Edit tour

Linux Analysis Report
debug.dbg.elf

Overview

General Information

Sample name:debug.dbg.elf
Analysis ID:1634284
MD5:994546ec709cd259d26572c6c648ff3c
SHA1:14eb6fb10abc34568901ed6dc5a8100cad229639
SHA256:3a87f9a9f0ac2407e7b413926cc23d47c5e17d4ab554bcbb221661dbc0feab9a
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Uses dynamic DNS services
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1634284
Start date and time:2025-03-10 21:36:10 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 36s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:debug.dbg.elf
Detection:MAL
Classification:mal76.troj.linELF@0/0@20/0
Command:/tmp/debug.dbg.elf
PID:5424
Exit Code:
Exit Code Info:
Killed:True
Standard Output:
unstable_is_the_history_of_universe
[magician] debug mode, pid: 5424
[magician] we are the only process on this system!
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
(unstable/resolver) found ipv4 address: 98f5bfa0
(unstable/resolver) resolved huyhoangluvnhi.duckdns.org to 1 ipv4 addresses
[magician] resolved domain
[magician] connected to cnc successfully
[magician] attempting to connect to cnc
(unstable/resolver) got response from select
Standard Error:
  • system is lnxubuntu20
  • dash New Fork (PID: 5409, Parent: 3577)
  • rm (PID: 5409, Parent: 3577, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.RBPxToCMAw /tmp/tmp.N9R1GNEKsk /tmp/tmp.8YRKlJ9iR2
  • dash New Fork (PID: 5410, Parent: 3577)
  • rm (PID: 5410, Parent: 3577, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.RBPxToCMAw /tmp/tmp.N9R1GNEKsk /tmp/tmp.8YRKlJ9iR2
  • debug.dbg.elf (PID: 5424, Parent: 5347, MD5: 994546ec709cd259d26572c6c648ff3c) Arguments: /tmp/debug.dbg.elf
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
debug.dbg.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    debug.dbg.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xb294:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb2a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb2bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb2d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb2e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb2f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb30c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb35c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb3ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb3c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb3d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb3e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb3fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    debug.dbg.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
    • 0x44d0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
    debug.dbg.elfLinux_Trojan_Mirai_88de437funknownunknown
    • 0x65d2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
    debug.dbg.elfLinux_Trojan_Mirai_389ee3e9unknownunknown
    • 0x9534:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
    Click to see the 2 entries
    SourceRuleDescriptionAuthorStrings
    5424.1.0000000008048000.0000000008056000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5424.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xb294:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb2a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb2bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb2d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb2e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb2f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb30c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb35c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb3ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb3c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb3d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb3e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb3fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xb424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5424.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0x44d0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      5424.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
      • 0x65d2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
      5424.1.0000000008048000.0000000008056000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
      • 0x9534:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
      Click to see the 3 entries
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: debug.dbg.elfAvira: detected
      Source: debug.dbg.elfReversingLabs: Detection: 52%
      Source: debug.dbg.elfVirustotal: Detection: 54%Perma Link

      Networking

      barindex
      Source: unknownDNS query: name: huyhoangluvnhi.duckdns.org
      Source: global trafficTCP traffic: 192.168.2.13:45070 -> 160.191.245.152:56999
      Source: global trafficTCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443
      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
      Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: huyhoangluvnhi.duckdns.org
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 48202 -> 443

