Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
mips.elf

Overview

General Information

Sample name:mips.elf
Analysis ID:1644163
MD5:d9d29cd0ea9f9bddca4e1df6c9c1af37
SHA1:76943b46eab83b0ba56d8c5c6d69216b6b5af6f1
SHA256:0d0e3d49fe0eebda60f374ca0e557da4d31a3a9fb15690529726e8761c0e8583
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Contains symbols with names commonly found in malware
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Reads system version information
Sample and/or dropped files contains symbols with suspicious names
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1644163
Start date and time:2025-03-20 12:16:31 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 22s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mips.elf
Detection:MAL
Classification:mal76.troj.linELF@0/0@1/0

Runtime Messages

Command:/tmp/mips.elf
PID:5724
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
srolangvan.com
Standard Error:

Process Tree

  • system is lnxubuntu20
  • mips.elf (PID: 5724, Parent: 5530, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.elf
    • mips.elf New Fork (PID: 5727, Parent: 5724)
      • mips.elf New Fork (PID: 5729, Parent: 5727)
  • systemd New Fork (PID: 5768, Parent: 1)
  • snap-failure (PID: 5768, Parent: 1, MD5: 69136a7d575731ce62349f2e4d3e5c36) Arguments: /usr/lib/snapd/snap-failure snapd
    • systemctl (PID: 5781, Parent: 5768, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop snapd.socket
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
mips.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    mips.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x1282c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1287c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12908:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1291c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12930:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12944:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1296c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x129a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x129bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5724.1.00007f122c400000.00007f122c414000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x1282c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1287c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12908:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1291c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12930:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12944:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1296c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x12994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x129a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x129bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • AV Detection
    • Networking
    • System Summary
    • Persistence and Installation Behavior
    • Malware Analysis System Evasion
    • Stealing of Sensitive Information
    • Remote Access Functionality

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: mips.elfAvira: detected
    Source: mips.elfReversingLabs: Detection: 41%
    Source: global trafficTCP traffic: 192.168.2.13:38050 -> 103.142.27.125:56999
    Source: /tmp/mips.elf (PID: 5724)Socket: 127.0.0.1:46157Jump to behavior
    Source: global trafficDNS traffic detected: DNS query: srolangvan.com

