266/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/267/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/268/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/3303/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/269/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1486/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/1806/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/5185/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)File opened: /proc/3440/statusJump to behavior
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elfSubmission file: segment LOAD with 7.9737 entropy (max. 8.0)
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5528)Queries kernel information via 'uname': Jump to behavior
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elf, 5528.1.00007ffd17fa3000.00007ffd17fc4000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5530.1.00007ffd17fa3000.00007ffd17fc4000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5532.1.00007ffd17fa3000.00007ffd17fc4000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5538.1.00007ffd17fa3000.00007ffd17fc4000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elf, 5528.1.000055a6576b8000.000055a657907000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5530.1.000055a6576b8000.000055a6578e6000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5532.1.000055a6576b8000.000055a6578e6000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5538.1.000055a6576b8000.000055a657907000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elf, 5528.1.000055a6576b8000.000055a657907000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5530.1.000055a6576b8000.000055a6578e6000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5532.1.000055a6576b8000.000055a6578e6000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5538.1.000055a6576b8000.000055a657907000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elf, 5528.1.00007ffd17fa3000.00007ffd17fc4000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5530.1.00007ffd17fa3000.00007ffd17fc4000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5532.1.00007ffd17fa3000.00007ffd17fc4000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5538.1.00007ffd17fa3000.00007ffd17fc4000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 5530.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5538.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5528.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5532.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5528, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5530, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5532, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5538, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 5530.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5538.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5528.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5532.1.00007fb640017000.00007fb64002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5528, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5530, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5532, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5538, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
        Obfuscated Files or Information        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network MediumAbuse Accessibility Features

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1617283 Sample: ub8ehJSePAfc9FYqZIT6.arm7.elf Startdate: 17/02/2025 Architecture: LINUX Score: 68 20 61.7.209.115, 3778, 60482, 60484 CAT-APTheCommunicationAuthoityofThailandCATTH Thailand 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Yara detected Mirai 2->26 28 Sample is packed with UPX 2->28 8 ub8ehJSePAfc9FYqZIT6.arm7.elf 2->8         started        signatures3 process4 process5 10 ub8ehJSePAfc9FYqZIT6.arm7.elf 8->10         started        12 ub8ehJSePAfc9FYqZIT6.arm7.elf 8->12         started        14 ub8ehJSePAfc9FYqZIT6.arm7.elf 8->14         started        process6 16 ub8ehJSePAfc9FYqZIT6.arm7.elf 10->16         started        18 ub8ehJSePAfc9FYqZIT6.arm7.elf 10->18         started       

        Screenshots

        Download Video

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        ub8ehJSePAfc9FYqZIT6.arm7.elf40%VirustotalBrowse
        ub8ehJSePAfc9FYqZIT6.arm7.elf36%ReversingLabsLinux.Trojan.Mirai

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Download Network PCAP: filteredfull

        Contacted Domains

        No contacted domains info
        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.netub8ehJSePAfc9FYqZIT6.arm7.elffalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          61.7.209.115
          		unknownThailand
          		9931CAT-APTheCommunicationAuthoityofThailandCATTHfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          61.7.209.115ub8ehJSePAfc9FYqZIT6.ppc.elfGet hashmaliciousUnknownBrowse
            ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
              ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
                  ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    CAT-APTheCommunicationAuthoityofThailandCATTHub8ehJSePAfc9FYqZIT6.ppc.elfGet hashmaliciousUnknownBrowse
                    • 61.7.209.115
                    ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
                    • 61.7.209.115
                    ub8ehJSePAfc9FYqZIT6.sh4.elfGet hashmaliciousUnknownBrowse
                    • 61.7.209.115
                    ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
                    • 61.7.209.115
                    ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                    • 61.7.209.115
                    mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                    • 122.155.121.49
                    .Sarm5.elfGet hashmaliciousMiraiBrowse
                    • 61.19.165.82
                    https://storage.thaicarecloud.org/Package4273221/step1.php?id=98204537Get hashmaliciousUnknownBrowse
                    • 61.19.254.8
                    m68k.elfGet hashmaliciousUnknownBrowse
                    • 122.155.121.43
                    3.elfGet hashmaliciousUnknownBrowse
                    • 122.155.39.113