      System Summary

      barindex
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: Process Memory Space: debug.dbg.elf PID: 5424, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: debug.dbg.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: Process Memory Space: debug.dbg.elf PID: 5424, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: classification engineClassification label: mal76.troj.linELF@0/0@20/0
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/5262/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/230/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/110/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/231/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/111/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/232/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/112/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/233/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/113/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/234/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/114/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/235/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/115/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/236/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/116/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/237/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/117/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/238/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/118/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/239/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/119/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/3632/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/914/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/10/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/917/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/11/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/12/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/13/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/14/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/15/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/16/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/17/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/18/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/19/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/240/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/3095/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/120/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/241/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/121/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/242/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/1/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/122/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/243/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/2/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/123/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/244/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/3/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/124/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/245/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/1588/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/125/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/4/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/246/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/126/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/5/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/247/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/127/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/6/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/248/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/128/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/7/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/249/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/129/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/8/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/800/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/9/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/1906/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/802/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/803/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/20/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/21/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/22/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/23/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/24/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/25/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/26/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/27/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/28/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/29/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/3420/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/1482/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/490/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/1480/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/250/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/371/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/130/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/251/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/131/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/252/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/132/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/253/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/254/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/1238/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/134/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/255/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/256/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/257/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/378/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/3413/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/258/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/259/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/1475/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/936/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/30/cmdlineJump to behavior
      Source: /tmp/debug.dbg.elf (PID: 5425)File opened: /proc/816/cmdlineJump to behavior
      Source: /usr/bin/dash (PID: 5409)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.RBPxToCMAw /tmp/tmp.N9R1GNEKsk /tmp/tmp.8YRKlJ9iR2Jump to behavior
      Source: /usr/bin/dash (PID: 5410)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.RBPxToCMAw /tmp/tmp.N9R1GNEKsk /tmp/tmp.8YRKlJ9iR2Jump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: debug.dbg.elf, type: SAMPLE
      Source: Yara matchFile source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: debug.dbg.elf, type: SAMPLE
      Source: Yara matchFile source: 5424.1.0000000008048000.0000000008056000.r-x.sdmp, type: MEMORY
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
      File Deletion
      1
      OS Credential Dumping
      System Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Standard Port
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture12
      Application Layer Protocol
      Traffic DuplicationData Destruction
      No configs have been found
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1634284 Sample: debug.dbg.elf Startdate: 10/03/2025 Architecture: LINUX Score: 76 13 huyhoangluvnhi.duckdns.org 2->13 15 huyhoangluvnhi.duckdns.org 160.191.245.152, 45070, 45072, 45074 SINET-ASResearchOrganizationofInformationandSystemsN unknown 2->15 17 2 other IPs or domains 2->17 19 Malicious sample detected (through community Yara rule) 2->19 21 Antivirus / Scanner detection for submitted sample 2->21 23 Multi AV Scanner detection for submitted file 2->23 25 Yara detected Mirai 2->25 7 dash rm debug.dbg.elf 2->7         started        9 dash rm 2->9         started        signatures3 27 Uses dynamic DNS services 13->27 process4 process5 11 debug.dbg.elf 7->11         started       
      SourceDetectionScannerLabelLink
      debug.dbg.elf53%ReversingLabsLinux.Trojan.Mirai
      debug.dbg.elf55%VirustotalBrowse
      debug.dbg.elf100%AviraEXP/ELF.Mirai.Z.A
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches

