Edit tour

Linux Analysis Report
zerarm5.elf

Overview

General Information

Sample name:zerarm5.elf
Analysis ID:1628741
MD5:42ac3d0b690f5e9ef36812aae60bfa29
SHA1:8a82746e653a1c2a8881e492071386b639409275
SHA256:ac47c4604edb09810626c6754ba9f3cf39f40d71f3c396e7bba1c1214ce3ae95
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1628741
Start date and time:2025-03-04 04:22:05 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 24s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zerarm5.elf
Detection:MAL
Classification:mal52.troj.linELF@0/0@16/0
Command:/tmp/zerarm5.elf
PID:5489
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zerarm5.elf (PID: 5489, Parent: 5416, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/zerarm5.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zerarm5.elfVirustotal: Detection: 39%Perma Link
Source: zerarm5.elfReversingLabs: Detection: 42%

Networking

barindex
Source: global trafficDNS traffic detected: malformed DNS query: watchmepull.dyn. [malformed]
Source: global trafficTCP traffic: 192.168.2.14:36000 -> 45.147.251.145:1440
Source: /tmp/zerarm5.elf (PID: 5489)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: global trafficDNS traffic detected: DNS query: ohlookthereismyboats.geek
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn. [malformed]
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal52.troj.linELF@0/0@16/0
Source: /tmp/zerarm5.elf (PID: 5489)Queries kernel information via 'uname': Jump to behavior
Source: zerarm5.elf, 5489.1.00005615ae31a000.00005615ae448000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: zerarm5.elf, 5489.1.00005615ae31a000.00005615ae448000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm
Source: zerarm5.elf, 5489.1.00007ffc9cd1e000.00007ffc9cd3f000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: zerarm5.elf, 5489.1.00007ffc9cd1e000.00007ffc9cd3f000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/zerarm5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zerarm5.elf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1628741 Sample: zerarm5.elf Startdate: 04/03/2025 Architecture: LINUX Score: 52 14 watchmepull.dyn. [malformed] 2->14 16 45.147.251.145, 1440, 36000, 36002 RACKMARKTES Germany 2->16 18 ohlookthereismyboats.geek 2->18 20 Multi AV Scanner detection for submitted file 2->20 8 zerarm5.elf 2->8         started        signatures3 22 Sends malformed DNS queries 14->22 process4 process5 10 zerarm5.elf 8->10         started        process6 12 zerarm5.elf 10->12         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
zerarm5.elf40%VirustotalBrowse
zerarm5.elf42%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
ohlookthereismyboats.geek
185.159.74.127
truefalse
    high
    watchmepull.dyn. [malformed]
    unknown
    unknownfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      45.147.251.145
      unknownGermany
      197518RACKMARKTESfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      45.147.251.145zersh4.elfGet hashmaliciousUnknownBrowse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        ohlookthereismyboats.geeknklppc.elfGet hashmaliciousUnknownBrowse
        • 1.2.3.4
        zerarm.elfGet hashmaliciousUnknownBrowse
        • 46.19.143.10
        nklsh4.elfGet hashmaliciousUnknownBrowse
        • 45.147.251.145
        zersh4.elfGet hashmaliciousUnknownBrowse
        • 46.19.143.10
        nabm68k.elfGet hashmaliciousUnknownBrowse
        • 1.2.3.4
        x86.elfGet hashmaliciousUnknownBrowse
        • 185.159.74.127
        splarm7.elfGet hashmaliciousUnknownBrowse
        • 46.19.143.10
        nabx86.elfGet hashmaliciousUnknownBrowse
        • 1.2.3.4
        nklspc.elfGet hashmaliciousUnknownBrowse
        • 46.19.143.10
        splm68k.elfGet hashmaliciousUnknownBrowse
        • 46.19.143.10
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        RACKMARKTESzersh4.elfGet hashmaliciousUnknownBrowse
        • 45.147.251.145
        80P.exeGet hashmaliciousI2PRATBrowse
        • 185.226.181.238
        cZO.exeGet hashmaliciousUnknownBrowse
        • 185.226.181.238
        Captcha.htaGet hashmaliciousCobalt Strike, HTMLPhisher, LummaC StealerBrowse
        • 45.131.135.227
        file.exeGet hashmaliciousPureCrypterBrowse
        • 185.226.181.36
        file.exeGet hashmaliciousPureCrypterBrowse
        • 185.226.181.36
        vOoy27ZG1Y.msiGet hashmaliciousUnknownBrowse
        • 185.228.72.101
        Aqua.x86.elfGet hashmaliciousUnknownBrowse
        • 45.147.248.7
        Aqua.arm7.elfGet hashmaliciousMiraiBrowse
        • 45.147.248.7
        6.HTA.htaGet hashmaliciousUnknownBrowse
        • 185.228.72.84
        No context
        No context
        No created / dropped files found
        File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
        Entropy (8bit):5.988728510062544
        TrID:
        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
        File name:zerarm5.elf
        File size:51'740 bytes
        MD5:42ac3d0b690f5e9ef36812aae60bfa29
        SHA1:8a82746e653a1c2a8881e492071386b639409275
        SHA256:ac47c4604edb09810626c6754ba9f3cf39f40d71f3c396e7bba1c1214ce3ae95
        SHA512:d60add40c6490b175de26771b603d878bd1f704286213c752b9d9106e5c3e258b96fa5b1a988ad3bf6d223d54720d03c60cc5fd60bdbaa9d8e13b15489b2fc92
        SSDEEP:768:1H2jv3En3LcgkxN9pmvDtNr7jNrOj5olPHS8rK7/hCpvV91pNqRZRPTf4FRuiN9:AjfE8JpmbXrPlgGS8+75U9P2Z5O
        TLSH:25330791B9C18A13C5D462BBFA2E42DC372563E8E2DF7207DD112F513B8A82F0DA7651
        File Content Preview:.ELF...a..........(.........4...d.......4. ...(..................... ... ...............$...$...$........%..........Q.td..................................-...L."...............0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