    System Summary

    barindex
    Source: mips.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5724.1.00007f122c400000.00007f122c414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_kill_all
    Source: ELF static info symbol of initial sampleName: attack_method_nudp
    Source: ELF static info symbol of initial sampleName: attack_method_stdhex
    Source: ELF static info symbol of initial sampleName: attack_method_tcp
    Source: ELF static info symbol of initial sampleName: attack_ongoing
    Source: ELF static info symbol of initial sampleName: attack_parse
    Source: mips.elfELF static info symbol of initial sample: hexPayload
    Source: mips.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5724.1.00007f122c400000.00007f122c414000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal76.troj.linELF@0/0@1/0
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/230/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/110/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/231/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/111/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/232/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/112/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/233/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/113/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/234/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/114/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/235/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/115/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/236/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/116/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/237/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/117/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/238/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/118/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/239/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/119/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/3631/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/914/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/10/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/917/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/11/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/12/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/13/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/14/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/15/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/16/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/17/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/18/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/19/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/240/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/3095/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/120/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/241/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/121/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/242/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/1/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/122/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/243/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/2/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/123/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/244/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/3/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/124/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/245/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/1588/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/125/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/4/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/246/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/126/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/5/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/247/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/127/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/6/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/248/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/128/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/7/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/249/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/129/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/8/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/800/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/9/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/1906/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/802/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/803/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/20/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/21/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/22/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/23/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/24/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/25/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/26/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/27/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/28/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/29/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/3420/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/1482/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/490/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/1480/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/250/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/371/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/130/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/251/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/131/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/252/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/132/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/253/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/254/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/1238/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/134/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/255/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/256/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/257/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/378/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/3413/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/258/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/259/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/1475/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/5710/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/5712/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/936/cmdlineJump to behavior
    Source: /tmp/mips.elf (PID: 5729)File opened: /proc/30/cmdlineJump to behavior
    Source: /usr/lib/snapd/snap-failure (PID: 5781)Systemctl executable: /usr/bin/systemctl -> systemctl stop snapd.socketJump to behavior
    Source: /usr/lib/snapd/snap-failure (PID: 5768)Reads version info: /proc/versionJump to behavior
    Source: /tmp/mips.elf (PID: 5724)Queries kernel information via 'uname': Jump to behavior
    Source: mips.elf, 5724.1.000055c88c4bb000.000055c88c542000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
    Source: mips.elf, 5724.1.000055c88c4bb000.000055c88c542000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
    Source: mips.elf, 5724.1.00007ffe7f21d000.00007ffe7f23e000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.elf
    Source: mips.elf, 5724.1.00007ffe7f21d000.00007ffe7f23e000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: mips.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: mips.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    Systemd Service    		1
    Systemd Service    		1
    Masquerading    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local System1
    Non-Standard Port    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
    System Information Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1644163 Sample: mips.elf Startdate: 20/03/2025 Architecture: LINUX Score: 76 20 srolangvan.com 103.142.27.125, 38050, 56999 WEBICO-AS-VNWebicoCompanyLimitedVN Viet Nam 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 2 other signatures 2->28 8 systemd snap-failure 2->8         started        10 mips.elf 2->10         started        signatures3 process4 process5 12 snap-failure systemctl 8->12         started        14 snap-failure 8->14         started        16 mips.elf 10->16         started        process6 18 mips.elf 16->18         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    mips.elf42%ReversingLabsLinux.Backdoor.Mirai
    mips.elf100%AviraEXP/ELF.Mirai.J

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Download Network PCAP: filteredfull

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    srolangvan.com
    		103.142.27.125
    		truefalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      103.142.27.125
      		srolangvan.comViet Nam
      		135951WEBICO-AS-VNWebicoCompanyLimitedVNfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      103.142.27.125arm6.elfGet hashmaliciousMiraiBrowse

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        srolangvan.comarm6.elfGet hashmaliciousMiraiBrowse
        • 103.142.27.125
        sh4.elfGet hashmaliciousMiraiBrowse
        • 160.22.161.89
        debug.dbg.elfGet hashmaliciousMiraiBrowse
        • 160.22.161.89
        x86.elfGet hashmaliciousMiraiBrowse
        • 160.22.161.89
        m68k.elfGet hashmaliciousUnknownBrowse
        • 160.22.161.89
        arm.elfGet hashmaliciousUnknownBrowse
        • 160.22.161.89
        ppc.elfGet hashmaliciousMiraiBrowse
        • 160.22.161.89
        mips.elfGet hashmaliciousMiraiBrowse
        • 160.22.161.89
        mpsl.elfGet hashmaliciousMiraiBrowse
        • 160.22.161.89
        arm6.elfGet hashmaliciousMiraiBrowse
        • 160.22.161.89

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        WEBICO-AS-VNWebicoCompanyLimitedVNarm6.elfGet hashmaliciousMiraiBrowse
        • 103.142.27.125
        http://admin-globalviolationpolicies.online/Get hashmaliciousUnknownBrowse
        • 103.130.216.144
        0ILPz2ji09.exeGet hashmaliciousAgentTeslaBrowse
        • 103.130.216.118
        SecuriteInfo.com.Win32.PWSX-gen.18151.17745.exeGet hashmaliciousAgentTeslaBrowse
        • 103.130.216.118
        https://mail.thesteampowered.help/Get hashmaliciousUnknownBrowse
        • 103.130.217.240
        https://thesteampowered.help/Get hashmaliciousUnknownBrowse
        • 103.130.217.240
        https://store.thesteampowered.help/Get hashmaliciousUnknownBrowse
        • 103.130.217.240
        https://cachnhietkyanh.com.vn/Get hashmaliciousUnknownBrowse
        • 103.130.216.175
        skid.x86.elfGet hashmaliciousMoobotBrowse
        • 103.130.223.85
        https://www.google.com/amp/s/lavena.vn%2Fsouth-yk%2FtLKzT%2F84861%2FYm9ibWFydGluQGF0bGFudGFmb3JrbGlmdHMuY29tGet hashmaliciousUnknownBrowse
        • 103.130.217.65