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
                    Entropy (8bit):7.984205774366318
                    TrID:
                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                    File name:ub8ehJSePAfc9FYqZIT6.arm7.elf
                    File size:61'844 bytes
                    MD5:2fdb4bd0b099468192f93fab4abf7c29
                    SHA1:0adb023b82f3249ec9d96115fa8b4b532e56bb20
                    SHA256:39d979395c6cdfd163bd48e070a244d253456b2fec07e8b05e55bbfa4a4ea1b7
                    SHA512:40863fb7cada392618e3c3e75c3cd6aa080eb1ffb8fc328bcc3fcb6bca22217a500c1d3fbbf4955bcab7377fded6d98b3121f548e38ed7e145895f02b28b3ef5
                    SSDEEP:1536:CVQSmwtMJXmejtqLTM5Tfv83KJ2crl2EWc:CVywt8XZoLgTX83KHl2EWc
                    TLSH:4B5301E26080E5F3D75903BB65A4D807FB5617BC75DA30AA267D820CA1D3D483CD7AC2
                    File Content Preview:.ELF..............(.........4...........4. ...(.....................m...m................6...6...6..................Q.td...............................OUPX!.........n...n......j..........?.E.h;....#..$...o....P.G.o.....X.*.V......f..T.qh...4.8........8.|i

                    Static ELF Info

                    ELF header

                    Class:ELF32
                    Data:2's complement, little endian
                    Version:1 (current)
                    Machine:ARM
                    Version Number:0x1
                    Type:EXEC (Executable file)
                    OS/ABI:UNIX - Linux
                    ABI Version:0
                    Entry Point Address:0x11c80
                    Flags:0x4000002
                    ELF Header Size:52
                    Program Header Offset:52
                    Program Header Size:32
                    Number of Program Headers:3
                    Section Header Offset:0
                    Section Header Size:40
                    Number of Section Headers:0
                    Header String Table Index:0

                    Program Segments

                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                    LOAD0x00x80000x80000xae6d0xae6d7.97370x5R E0x8000
                    LOAD0x36c80x236c80x236c80x00x00.00000x6RW 0x8000
                    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                    Network Behavior