        ELF header

        Class:ELF32
        Data:2's complement, little endian
        Version:1 (current)
        Machine:ARM
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:ARM - ABI
        ABI Version:0
        Entry Point Address:0x8190
        Flags:0x2
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:51300
        Section Header Size:40
        Number of Section Headers:11
        Header String Table Index:10
        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
        NULL0x00x00x00x00x0000
        .initPROGBITS0x80940x940x180x00x6AX004
        .textPROGBITS0x80b00xb00xbbf80x00x6AX0016
        .finiPROGBITS0x13ca80xbca80x140x00x6AX004
        .rodataPROGBITS0x13cbc0xbcbc0x8640x00x2A004
        .ctorsPROGBITS0x1c5240xc5240x80x00x3WA004
        .dtorsPROGBITS0x1c52c0xc52c0x80x00x3WA004
        .jcrPROGBITS0x1c5340xc5340x40x00x3WA004
        .dataPROGBITS0x1c5380xc5380x2e80x00x3WA004
        .bssNOBITS0x1c8200xc8200x22880x00x3WA004
        .shstrtabSTRTAB0x00xc8200x430x00x0001
        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x80000x80000xc5200xc5206.03230x5R E0x8000.init .text .fini .rodata
        LOAD0xc5240x1c5240x1c5240x2fc0x25842.16860x6RW 0x8000.ctors .dtors .jcr .data .bss
        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