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
        Entropy (8bit):5.632272341714598
        TrID:
        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
        File name:mips.elf
        File size:102'210 bytes
        MD5:d9d29cd0ea9f9bddca4e1df6c9c1af37
        SHA1:76943b46eab83b0ba56d8c5c6d69216b6b5af6f1
        SHA256:0d0e3d49fe0eebda60f374ca0e557da4d31a3a9fb15690529726e8761c0e8583
        SHA512:a3a665c6b9aea4194c17bde6ed004f8749aa96114e9518262b1945ef8e932b5fa7f8a4297abd3403251f08eec6ba3be84f16158c79ff3e49cadd65303f91f1bd
        SSDEEP:1536:uRGSiyaASiJArwM9kC960mq33BiCRAjM0c9mpOzPS:7SiyQvLmqhqY0WmpQq
        TLSH:17A3D71A6B118FACF68E923107F79E31566527D227E2D141E15CDF102F6238E6C4FBA8
        File Content Preview:.ELF.....................@.....4..H......4. ...(.............@...@....8...8...............8..B8..B8.... ..6...............8..B8..B8.................dt.Q............................<...'......!'.......................<...'......!........'9... .............

        Static ELF Info

        ELF header

        Class:ELF32
        Data:2's complement, big endian
        Version:1 (current)
        Machine:MIPS R3000
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:UNIX - System V
        ABI Version:0
        Entry Point Address:0x400290
        Flags:0x1007
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:4
        Section Header Offset:84184
        Section Header Size:40
        Number of Section Headers:19
        Header String Table Index:16

        Sections

        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
        NULL0x00x00x00x00x0000
        .initPROGBITS0x4000b40xb40x8c0x00x6AX004
        .textPROGBITS0x4001400x1400x125b00x00x6AX0016
        .finiPROGBITS0x4126f00x126f00x5c0x00x6AX004
        .rodataPROGBITS0x4127500x127500x11600x00x2A0016
        .eh_framePROGBITS0x4238b00x138b00x440x00x3WA004
        .tbssNOBITS0x4238f40x138f40x80x00x403WAT004
        .ctorsPROGBITS0x4238f40x138f40x80x00x3WA004
        .dtorsPROGBITS0x4238fc0x138fc0x80x00x3WA004
        .jcrPROGBITS0x4239040x139040x40x00x3WA004
        .dataPROGBITS0x4239100x139100x2540x00x3WA0016
        .gotPROGBITS0x423b700x13b700x4600x40x10000003WAp0016
        .sbssNOBITS0x423fd00x13fd00x340x00x10000003WAp004
        .bssNOBITS0x4240100x13fd00x2f300x00x3WA0016
        .commentPROGBITS0x00x13fd00x8820x00x0001
        .mdebug.abi32PROGBITS0x8820x148520x00x00x0001
        .shstrtabSTRTAB0x00x148520x850x00x0001
        .symtabSYMTAB0x00x14bd00x26800x100x0182284
        .strtabSTRTAB0x00x172500x1cf20x00x0001

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x4000000x4000000x138b00x138b05.47630x5R E0x10000.init .text .fini .rodata
        LOAD0x138b00x4238b00x4238b00x7200x36904.43080x6RW 0x10000.eh_frame .tbss .ctors .dtors .jcr .data .got .sbss .bss
        TLS0x138f40x4238f40x4238f40x00x80.00000x4R 0x4.tbss
        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