      Download Network PCAP: filteredfull

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      162.213.35.24
      truefalse
        high
        huyhoangluvnhi.duckdns.org
        160.191.245.152
        truefalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          160.191.245.152
          huyhoangluvnhi.duckdns.orgunknown
          2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
          185.125.190.26
          unknownUnited Kingdom
          41231CANONICAL-ASGBfalse
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          160.191.245.152blah.x86.elfGet hashmaliciousUnknownBrowse
            blah.mips.elfGet hashmaliciousUnknownBrowse
              blah.m68k.elfGet hashmaliciousUnknownBrowse
                blah.arm7.elfGet hashmaliciousMiraiBrowse
                  blah.ppc.elfGet hashmaliciousUnknownBrowse
                    blah.x86_64.elfGet hashmaliciousUnknownBrowse
                      blah.arm.elfGet hashmaliciousUnknownBrowse
                        blah.mpsl.elfGet hashmaliciousUnknownBrowse
                          blah.spc.elfGet hashmaliciousUnknownBrowse
                            sh4.elfGet hashmaliciousUnknownBrowse
                              185.125.190.26na.elfGet hashmaliciousPrometeiBrowse
                                zerspc.elfGet hashmaliciousUnknownBrowse
                                  6j272sSkTN.elfGet hashmaliciousFogBrowse
                                    na.elfGet hashmaliciousPrometeiBrowse
                                      mips.elfGet hashmaliciousUnknownBrowse
                                        arm5.elfGet hashmaliciousUnknownBrowse
                                          aarch64.elfGet hashmaliciousMiraiBrowse
                                            x-8.6-.opticus.elfGet hashmaliciousGafgytBrowse
                                              sshd.elfGet hashmaliciousUnknownBrowse
                                                na.elfGet hashmaliciousPrometeiBrowse
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  daisy.ubuntu.comboatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                  • 162.213.35.24
                                                  .i.elfGet hashmaliciousUnknownBrowse
                                                  • 162.213.35.24
                                                  sshd.elfGet hashmaliciousUnknownBrowse
                                                  • 162.213.35.25
                                                  mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 162.213.35.24
                                                  arm5.elfGet hashmaliciousMiraiBrowse
                                                  • 162.213.35.25
                                                  arm6.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 162.213.35.24
                                                  mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 162.213.35.24
                                                  x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 162.213.35.24
                                                  gif.elfGet hashmaliciousXmrigBrowse
                                                  • 162.213.35.24
                                                  gif.elfGet hashmaliciousXmrigBrowse
                                                  • 162.213.35.25
                                                  huyhoangluvnhi.duckdns.orgblah.x86.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  blah.mips.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  blah.m68k.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  blah.arm7.elfGet hashmaliciousMiraiBrowse
                                                  • 160.191.245.152
                                                  blah.ppc.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  blah.x86_64.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  blah.arm.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  blah.mpsl.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  blah.spc.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  sh4.elfGet hashmaliciousUnknownBrowse
                                                  • 160.191.245.152
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  CANONICAL-ASGBna.elfGet hashmaliciousPrometeiBrowse
                                                  • 91.189.91.42
                                                  mips.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                  • 91.189.91.42
                                                  boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                  • 91.189.91.42
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                  • 91.189.91.42
                                                  gif.elfGet hashmaliciousUnknownBrowse
                                                  • 91.189.91.42
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                  • 91.189.91.42
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                  • 91.189.91.42
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                  • 91.189.91.42
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                  • 91.189.91.42
                                                  SINET-ASResearchOrganizationofInformationandSystemsNspc.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 133.222.255.170
                                                  arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 133.17.34.91
                                                  nklmips.elfGet hashmaliciousUnknownBrowse
                                                  • 160.247.95.208
                                                  nklsh4.elfGet hashmaliciousUnknownBrowse
                                                  • 202.243.177.47
                                                  nklarm5.elfGet hashmaliciousUnknownBrowse
                                                  • 202.236.130.196
                                                  nabmpsl.elfGet hashmaliciousUnknownBrowse
                                                  • 163.209.90.177
                                                  jklm68k.elfGet hashmaliciousUnknownBrowse
                                                  • 133.38.251.37
                                                  jklppc.elfGet hashmaliciousUnknownBrowse
                                                  • 202.13.34.166
                                                  jklsh4.elfGet hashmaliciousUnknownBrowse
                                                  • 160.31.211.108
                                                  jklarm5.elfGet hashmaliciousUnknownBrowse
                                                  • 160.14.239.126
                                                  No context
                                                  No context
                                                  No created / dropped files found
                                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                                  Entropy (8bit):6.542475008334571
                                                  TrID:
                                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                  File name:debug.dbg.elf
                                                  File size:55'504 bytes
                                                  MD5:994546ec709cd259d26572c6c648ff3c
                                                  SHA1:14eb6fb10abc34568901ed6dc5a8100cad229639
                                                  SHA256:3a87f9a9f0ac2407e7b413926cc23d47c5e17d4ab554bcbb221661dbc0feab9a
                                                  SHA512:b56b64cad9c3401fc173970f61705abcae5d58fa33ab6af3dff3407c75084c5fb6778a10662dae69eb749e3653ed7fa8609c200270cc89ba91df207c7ade02fe
                                                  SSDEEP:1536:uITW3WsRUK1ZgQohZGvSM0vTwGF5TTSlai:uIK3lRUK1ZgH/GvSVvMaTUH
                                                  TLSH:FB436CD4E643D8F5D8071AB1113AF7375E31F1F92218EA93D3A4EA32BC53641E546A8C
                                                  File Content Preview:.ELF....................d...4...@.......4. ...(.....................|...|....................d...d.......'..........Q.td............................U..S............h........[]...$.............U......=.g...t..5.....d......d......u........t....h|T..........