        Download Network PCAP: filteredfull

        • Total Packets: 39
        • 1440 undefined
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Mar 4, 2025 04:22:47.985481977 CET360001440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:47.990544081 CET14403600045.147.251.145192.168.2.14
        Mar 4, 2025 04:22:47.990627050 CET360001440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:48.001112938 CET360001440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:48.006555080 CET14403600045.147.251.145192.168.2.14
        Mar 4, 2025 04:22:48.006596088 CET360001440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:48.011709929 CET14403600045.147.251.145192.168.2.14
        Mar 4, 2025 04:22:58.011585951 CET360001440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:58.016715050 CET14403600045.147.251.145192.168.2.14
        Mar 4, 2025 04:22:58.231862068 CET14403600045.147.251.145192.168.2.14
        Mar 4, 2025 04:22:58.232404947 CET360001440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:58.232546091 CET360001440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:58.237539053 CET14403600045.147.251.145192.168.2.14
        Mar 4, 2025 04:22:59.433510065 CET360021440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:59.438693047 CET14403600245.147.251.145192.168.2.14
        Mar 4, 2025 04:22:59.438782930 CET360021440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:59.439591885 CET360021440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:59.444639921 CET14403600245.147.251.145192.168.2.14
        Mar 4, 2025 04:22:59.444690943 CET360021440192.168.2.1445.147.251.145
        Mar 4, 2025 04:22:59.450669050 CET14403600245.147.251.145192.168.2.14
        Mar 4, 2025 04:23:10.052890062 CET14403600245.147.251.145192.168.2.14
        Mar 4, 2025 04:23:10.053200006 CET360021440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:10.058243990 CET14403600245.147.251.145192.168.2.14
        Mar 4, 2025 04:23:11.145060062 CET360041440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:11.150196075 CET14403600445.147.251.145192.168.2.14
        Mar 4, 2025 04:23:11.150275946 CET360041440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:11.151072025 CET360041440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:11.157373905 CET14403600445.147.251.145192.168.2.14
        Mar 4, 2025 04:23:11.157447100 CET360041440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:11.166380882 CET14403600445.147.251.145192.168.2.14
        Mar 4, 2025 04:23:21.750956059 CET14403600445.147.251.145192.168.2.14
        Mar 4, 2025 04:23:21.751254082 CET360041440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:21.756352901 CET14403600445.147.251.145192.168.2.14
        Mar 4, 2025 04:23:23.316735983 CET360061440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:23.321782112 CET14403600645.147.251.145192.168.2.14
        Mar 4, 2025 04:23:23.321888924 CET360061440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:23.322843075 CET360061440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:23.327832937 CET14403600645.147.251.145192.168.2.14
        Mar 4, 2025 04:23:23.327923059 CET360061440192.168.2.1445.147.251.145
        Mar 4, 2025 04:23:23.332901955 CET14403600645.147.251.145192.168.2.14
        Mar 4, 2025 04:24:03.361898899 CET360061440192.168.2.1445.147.251.145
        Mar 4, 2025 04:24:03.367104053 CET14403600645.147.251.145192.168.2.14
        Mar 4, 2025 04:24:03.578228951 CET14403600645.147.251.145192.168.2.14
        Mar 4, 2025 04:24:03.578356981 CET360061440192.168.2.1445.147.251.145
        TimestampSource PortDest PortSource IPDest IP
        Mar 4, 2025 04:22:47.965483904 CET5884453192.168.2.14202.61.197.122
        Mar 4, 2025 04:22:47.983412027 CET5358844202.61.197.122192.168.2.14
        Mar 4, 2025 04:22:59.236191988 CET4129753192.168.2.14185.181.61.24
        Mar 4, 2025 04:22:59.274578094 CET5341297185.181.61.24192.168.2.14
        Mar 4, 2025 04:22:59.276325941 CET4300653192.168.2.14185.181.61.24
        Mar 4, 2025 04:22:59.314558983 CET5343006185.181.61.24192.168.2.14
        Mar 4, 2025 04:22:59.316129923 CET4978153192.168.2.14185.181.61.24
        Mar 4, 2025 04:22:59.353518009 CET5349781185.181.61.24192.168.2.14
        Mar 4, 2025 04:22:59.354975939 CET5344353192.168.2.14185.181.61.24
        Mar 4, 2025 04:22:59.392929077 CET5353443185.181.61.24192.168.2.14
        Mar 4, 2025 04:22:59.394406080 CET5922953192.168.2.14185.181.61.24
        Mar 4, 2025 04:22:59.432001114 CET5359229185.181.61.24192.168.2.14
        Mar 4, 2025 04:23:11.056684971 CET4384853192.168.2.1451.158.108.203
        Mar 4, 2025 04:23:11.073997021 CET534384851.158.108.203192.168.2.14
        Mar 4, 2025 04:23:11.075515032 CET3676053192.168.2.1451.158.108.203
        Mar 4, 2025 04:23:11.091108084 CET533676051.158.108.203192.168.2.14
        Mar 4, 2025 04:23:11.092541933 CET5405353192.168.2.1451.158.108.203
        Mar 4, 2025 04:23:11.108555079 CET535405351.158.108.203192.168.2.14