        Symbols

        NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
        .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        .symtab0x4000b40SECTION<unknown>DEFAULT1
        .symtab0x4001400SECTION<unknown>DEFAULT2
        .symtab0x4126f00SECTION<unknown>DEFAULT3
        .symtab0x4127500SECTION<unknown>DEFAULT4
        .symtab0x4238b00SECTION<unknown>DEFAULT5
        .symtab0x4238f40SECTION<unknown>DEFAULT6
        .symtab0x4238f40SECTION<unknown>DEFAULT7
        .symtab0x4238fc0SECTION<unknown>DEFAULT8
        .symtab0x4239040SECTION<unknown>DEFAULT9
        .symtab0x4239100SECTION<unknown>DEFAULT10
        .symtab0x423b700SECTION<unknown>DEFAULT11
        .symtab0x423fd00SECTION<unknown>DEFAULT12
        .symtab0x4240100SECTION<unknown>DEFAULT13
        .symtab0x00SECTION<unknown>DEFAULT14
        .symtab0x8820SECTION<unknown>DEFAULT15
        C.1.5091.symtab0x4130b024OBJECT<unknown>DEFAULT4
        C.3.5380.symtab0x41352c12OBJECT<unknown>DEFAULT4
        C.3.6114.symtab0x41387812OBJECT<unknown>DEFAULT4
        C.3.6172.symtab0x41385012OBJECT<unknown>DEFAULT4
        C.4.6115.symtab0x41386c12OBJECT<unknown>DEFAULT4
        C.5.6123.symtab0x41386012OBJECT<unknown>DEFAULT4
        C.6.5518.symtab0x41352012OBJECT<unknown>DEFAULT4
        FRAMESZ.symtab0x200NOTYPE<unknown>DEFAULTSHN_ABS
        GPOFF.symtab0x180NOTYPE<unknown>DEFAULTSHN_ABS
        LOCALSZ.symtab0x30NOTYPE<unknown>DEFAULTSHN_ABS
        LOCAL_ADDR.symtab0x423fd04OBJECT<unknown>DEFAULT12
        RAOFF.symtab0x1c0NOTYPE<unknown>DEFAULTSHN_ABS
        V0OFF.symtab0x140NOTYPE<unknown>DEFAULTSHN_ABS
        _Exit.symtab0x40eba076FUNC<unknown>DEFAULT2
        _GLOBAL_OFFSET_TABLE_.symtab0x423b700OBJECT<unknown>DEFAULT11
        _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __CTOR_END__.symtab0x4238f80OBJECT<unknown>DEFAULT7
        __CTOR_LIST__.symtab0x4238f40OBJECT<unknown>DEFAULT7
        __C_ctype_b.symtab0x423a5c4OBJECT<unknown>DEFAULT10
        __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __C_ctype_b_data.symtab0x413550768OBJECT<unknown>DEFAULT4
        __DTOR_END__.symtab0x4239000OBJECT<unknown>DEFAULT8
        __DTOR_LIST__.symtab0x4238fc0OBJECT<unknown>DEFAULT8
        __EH_FRAME_BEGIN__.symtab0x4238b00OBJECT<unknown>DEFAULT5
        __FRAME_END__.symtab0x4238f00OBJECT<unknown>DEFAULT5
        __GI___C_ctype_b.symtab0x423a5c4OBJECT<unknown>HIDDEN10
        __GI___close.symtab0x40de7c176FUNC<unknown>HIDDEN2
        __GI___close_nocancel.symtab0x40de5440FUNC<unknown>HIDDEN2
        __GI___ctype_b.symtab0x423a604OBJECT<unknown>HIDDEN10