                                                  ELF header

                                                  Class:ELF32
                                                  Data:2's complement, little endian
                                                  Version:1 (current)
                                                  Machine:Intel 80386
                                                  Version Number:0x1
                                                  Type:EXEC (Executable file)
                                                  OS/ABI:UNIX - System V
                                                  ABI Version:0
                                                  Entry Point Address:0x8048164
                                                  Flags:0x0
                                                  ELF Header Size:52
                                                  Program Header Offset:52
                                                  Program Header Size:32
                                                  Number of Program Headers:3
                                                  Section Header Offset:55104
                                                  Section Header Size:40
                                                  Number of Section Headers:10
                                                  Header String Table Index:9
                                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                  NULL0x00x00x00x00x0000
                                                  .initPROGBITS0x80480940x940x1c0x00x6AX001
                                                  .textPROGBITS0x80480b00xb00xaef60x00x6AX0016
                                                  .finiPROGBITS0x8052fa60xafa60x170x00x6AX001
                                                  .rodataPROGBITS0x8052fc00xafc00x24bc0x00x2A0032
                                                  .ctorsPROGBITS0x80564800xd4800x80x00x3WA004
                                                  .dtorsPROGBITS0x80564880xd4880x80x00x3WA004
                                                  .dataPROGBITS0x80564a00xd4a00x2600x00x3WA0032
                                                  .bssNOBITS0x80567000xd7000x24800x00x3WA0032
                                                  .shstrtabSTRTAB0x00xd7000x3e0x00x0001
                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                  LOAD0x00x80480000x80480000xd47c0xd47c6.58030x5R E0x1000.init .text .fini .rodata
                                                  LOAD0xd4800x80564800x80564800x2800x27003.48900x6RW 0x1000.ctors .dtors .data .bss
                                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                  Download Network PCAP: filteredfull