        Mar 4, 2025 04:23:11.109793901 CET4136553192.168.2.1451.158.108.203
        Mar 4, 2025 04:23:11.126005888 CET534136551.158.108.203192.168.2.14
        Mar 4, 2025 04:23:11.127185106 CET3993653192.168.2.1451.158.108.203
        Mar 4, 2025 04:23:11.144390106 CET533993651.158.108.203192.168.2.14
        Mar 4, 2025 04:23:22.754009008 CET5936753192.168.2.14168.235.111.72
        Mar 4, 2025 04:23:22.843184948 CET5359367168.235.111.72192.168.2.14
        Mar 4, 2025 04:23:22.844592094 CET5099153192.168.2.14168.235.111.72
        Mar 4, 2025 04:23:23.036859989 CET5350991168.235.111.72192.168.2.14
        Mar 4, 2025 04:23:23.038610935 CET5976053192.168.2.14168.235.111.72
        Mar 4, 2025 04:23:23.128202915 CET5359760168.235.111.72192.168.2.14
        Mar 4, 2025 04:23:23.130137920 CET4002753192.168.2.14168.235.111.72
        Mar 4, 2025 04:23:23.223083973 CET5340027168.235.111.72192.168.2.14
        Mar 4, 2025 04:23:23.224526882 CET4150053192.168.2.14168.235.111.72
        Mar 4, 2025 04:23:23.315831900 CET5341500168.235.111.72192.168.2.14
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Mar 4, 2025 04:22:47.965483904 CET192.168.2.14202.61.197.1220x2ceeStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
        Mar 4, 2025 04:22:59.236191988 CET192.168.2.14185.181.61.240x8e54Standard query (0)watchmepull.dyn. [malformed]256275false
        Mar 4, 2025 04:22:59.276325941 CET192.168.2.14185.181.61.240x8e54Standard query (0)watchmepull.dyn. [malformed]256275false
        Mar 4, 2025 04:22:59.316129923 CET192.168.2.14185.181.61.240x8e54Standard query (0)watchmepull.dyn. [malformed]256275false
        Mar 4, 2025 04:22:59.354975939 CET192.168.2.14185.181.61.240x8e54Standard query (0)watchmepull.dyn. [malformed]256275false
        Mar 4, 2025 04:22:59.394406080 CET192.168.2.14185.181.61.240x8e54Standard query (0)watchmepull.dyn. [malformed]256275false
        Mar 4, 2025 04:23:11.056684971 CET192.168.2.1451.158.108.2030x73e3Standard query (0)watchmepull.dyn. [malformed]256287false
        Mar 4, 2025 04:23:11.075515032 CET192.168.2.1451.158.108.2030x73e3Standard query (0)watchmepull.dyn. [malformed]256287false
        Mar 4, 2025 04:23:11.092541933 CET192.168.2.1451.158.108.2030x73e3Standard query (0)watchmepull.dyn. [malformed]256287false
        Mar 4, 2025 04:23:11.109793901 CET192.168.2.1451.158.108.2030x73e3Standard query (0)watchmepull.dyn. [malformed]256287false
        Mar 4, 2025 04:23:11.127185106 CET192.168.2.1451.158.108.2030x73e3Standard query (0)watchmepull.dyn. [malformed]256287false
        Mar 4, 2025 04:23:22.754009008 CET192.168.2.14168.235.111.720x6a1eStandard query (0)watchmepull.dyn. [malformed]256298false
        Mar 4, 2025 04:23:22.844592094 CET192.168.2.14168.235.111.720x6a1eStandard query (0)watchmepull.dyn. [malformed]256299false
        Mar 4, 2025 04:23:23.038610935 CET192.168.2.14168.235.111.720x6a1eStandard query (0)watchmepull.dyn. [malformed]256299false
        Mar 4, 2025 04:23:23.130137920 CET192.168.2.14168.235.111.720x6a1eStandard query (0)watchmepull.dyn. [malformed]256299false
        Mar 4, 2025 04:23:23.224526882 CET192.168.2.14168.235.111.720x6a1eStandard query (0)watchmepull.dyn. [malformed]256299false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Mar 4, 2025 04:22:47.983412027 CET202.61.197.122192.168.2.140x2ceeNo error (0)ohlookthereismyboats.geek185.159.74.127A (IP address)IN (0x0001)false
        Mar 4, 2025 04:22:47.983412027 CET202.61.197.122192.168.2.140x2ceeNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
        Mar 4, 2025 04:22:47.983412027 CET202.61.197.122192.168.2.140x2ceeNo error (0)ohlookthereismyboats.geek46.19.143.10A (IP address)IN (0x0001)false
        Mar 4, 2025 04:23:11.073997021 CET51.158.108.203192.168.2.140x73e3Format error (1)watchmepull.dyn. [malformed]nonenone256287false
        Mar 4, 2025 04:23:11.091108084 CET51.158.108.203192.168.2.140x73e3Format error (1)watchmepull.dyn. [malformed]nonenone256287false
        Mar 4, 2025 04:23:11.108555079 CET51.158.108.203192.168.2.140x73e3Format error (1)watchmepull.dyn. [malformed]nonenone256287false
        Mar 4, 2025 04:23:11.126005888 CET51.158.108.203192.168.2.140x73e3Format error (1)watchmepull.dyn. [malformed]nonenone256287false
        Mar 4, 2025 04:23:11.144390106 CET51.158.108.203192.168.2.140x73e3Format error (1)watchmepull.dyn. [malformed]nonenone256287false

        System Behavior

        Start time (UTC):03:22:46
        Start date (UTC):04/03/2025
        Path:/tmp/zerarm5.elf
        Arguments:/tmp/zerarm5.elf
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        Start time (UTC):03:22:46
        Start date (UTC):04/03/2025
        Path:/tmp/zerarm5.elf
        Arguments:-
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

        Start time (UTC):03:22:46
        Start date (UTC):04/03/2025
        Path:/tmp/zerarm5.elf
        Arguments:-
        File size:4956856 bytes
        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1