        __GI___errno_location.symtab0x40a29028FUNC<unknown>HIDDEN2
        __GI___fcntl_nocancel.symtab0x409880108FUNC<unknown>HIDDEN2
        __GI___fgetc_unlocked.symtab0x410d60388FUNC<unknown>HIDDEN2
        __GI___libc_close.symtab0x40de7c176FUNC<unknown>HIDDEN2
        __GI___libc_fcntl.symtab0x4098ec268FUNC<unknown>HIDDEN2
        __GI___libc_open.symtab0x40df6c192FUNC<unknown>HIDDEN2
        __GI___libc_read.symtab0x40e16c192FUNC<unknown>HIDDEN2
        __GI___libc_write.symtab0x40e06c192FUNC<unknown>HIDDEN2
        __GI___open.symtab0x40df6c192FUNC<unknown>HIDDEN2
        __GI___open_nocancel.symtab0x40df4440FUNC<unknown>HIDDEN2
        __GI___read.symtab0x40e16c192FUNC<unknown>HIDDEN2
        __GI___read_nocancel.symtab0x40e14440FUNC<unknown>HIDDEN2
        __GI___sigaddset.symtab0x40afd844FUNC<unknown>HIDDEN2
        __GI___sigdelset.symtab0x40b00448FUNC<unknown>HIDDEN2
        __GI___sigismember.symtab0x40afb040FUNC<unknown>HIDDEN2
        __GI___uClibc_fini.symtab0x40e3e0204FUNC<unknown>HIDDEN2
        __GI___uClibc_init.symtab0x40e534120FUNC<unknown>HIDDEN2
        __GI___write.symtab0x40e06c192FUNC<unknown>HIDDEN2
        __GI___write_nocancel.symtab0x40e04440FUNC<unknown>HIDDEN2
        __GI__exit.symtab0x40eba076FUNC<unknown>HIDDEN2
        __GI_abort.symtab0x40c7a0408FUNC<unknown>HIDDEN2
        __GI_accept.symtab0x40a4fc220FUNC<unknown>HIDDEN2
        __GI_bind.symtab0x40a5e060FUNC<unknown>HIDDEN2
        __GI_brk.symtab0x411e8080FUNC<unknown>HIDDEN2
        __GI_close.symtab0x40de7c176FUNC<unknown>HIDDEN2
        __GI_closedir.symtab0x409d60292FUNC<unknown>HIDDEN2
        __GI_config_close.symtab0x40f8b4132FUNC<unknown>HIDDEN2
        __GI_config_open.symtab0x40f938116FUNC<unknown>HIDDEN2
        __GI_config_read.symtab0x40f3f01220FUNC<unknown>HIDDEN2
        __GI_connect.symtab0x40a65c220FUNC<unknown>HIDDEN2
        __GI_exit.symtab0x40d0c0240FUNC<unknown>HIDDEN2
        __GI_fclose.symtab0x40f9b0804FUNC<unknown>HIDDEN2
        __GI_fcntl.symtab0x4098ec268FUNC<unknown>HIDDEN2
        __GI_fflush_unlocked.symtab0x4109a8940FUNC<unknown>HIDDEN2
        __GI_fgetc.symtab0x410460372FUNC<unknown>HIDDEN2
        __GI_fgetc_unlocked.symtab0x410d60388FUNC<unknown>HIDDEN2
        __GI_fgets.symtab0x4105e0320FUNC<unknown>HIDDEN2
        __GI_fgets_unlocked.symtab0x410ef0276FUNC<unknown>HIDDEN2
        __GI_fopen.symtab0x40fce028FUNC<unknown>HIDDEN2
        __GI_fork.symtab0x40d6d0988FUNC<unknown>HIDDEN2
        __GI_fstat.symtab0x40ebf0136FUNC<unknown>HIDDEN2
        __GI_getc_unlocked.symtab0x410d60388FUNC<unknown>HIDDEN2