                                                  • Total Packets: 134
                                                  • 56999 undefined
                                                  • 443 (HTTPS)
                                                  • 53 (DNS)
                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Mar 10, 2025 21:36:48.820678949 CET4507056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:48.825539112 CET5699945070160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:48.825592041 CET4507056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:48.825624943 CET4507056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:48.831299067 CET5699945070160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:48.831358910 CET4507056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:48.836724997 CET5699945070160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:49.773530006 CET5699945070160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:49.773658037 CET4507056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:49.773658037 CET4507056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:49.780960083 CET4507256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:49.785861969 CET5699945072160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:49.785940886 CET4507256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:49.785940886 CET4507256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:49.790839911 CET5699945072160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:49.794131994 CET4507256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:49.799014091 CET5699945072160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:50.740382910 CET5699945072160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:50.740515947 CET4507256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:50.743666887 CET4507256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:50.838113070 CET4507456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:50.842983007 CET5699945074160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:50.843947887 CET4507456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:50.843947887 CET4507456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:50.848750114 CET5699945074160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:50.848833084 CET4507456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:50.853741884 CET5699945074160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:51.780983925 CET5699945074160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:51.781192064 CET4507456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:51.781275034 CET4507456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:51.878019094 CET4507656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:51.882900000 CET5699945076160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:51.882949114 CET4507656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:51.882962942 CET4507656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:51.887818098 CET5699945076160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:51.887865067 CET4507656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:51.892736912 CET5699945076160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:53.266194105 CET5699945076160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:53.266448021 CET4507656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:53.266474009 CET4507656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:53.267654896 CET5699945076160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:53.267710924 CET4507656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:53.269931078 CET5699945076160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:53.269975901 CET4507656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:53.365411043 CET4507856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:53.370249033 CET5699945078160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:53.370379925 CET4507856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:53.370395899 CET4507856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:53.375191927 CET5699945078160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:53.375247955 CET4507856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:53.380042076 CET5699945078160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:54.348808050 CET5699945078160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:54.348942041 CET4507856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:54.348942041 CET4507856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:56.447351933 CET4508056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:56.452444077 CET5699945080160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:56.452569962 CET4508056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:56.452611923 CET4508056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:56.457442999 CET5699945080160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:56.457506895 CET4508056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:56.463300943 CET5699945080160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:57.404176950 CET5699945080160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:57.404325962 CET4508056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:57.404365063 CET4508056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:57.512315989 CET4508256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:57.517163038 CET5699945082160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:57.517227888 CET4508256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:57.517256975 CET4508256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:57.522021055 CET5699945082160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:57.522067070 CET4508256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:57.526807070 CET5699945082160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:58.494503975 CET5699945082160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:58.494824886 CET4508256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:58.494826078 CET4508256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:58.501774073 CET4508456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:58.506580114 CET5699945084160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:58.506669998 CET4508456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:58.506728888 CET4508456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:58.511477947 CET5699945084160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:58.511533022 CET4508456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:58.517364025 CET5699945084160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:59.371402025 CET48202443192.168.2.13185.125.190.26
                                                  Mar 10, 2025 21:36:59.437571049 CET5699945084160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:59.437704086 CET4508456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:59.437815905 CET4508456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:59.446747065 CET4508656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:59.451992989 CET5699945086160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:59.452059031 CET4508656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:59.452131033 CET4508656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:59.457305908 CET5699945086160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:36:59.457357883 CET4508656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:36:59.462177038 CET5699945086160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:00.386605978 CET5699945086160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:00.386723995 CET4508656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:00.386765957 CET4508656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:00.394311905 CET4508856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:00.399133921 CET5699945088160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:00.399188995 CET4508856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:00.399225950 CET4508856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:00.404025078 CET5699945088160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:00.404072046 CET4508856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:00.408898115 CET5699945088160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:01.331213951 CET5699945088160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:01.331356049 CET4508856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:01.331394911 CET4508856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:01.338485956 CET4509056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:01.343456030 CET5699945090160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:01.343569040 CET4509056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:01.343569040 CET4509056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:01.348417997 CET5699945090160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:01.348481894 CET4509056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:01.353266954 CET5699945090160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:02.277445078 CET5699945090160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:02.277695894 CET4509056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:02.277765989 CET4509056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:02.284898043 CET4509256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:02.289766073 CET5699945092160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:02.289877892 CET4509256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:02.289947033 CET4509256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:02.294761896 CET5699945092160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:02.294862032 CET4509256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:02.299631119 CET5699945092160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:03.263415098 CET5699945092160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:03.263534069 CET4509256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:03.263571978 CET4509256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:03.270904064 CET4509456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:03.275789976 CET5699945094160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:03.275883913 CET4509456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:03.275907993 CET4509456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:03.280744076 CET5699945094160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:03.280798912 CET4509456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:03.288104057 CET5699945094160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:04.230654955 CET5699945094160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:04.230783939 CET4509456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:04.230812073 CET4509456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:04.238226891 CET4509656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:04.243033886 CET5699945096160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:04.243232965 CET4509656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:04.243232965 CET4509656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:04.258558989 CET5699945096160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:04.258673906 CET4509656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:04.263575077 CET5699945096160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:05.239974976 