                    Download Network PCAP: filteredfull

                    TimestampSource PortDest PortSource IPDest IP
                    Feb 17, 2025 17:28:12.875107050 CET604823778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:12.880184889 CET37786048261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:12.880239010 CET604823778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:12.881525993 CET604823778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:12.887106895 CET37786048261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:12.887254000 CET604823778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:12.892632961 CET37786048261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:13.859204054 CET37786048261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:13.859687090 CET604823778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:13.859687090 CET604823778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:13.860475063 CET604843778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:13.866053104 CET37786048461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:13.866209984 CET604843778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:13.867099047 CET604843778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:13.871917963 CET37786048461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:13.872018099 CET604843778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:13.876857042 CET37786048461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:14.843597889 CET37786048461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:14.843734026 CET604843778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:14.843755960 CET604843778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:14.844265938 CET604863778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:14.849153996 CET37786048661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:14.849225044 CET604863778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:14.850099087 CET604863778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:14.854890108 CET37786048661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:14.854950905 CET604863778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:14.860498905 CET37786048661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:15.831414938 CET37786048661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:15.831686974 CET604863778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:15.831686974 CET604863778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:15.832501888 CET604883778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:15.837497950 CET37786048861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:15.837578058 CET604883778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:15.838584900 CET604883778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:15.843919992 CET37786048861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:15.843996048 CET604883778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:15.848826885 CET37786048861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:16.829021931 CET37786048861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:16.829222918 CET604883778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:16.829274893 CET604883778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:16.830487013 CET604903778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:16.835340977 CET37786049061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:16.835423946 CET604903778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:16.837248087 CET604903778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:16.842065096 CET37786049061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:16.842129946 CET604903778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:16.846963882 CET37786049061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:17.823992014 CET37786049061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:17.824218035 CET604903778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:17.824273109 CET604903778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:17.825105906 CET604923778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:17.829885960 CET37786049261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:17.829994917 CET604923778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:17.831330061 CET604923778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:17.836218119 CET37786049261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:17.836447954 CET604923778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:17.841238976 CET37786049261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:18.601439953 CET604943778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.606719017 CET37786049461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:18.607038021 CET604943778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.750231981 CET604943778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.755096912 CET37786049461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:18.755162001 CET604943778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.760029078 CET37786049461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:18.814292908 CET37786049261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:18.814390898 CET604923778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.814920902 CET604923778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.836246967 CET604963778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.841140985 CET37786049661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:18.841253996 CET604963778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.851097107 CET604963778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.856162071 CET37786049661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:18.856287003 CET604963778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:18.861205101 CET37786049661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:19.573019981 CET37786049461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:19.573373079 CET604943778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.573582888 CET604943778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.574392080 CET604983778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.579284906 CET37786049861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:19.579466105 CET604983778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.581573963 CET604983778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.587784052 CET37786049861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:19.587965012 CET604983778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.592751980 CET37786049861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:19.823662996 CET37786049661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:19.824033976 CET604963778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.824033976 CET604963778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.825221062 CET605003778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.830226898 CET37786050061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:19.830328941 CET605003778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.831670046 CET605003778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.836486101 CET37786050061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:19.836580992 CET605003778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:19.841378927 CET37786050061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:20.549504995 CET37786049861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:20.549815893 CET604983778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.549815893 CET604983778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.550416946 CET605023778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.556782961 CET37786050261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:20.556894064 CET605023778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.557923079 CET605023778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.562727928 CET37786050261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:20.562884092 CET605023778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.567886114 CET37786050261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:20.839490891 CET37786050061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:20.839603901 CET605003778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.839679003 CET605003778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.840389967 CET605043778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.845556974 CET37786050461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:20.845784903 CET605043778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.847462893 CET605043778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.852741003 CET37786050461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:20.852790117 CET605043778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:20.858026981 CET37786050461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:21.542098045 CET37786050261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:21.542212009 CET605023778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.542273045 CET605023778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.543055058 CET605063778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.548149109 CET37786050661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:21.548224926 CET605063778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.549169064 CET605063778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.555684090 CET37786050661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:21.555752039 CET605063778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.562370062 CET37786050661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:21.836886883 CET37786050461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:21.837066889 CET605043778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.837179899 CET605043778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.838041067 CET605083778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.843744993 CET37786050861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:21.843977928 CET605083778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.846074104 CET605083778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.850961924 CET37786050861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:21.851022005 CET605083778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:21.856338024 CET37786050861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:22.543072939 CET37786050661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:22.543600082 CET605063778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.543600082 CET605063778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.544475079 CET605103778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.550360918 CET37786051061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:22.550441027 CET605103778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.551656961 CET605103778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.556552887 CET37786051061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:22.556631088 CET605103778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.562345028 CET37786051061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:22.819334984 CET37786050861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:22.819540024 CET605083778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.819566011 CET605083778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.820271969 CET605123778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.825133085 CET37786051261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:22.825387955 CET605123778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.826991081 CET605123778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.832751989 CET37786051261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:22.832870007 CET605123778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:22.838434935 CET37786051261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:23.540811062 CET37786051061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:23.541140079 CET605103778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.541140079 CET605103778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.541768074 CET605143778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.546688080 CET37786051461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:23.546964884 CET605143778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.548417091 CET605143778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.553231001 