Edit tour

Linux Analysis Report
i686.elf

Overview

General Information

Sample name:i686.elf
Analysis ID:1618290
MD5:32fefc7d7a6c7c039723a9ec34c942bc
SHA1:80b9fcf6b5c1b060ca911b1fd679296c841d0673
SHA256:48ca65c045106e8470936b85195ef368c2660ba09aa698e8513a1a5fc37c7446
Tags:elfuser-abuse_ch
Infos:

Detection

Score:68
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Performs DNS TXT record lookups
Sample reads /proc/mounts (often used for finding a writable filesystem)
Uses STUN server to do NAT traversial
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1618290
Start date and time:2025-02-18 19:56:15 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 47s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:i686.elf
Detection:MAL
Classification:mal68.troj.evad.linELF@0/0@4/0
  • VT rate limit hit for: lib.libre
Command:/tmp/i686.elf
PID:5522
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life
Standard Error:
  • system is lnxubuntu20
  • i686.elf (PID: 5522, Parent: 5447, MD5: 32fefc7d7a6c7c039723a9ec34c942bc) Arguments: /tmp/i686.elf
    • i686.elf New Fork (PID: 5527, Parent: 5522)
    • i686.elf New Fork (PID: 5528, Parent: 5522)
    • i686.elf New Fork (PID: 5562, Parent: 5522)
  • cleanup
SourceRuleDescriptionAuthorStrings
i686.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0xb3bc:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
i686.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0xbbab:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
i686.elfLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x7eea:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x804c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
i686.elfLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0xe19a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
i686.elfLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0xb76b:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 2 entries
SourceRuleDescriptionAuthorStrings
5522.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0xb3bc:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5522.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0xbbab:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5522.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x7eea:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x804c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5522.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0xe19a:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5522.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0xb76b:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 2 entries
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: i686.elfReversingLabs: Detection: 27%
Source: i686.elfVirustotal: Detection: 16%Perma Link

Networking

barindex
Source: unknownDNS query: name: stun.l.google.com
Source: global trafficTCP traffic: 192.168.2.15:49336 -> 64.23.188.144:28256
Source: global trafficUDP traffic: 192.168.2.15:56485 -> 74.125.250.129:19302
Source: /tmp/i686.elf (PID: 5522)Socket: 127.0.0.1:43478Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.188.144
Source: unknownUDP traffic detected without corresponding DNS query: 130.61.64.122
Source: global trafficDNS traffic detected: DNS query: lib.libre
Source: global trafficDNS traffic detected: DNS query: stun.l.google.com
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

barindex
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
Source: ELF static info symbol of initial sample.symtab present: no
Source: /tmp/i686.elf (PID: 5527)SIGKILL sent: pid: 9094, result: successfulJump to behavior
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5522.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
Source: classification engineClassification label: mal68.troj.evad.linELF@0/0@4/0

Persistence and Installation Behavior

barindex
Source: /tmp/i686.elf (PID: 5522)File: /proc/5522/mountsJump to behavior
Source: /tmp/i686.elf (PID: 5527)File: /proc/5527/mountsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3241/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3483/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3483/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3483/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1732/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1732/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1732/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1730/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1730/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1730/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1333/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1695/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1695/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1695/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3235/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3234/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1617/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1615/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1615/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1615/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/917/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3255/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3255/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3255/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3253/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3253/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3253/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1591/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1591/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1591/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3252/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3252/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3252/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3251/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3251/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3251/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3250/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3250/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3250/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1623/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1623/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1623/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1588/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1588/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3249/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3249/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3249/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/764/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/764/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/764/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3368/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3368/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3368/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1585/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3246/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3488/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3488/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3488/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/766/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/766/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/766/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/800/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/800/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/888/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/802/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/802/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1509/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1509/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1509/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/803/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/803/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/804/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1867/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1867/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1867/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3407/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1484/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1484/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1484/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/490/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/490/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1514/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1634/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1479/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1479/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1479/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3379/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3379/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/3379/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/931/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/777/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1595/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1595/statusJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/1595/cmdlineJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/658/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/779/mapsJump to behavior
Source: /tmp/i686.elf (PID: 5522)File opened: /proc/812/mapsJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: lib.libre
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
1
File and Directory Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1618290 Sample: i686.elf Startdate: 18/02/2025 Architecture: LINUX Score: 68 17 lib.libre 2->17 19 stun.l.google.com 2->19 21 3 other IPs or domains 2->21 23 Malicious sample detected (through community Yara rule) 2->23 25 Multi AV Scanner detection for submitted file 2->25 7 i686.elf 2->7         started        signatures3 27 Performs DNS TXT record lookups 17->27 29 Uses STUN server to do NAT traversial 19->29 process4 signatures5 31 Sample reads /proc/mounts (often used for finding a writable filesystem) 7->31 10 i686.elf 7->10         started        13 i686.elf 7->13         started        15 i686.elf 7->15         started        process6 signatures7 33 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->33