CET5699945096160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:05.240087986 CET4509656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:05.240144014 CET4509656999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:05.340162992 CET4509856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:05.345112085 CET5699945098160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:05.345227957 CET4509856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:05.345227957 CET4509856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:05.350111008 CET5699945098160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:05.350168943 CET4509856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:05.354983091 CET5699945098160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:06.282017946 CET5699945098160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:06.282255888 CET4509856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:06.282288074 CET4509856999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:06.290775061 CET4510056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:06.297566891 CET5699945100160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:06.297669888 CET4510056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:06.297669888 CET4510056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:06.302556992 CET5699945100160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:06.302628994 CET4510056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:06.307739019 CET5699945100160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:07.280450106 CET5699945100160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:07.280721903 CET4510056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:07.280775070 CET4510056999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:07.288376093 CET4510256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:07.293308020 CET5699945102160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:07.293399096 CET4510256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:07.293486118 CET4510256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:07.299511909 CET5699945102160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:07.299593925 CET4510256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:07.304399014 CET5699945102160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:08.239826918 CET5699945102160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:08.239998102 CET4510256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:08.240052938 CET4510256999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:08.247631073 CET4510456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:08.252473116 CET5699945104160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:08.252542019 CET4510456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:08.252593040 CET4510456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:08.257406950 CET5699945104160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:08.257473946 CET4510456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:08.262269974 CET5699945104160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:18.262754917 CET4510456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:18.267817974 CET5699945104160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:18.602377892 CET5699945104160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:18.602570057 CET4510456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:31.627315998 CET48202443192.168.2.13185.125.190.26
                                                  Mar 10, 2025 21:37:32.711920977 CET4510456999192.168.2.13160.191.245.152
                                                  Mar 10, 2025 21:37:32.717159033 CET5699945104160.191.245.152192.168.2.13
                                                  Mar 10, 2025 21:37:32.717232943 CET4510456999192.168.2.13160.191.245.152
                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Mar 10, 2025 21:36:48.723958969 CET5139053192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:48.820571899 CET53513908.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:36:49.773809910 CET5171953192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:49.780771971 CET53517198.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:36:50.740580082 CET3603653192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:50.837979078 CET53360368.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:36:51.781439066 CET5002253192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:51.877886057 CET53500228.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:36:53.266530991 CET6079753192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:53.365124941 CET53607978.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:36:54.348995924 CET5933253192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:56.447132111 CET53593328.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:36:57.404371023 CET4404053192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:57.512002945 CET53440408.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:36:58.494873047 CET4081253192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:58.501646042 CET53408128.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:36:59.438122034 CET4904153192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:36:59.446614981 CET53490418.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:00.386821032 CET5273753192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:00.394227982 CET53527378.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:01.331430912 CET4943253192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:01.338395119 CET53494328.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:02.277841091 CET5776153192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:02.284676075 CET53577618.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:03.263632059 CET4947353192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:03.270797014 CET53494738.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:04.230870008 CET4230153192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:04.238018990 CET53423018.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:05.240211010 CET4302253192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:05.337013006 CET53430228.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:06.282329082 CET4660653192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:06.290694952 CET53466068.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:07.280911922 CET3669153192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:07.288216114 CET53366918.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:37:08.240154028 CET4028053192.168.2.138.8.8.8
                                                  Mar 10, 2025 21:37:08.247486115 CET53402808.8.8.8192.168.2.13
                                                  Mar 10, 2025 21:39:33.502722025 CET5744153192.168.2.131.1.1.1
                                                  Mar 10, 2025 21:39:33.502791882 CET3858353192.168.2.131.1.1.1
                                                  Mar 10, 2025 21:39:33.509700060 CET53574411.1.1.1192.168.2.13
                                                  Mar 10, 2025 21:39:33.509955883 CET53385831.1.1.1192.168.2.13
                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Mar 10, 2025 21:36:48.723958969 CET192.168.2.138.8.8.80x4403Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:49.773809910 CET192.168.2.138.8.8.80x8636Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:50.740580082 CET192.168.2.138.8.8.80x856bStandard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:51.781439066 CET192.168.2.138.8.8.80xfc7dStandard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:53.266530991 CET192.168.2.138.8.8.80x45d6Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:54.348995924 CET192.168.2.138.8.8.80xaabfStandard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:57.404371023 CET192.168.2.138.8.8.80x9430Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:58.494873047 CET192.168.2.138.8.8.80xf1c7Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:59.438122034 CET192.168.2.138.8.8.80xb01dStandard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:00.386821032 CET192.168.2.138.8.8.80xc024Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:01.331430912 CET192.168.2.138.8.8.80x7398Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:02.277841091 CET192.168.2.138.8.8.80x3e9bStandard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:03.263632059 CET192.168.2.138.8.8.80xcaf7Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:04.230870008 CET192.168.2.138.8.8.80x572aStandard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:05.240211010 CET192.168.2.138.8.8.80xd6a9Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:06.282329082 CET192.168.2.138.8.8.80xc2deStandard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:07.280911922 CET192.168.2.138.8.8.80x9ea7Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:08.240154028 CET192.168.2.138.8.8.80x41e3Standard query (0)huyhoangluvnhi.duckdns.orgA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:39:33.502722025 CET192.168.2.131.1.1.10x3710Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:39:33.502791882 CET192.168.2.131.1.1.10xf5ddStandard query (0)daisy.ubuntu.com28IN (0x0001)false
                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Mar 10, 2025 21:36:48.820571899 CET8.8.8.8192.168.2.130x4403No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:49.780771971 CET8.8.8.8192.168.2.130x8636No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:50.837979078 CET8.8.8.8192.168.2.130x856bNo error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:51.877886057 CET8.8.8.8192.168.2.130xfc7dNo error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:53.365124941 CET8.8.8.8192.168.2.130x45d6No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:56.447132111 CET8.8.8.8192.168.2.130xaabfNo error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:57.512002945 CET8.8.8.8192.168.2.130x9430No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:58.501646042 CET8.8.8.8192.168.2.130xf1c7No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:36:59.446614981 CET8.8.8.8192.168.2.130xb01dNo error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:00.394227982 CET8.8.8.8192.168.2.130xc024No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:01.338395119 CET8.8.8.8192.168.2.130x7398No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:02.284676075 CET8.8.8.8192.168.2.130x3e9bNo error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:03.270797014 CET8.8.8.8192.168.2.130xcaf7No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:04.238018990 CET8.8.8.8192.168.2.130x572aNo error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:05.337013006 CET8.8.8.8192.168.2.130xd6a9No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:06.290694952 CET8.8.8.8192.168.2.130xc2deNo error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:07.288216114 CET8.8.8.8192.168.2.130x9ea7No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:37:08.247486115 CET8.8.8.8192.168.2.130x41e3No error (0)huyhoangluvnhi.duckdns.org160.191.245.152A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:39:33.509700060 CET1.1.1.1192.168.2.130x3710No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                                  Mar 10, 2025 21:39:33.509700060 CET1.1.1.1192.168.2.130x3710No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                                  System Behavior