CET37786051461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:23.553309917 CET605143778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.558335066 CET37786051461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:23.804748058 CET37786051261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:23.805237055 CET605123778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.805265903 CET605123778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.805900097 CET605163778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.813138008 CET37786051661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:23.813311100 CET605163778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.815140963 CET605163778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.821455956 CET37786051661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:23.821572065 CET605163778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:23.829200029 CET37786051661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:24.539355040 CET37786051461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:24.539534092 CET605143778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.539534092 CET605143778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.540442944 CET605183778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.545331955 CET37786051861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:24.545397997 CET605183778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.546655893 CET605183778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.551475048 CET37786051861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:24.551536083 CET605183778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.556380033 CET37786051861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:24.797570944 CET37786051661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:24.798015118 CET605163778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.798044920 CET605163778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.798815966 CET605203778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.803721905 CET37786052061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:24.803864956 CET605203778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.804883003 CET605203778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.809756041 CET37786052061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:24.809860945 CET605203778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:24.814704895 CET37786052061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:25.537456989 CET37786051861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:25.537669897 CET605183778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.537776947 CET605183778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.538775921 CET605223778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.543574095 CET37786052261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:25.543759108 CET605223778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.545248032 CET605223778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.550192118 CET37786052261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:25.550259113 CET605223778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.555063963 CET37786052261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:25.781975031 CET37786052061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:25.782175064 CET605203778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.782202005 CET605203778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.782852888 CET605243778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.787810087 CET37786052461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:25.787908077 CET605243778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.789164066 CET605243778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.794004917 CET37786052461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:25.794070005 CET605243778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:25.798846006 CET37786052461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:26.758519888 CET37786052461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:26.759000063 CET605243778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:26.759027004 CET605243778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:26.759857893 CET605263778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:26.764703989 CET37786052661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:26.764995098 CET605263778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:26.767208099 CET605263778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:26.772310972 CET37786052661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:26.772675037 CET605263778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:26.777498960 CET37786052661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:27.743067026 CET37786052661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:27.743343115 CET605263778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:27.743344069 CET605263778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:27.744332075 CET605283778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:27.749234915 CET37786052861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:27.749344110 CET605283778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:27.750739098 CET605283778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:27.755687952 CET37786052861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:27.755743980 CET605283778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:27.760617971 CET37786052861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:28.733932972 CET37786052861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:28.734081984 CET605283778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:28.734289885 CET605283778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:28.735568047 CET605303778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:28.740464926 CET37786053061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:28.740586042 CET605303778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:28.742187977 CET605303778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:28.748224020 CET37786053061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:28.748286009 CET605303778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:28.753106117 CET37786053061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:29.713053942 CET37786053061.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:29.713277102 CET605303778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:29.713277102 CET605303778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:29.714363098 CET605323778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:29.719218016 CET37786053261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:29.719362020 CET605323778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:29.721107006 CET605323778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:29.725944996 CET37786053261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:29.726001978 CET605323778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:29.730792999 CET37786053261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:30.696924925 CET37786053261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:30.697760105 CET605323778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:30.697761059 CET605323778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:30.698841095 CET605343778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:30.703820944 CET37786053461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:30.704036951 CET605343778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:30.706402063 CET605343778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:30.711189985 CET37786053461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:30.711285114 CET605343778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:30.716057062 CET37786053461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:31.703485966 CET37786053461.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:31.703833103 CET605343778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:31.703957081 CET605343778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:31.704658985 CET605363778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:31.709597111 CET37786053661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:31.709697962 CET605363778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:31.710760117 CET605363778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:31.715610027 CET37786053661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:31.715666056 CET605363778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:31.720596075 CET37786053661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:32.716691971 CET37786053661.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:32.717073917 CET605363778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:32.717073917 CET605363778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:32.718022108 CET605383778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:32.722963095 CET37786053861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:32.723058939 CET605383778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:32.724354982 CET605383778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:32.729227066 CET37786053861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:32.729298115 CET605383778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:32.734142065 CET37786053861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:35.555169106 CET605223778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:35.560040951 CET37786052261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:35.910865068 CET37786052261.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:35.911079884 CET605223778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:42.729197979 CET605383778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:28:42.734031916 CET37786053861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:43.085257053 CET37786053861.7.209.115192.168.2.15
                    Feb 17, 2025 17:28:43.085483074 CET605383778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:29:35.964730024 CET605223778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:29:35.969588995 CET37786052261.7.209.115192.168.2.15
                    Feb 17, 2025 17:29:36.321706057 CET37786052261.7.209.115192.168.2.15
                    Feb 17, 2025 17:29:36.321856022 CET605223778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:29:43.137115955 CET605383778192.168.2.1561.7.209.115
                    Feb 17, 2025 17:29:43.141985893 CET37786053861.7.209.115192.168.2.15
                    Feb 17, 2025 17:29:43.493113995 CET37786053861.7.209.115192.168.2.15
                    Feb 17, 2025 17:29:43.493453026 CET605383778192.168.2.1561.7.209.115

                    System Behavior

                    General

                    Start time (UTC):16:28:11
                    Start date (UTC):17/02/2025
                    Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                    Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    File Activities

                    Process Activities

                    System Activities

                    Network Activities


                    General

                    Start time (UTC):16:28:11
                    Start date (UTC):17/02/2025
                    Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Process Activities


                    General

                    Start time (UTC):16:28:11
                    Start date (UTC):17/02/2025
                    Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    File Activities

                    Process Activities


                    General

                    Start time (UTC):16:28:11
                    Start date (UTC):17/02/2025
                    Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Process Activities

                    Network Activities


                    General

                    Start time (UTC):16:28:17
                    Start date (UTC):17/02/2025
                    Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    File Activities

                    Process Activities


                    General

                    Start time (UTC):16:28:17
                    Start date (UTC):17/02/2025
                    Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                    Arguments:-
                    File size:4956856 bytes
                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                    Process Activities

                    Network Activities