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
i686.elf27%ReversingLabsLinux.Backdoor.Gafgyt
i686.elf16%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.25
truefalse
    high
    stun.l.google.com
    74.125.250.129
    truefalse
      high
      lib.libre
      unknown
      unknowntrue
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        64.23.188.144
        unknownUnited States
        3064AFFINITY-FTLUSfalse
        74.125.250.129
        stun.l.google.comUnited States
        15169GOOGLEUSfalse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        64.23.188.144i686.elfGet hashmaliciousUnknownBrowse
          na.elfGet hashmaliciousUnknownBrowse
            i686.elfGet hashmaliciousUnknownBrowse
              na.elfGet hashmaliciousUnknownBrowse
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                daisy.ubuntu.comzteGet hashmaliciousUnknownBrowse
                • 162.213.35.25
                arm5.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.25
                mips.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.24
                ppc.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.25
                fuckjewishpeople.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 162.213.35.25
                arm.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.25
                Yboats.mips.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.25
                Yboats.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                • 162.213.35.25
                Yboats.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                • 162.213.35.25
                Yboats.ppc.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.25
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                AFFINITY-FTLUSi686.elfGet hashmaliciousUnknownBrowse
                • 64.23.188.144
                na.elfGet hashmaliciousUnknownBrowse
                • 64.23.188.144
                i686.elfGet hashmaliciousUnknownBrowse
                • 64.23.188.144
                na.elfGet hashmaliciousUnknownBrowse
                • 64.23.188.144
                arm7.elfGet hashmaliciousMirai, MoobotBrowse
                • 207.36.98.138
                arm7.elfGet hashmaliciousMirai, MoobotBrowse
                • 64.159.94.16
                https://gffd-5ru.pages.dev/?email=nobody@wp.pl&mail=wp.plGet hashmaliciousHTMLPhisherBrowse
                • 66.113.135.6
                sh4.elfGet hashmaliciousMirai, MoobotBrowse
                • 66.232.157.134
                telnet.x86.elfGet hashmaliciousUnknownBrowse
                • 216.219.155.110
                powerpc.elfGet hashmaliciousUnknownBrowse
                • 207.234.192.3
                No context
                No context
                No created / dropped files found
                File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                Entropy (8bit):6.310509369985212
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:i686.elf
                File size:71'712 bytes
                MD5:32fefc7d7a6c7c039723a9ec34c942bc
                SHA1:80b9fcf6b5c1b060ca911b1fd679296c841d0673
                SHA256:48ca65c045106e8470936b85195ef368c2660ba09aa698e8513a1a5fc37c7446
                SHA512:a1ab386d61fefa9f0708b77ddcefe619e1bed76809bc5e9ae84fc41022c4a30ae6758ba7199a3b4c6aa9bdf01b41de0060c9289fd2e3502768cec2360a2c65f5
                SSDEEP:1536:w5OzVJYmoH30uuKtyiUS2Oo1Rh92wsjX6f7T41iBxX1:w5oJYmoH3pzyin+T92l6DiiBxX1
                TLSH:80635C076881C0FDC496C3784B6EE62BD533F4792536F25A6BD4BE276E5AE201F2E101
                File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@...............................................Q.......Q.....`........o..............Q.td....................................................H...._........H........

                ELF header

                Class:ELF64
                Data:2's complement, little endian
                Version:1 (current)
                Machine:Advanced Micro Devices X86-64
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:UNIX - System V
                ABI Version:0
                Entry Point Address:0x400194
                Flags:0x0
                ELF Header Size:64
                Program Header Offset:64
                Program Header Size:56
                Number of Program Headers:3
                Section Header Offset:71072
                Section Header Size:64
                Number of Section Headers:10
                Header String Table Index:9
                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                NULL0x00x00x00x00x0000
                .initPROGBITS0x4000e80xe80x130x00x6AX001
                .textPROGBITS0x4001000x1000xe5160x00x6AX0016
                .finiPROGBITS0x40e6160xe6160xe0x00x6AX001
                .rodataPROGBITS0x40e6400xe6400x29700x00x2A0032
                .ctorsPROGBITS0x5110000x110000x100x00x3WA008
                .dtorsPROGBITS0x5110100x110100x100x00x3WA008
                .dataPROGBITS0x5110400x110400x5200x00x3WA0032
                .bssNOBITS0x5115600x115600x6a880x00x3WA0032
                .shstrtabSTRTAB0x00x115600x3e0x00x0001
                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x4000000x4000000x10fb00x10fb06.39260x5R E0x100000.init .text .fini .rodata
                LOAD0x110000x5110000x5110000x5600x6fe82.35390x6RW 0x100000.ctors .dtors .data .bss
                GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                Download Network PCAP: filteredfull