                                                  Start time (UTC):20:36:37
                                                  Start date (UTC):10/03/2025
                                                  Path:/usr/bin/dash
                                                  Arguments:-
                                                  File size:129816 bytes
                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                  Start time (UTC):20:36:37
                                                  Start date (UTC):10/03/2025
                                                  Path:/usr/bin/rm
                                                  Arguments:rm -f /tmp/tmp.RBPxToCMAw /tmp/tmp.N9R1GNEKsk /tmp/tmp.8YRKlJ9iR2
                                                  File size:72056 bytes
                                                  MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                  Start time (UTC):20:36:37
                                                  Start date (UTC):10/03/2025
                                                  Path:/usr/bin/dash
                                                  Arguments:-
                                                  File size:129816 bytes
                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                  Start time (UTC):20:36:37
                                                  Start date (UTC):10/03/2025
                                                  Path:/usr/bin/rm
                                                  Arguments:rm -f /tmp/tmp.RBPxToCMAw /tmp/tmp.N9R1GNEKsk /tmp/tmp.8YRKlJ9iR2
                                                  File size:72056 bytes
                                                  MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                  Start time (UTC):20:36:46
                                                  Start date (UTC):10/03/2025
                                                  Path:/tmp/debug.dbg.elf
                                                  Arguments:/tmp/debug.dbg.elf
                                                  File size:55504 bytes
                                                  MD5 hash:994546ec709cd259d26572c6c648ff3c

                                                  Start time (UTC):20:36:47
                                                  Start date (UTC):10/03/2025
                                                  Path:/tmp/debug.dbg.elf
                                                  Arguments:-
                                                  File size:55504 bytes
                                                  MD5 hash:994546ec709cd259d26572c6c648ff3c