                • Total Packets: 41
                • 28256 undefined
                • 19302 undefined
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Feb 18, 2025 19:56:57.245990992 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:56:57.251013994 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:56:57.251507044 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:56:57.818749905 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:56:57.819113016 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:56:57.907608986 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:56:57.907717943 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:02.572484016 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:02.578366041 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:57:12.580404997 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:12.585424900 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:57:12.585481882 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:12.590477943 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:57:24.548827887 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:57:24.548882961 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:34.555788994 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:34.561333895 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:57:34.561422110 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:34.566456079 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:57:48.613704920 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:48.618791103 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:57:48.618840933 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:57:48.623800039 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:03.350992918 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:58:03.356087923 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:03.356151104 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:58:03.361160994 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:17.965991020 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:58:17.971026897 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:17.971093893 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:58:17.976069927 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:32.574321032 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:58:32.580269098 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:32.580341101 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:58:32.586210012 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:47.579111099 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:58:47.584239006 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:47.584295034 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:58:47.589268923 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:53.597770929 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:58:53.597903013 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:03.607927084 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:03.613142967 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:59:03.613190889 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:03.618133068 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:59:18.333235979 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:18.338660955 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:59:18.338767052 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:18.346396923 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:59:31.830776930 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:31.900775909 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:59:31.900954962 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:31.906032085 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:59:46.436422110 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:46.443417072 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 19:59:46.443490982 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 19:59:46.450404882 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 20:00:00.709779024 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 20:00:00.714895010 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 20:00:00.714962006 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 20:00:00.719937086 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 20:00:13.699788094 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 20:00:13.704922915 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 20:00:13.704992056 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 20:00:13.710051060 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 20:00:15.590759039 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 20:00:15.590873003 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 20:00:27.979460955 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 20:00:27.984710932 CET282564933664.23.188.144192.168.2.15
                Feb 18, 2025 20:00:27.984780073 CET4933628256192.168.2.1564.23.188.144
                Feb 18, 2025 20:00:27.989815950 CET282564933664.23.188.144192.168.2.15
                TimestampSource PortDest PortSource IPDest IP
                Feb 18, 2025 19:56:57.232321024 CET4256953192.168.2.15130.61.64.122
                Feb 18, 2025 19:56:57.239639044 CET5342569130.61.64.122192.168.2.15
                Feb 18, 2025 19:56:58.258908033 CET5206053192.168.2.158.8.8.8
                Feb 18, 2025 19:56:58.268429995 CET53520608.8.8.8192.168.2.15
                Feb 18, 2025 19:56:58.268522024 CET5648519302192.168.2.1574.125.250.129
                Feb 18, 2025 19:56:58.720290899 CET193025648574.125.250.129192.168.2.15
                Feb 18, 2025 19:59:39.790827036 CET5366553192.168.2.158.8.8.8
                Feb 18, 2025 19:59:39.790920973 CET4336153192.168.2.158.8.8.8
                Feb 18, 2025 19:59:39.799464941 CET53433618.8.8.8192.168.2.15
                Feb 18, 2025 19:59:39.799488068 CET53536658.8.8.8192.168.2.15
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Feb 18, 2025 19:56:57.232321024 CET192.168.2.15130.61.64.1220x9ad5Standard query (0)lib.libre16IN (0x0001)false
                Feb 18, 2025 19:56:58.258908033 CET192.168.2.158.8.8.80xaa81Standard query (0)stun.l.google.comA (IP address)IN (0x0001)false
                Feb 18, 2025 19:59:39.790827036 CET192.168.2.158.8.8.80xc8b4Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                Feb 18, 2025 19:59:39.790920973 CET192.168.2.158.8.8.80xe080Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Feb 18, 2025 19:56:57.239639044 CET130.61.64.122192.168.2.150x9ad5No error (0)lib.libreTXT (Text strings)IN (0x0001)false
                Feb 18, 2025 19:56:58.268429995 CET8.8.8.8192.168.2.150xaa81No error (0)stun.l.google.com74.125.250.129A (IP address)IN (0x0001)false
                Feb 18, 2025 19:59:39.799488068 CET8.8.8.8192.168.2.150xc8b4No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                Feb 18, 2025 19:59:39.799488068 CET8.8.8.8192.168.2.150xc8b4No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                System Behavior

                Start time (UTC):18:56:55
                Start date (UTC):18/02/2025
                Path:/tmp/i686.elf
                Arguments:/tmp/i686.elf
                File size:71712 bytes
                MD5 hash:32fefc7d7a6c7c039723a9ec34c942bc

                Start time (UTC):18:56:55
                Start date (UTC):18/02/2025
                Path:/tmp/i686.elf
                Arguments:-
                File size:71712 bytes
                MD5 hash:32fefc7d7a6c7c039723a9ec34c942bc

                Start time (UTC):18:56:55
                Start date (UTC):18/02/2025
                Path:/tmp/i686.elf
                Arguments:-
                File size:71712 bytes
                MD5 hash:32fefc7d7a6c7c039723a9ec34c942bc

                Start time (UTC):18:56:56
                Start date (UTC):18/02/2025
                Path:/tmp/i686.elf
                Arguments:-
                File size:71712 bytes
                MD5 hash:32fefc7d7a6c7c039723a9ec34c942bc