        __GI_getdtablesize.symtab0x40ed9072FUNC<unknown>HIDDEN2
        __GI_getegid.symtab0x40ede016FUNC<unknown>HIDDEN2
        __GI_geteuid.symtab0x40edf016FUNC<unknown>HIDDEN2
        __GI_getgid.symtab0x40ee0016FUNC<unknown>HIDDEN2
        __GI_getpagesize.symtab0x40ee1048FUNC<unknown>HIDDEN2
        __GI_getpid.symtab0x40dab084FUNC<unknown>HIDDEN2
        __GI_getrlimit.symtab0x40ee4060FUNC<unknown>HIDDEN2
        __GI_getsockname.symtab0x40a74060FUNC<unknown>HIDDEN2
        __GI_getuid.symtab0x40ee8016FUNC<unknown>HIDDEN2
        __GI_inet_addr.symtab0x40a47072FUNC<unknown>HIDDEN2
        __GI_inet_aton.symtab0x411930244FUNC<unknown>HIDDEN2
        __GI_initstate_r.symtab0x40ce7c300FUNC<unknown>HIDDEN2
        __GI_ioctl.symtab0x411f50248FUNC<unknown>HIDDEN2
        __GI_isatty.symtab0x41184060FUNC<unknown>HIDDEN2
        __GI_kill.symtab0x409a1056FUNC<unknown>HIDDEN2
        __GI_listen.symtab0x40a7e060FUNC<unknown>HIDDEN2
        __GI_lseek64.symtab0x4125f0140FUNC<unknown>HIDDEN2
        __GI_memcpy.symtab0x411010308FUNC<unknown>HIDDEN2
        __GI_memmove.symtab0x411150824FUNC<unknown>HIDDEN2
        __GI_mempcpy.symtab0x41254076FUNC<unknown>HIDDEN2
        __GI_memset.symtab0x40a320144FUNC<unknown>HIDDEN2
        __GI_mmap.symtab0x40ea20112FUNC<unknown>HIDDEN2
        __GI_mremap.symtab0x40ee9096FUNC<unknown>HIDDEN2
        __GI_munmap.symtab0x40eef060FUNC<unknown>HIDDEN2
        __GI_nanosleep.symtab0x40ef6c200FUNC<unknown>HIDDEN2
        __GI_open.symtab0x40df6c192FUNC<unknown>HIDDEN2
        __GI_opendir.symtab0x409fa4240FUNC<unknown>HIDDEN2
        __GI_raise.symtab0x40db10264FUNC<unknown>HIDDEN2
        __GI_random.symtab0x40c960164FUNC<unknown>HIDDEN2
        __GI_random_r.symtab0x40cc40172FUNC<unknown>HIDDEN2
        __GI_read.symtab0x40e16c192FUNC<unknown>HIDDEN2
        __GI_readdir.symtab0x40a180264FUNC<unknown>HIDDEN2
        __GI_readdir64.symtab0x40f2e0272FUNC<unknown>HIDDEN2
        __GI_readlink.symtab0x409ab060FUNC<unknown>HIDDEN2
        __GI_recv.symtab0x40a85c240FUNC<unknown>HIDDEN2
        __GI_recvfrom.symtab0x40a9c0280FUNC<unknown>HIDDEN2
        __GI_sbrk.symtab0x40f040164FUNC<unknown>HIDDEN2
        __GI_select.symtab0x409b50260FUNC<unknown>HIDDEN2
        __GI_send.symtab0x40ab1c240FUNC<unknown>HIDDEN2
        __GI_sendto.symtab0x40ac80280FUNC<unknown>HIDDEN2
        __GI_setsid.symtab0x409c6060FUNC<unknown>HIDDEN2
        __GI_setsockopt.symtab0x40ada096FUNC<unknown>HIDDEN2
        __GI_setstate_r.symtab0x40cfa8272FUNC<unknown>HIDDEN2
        __GI_sigaction.symtab0x40ea9028FUNC<unknown>HIDDEN2
        __GI_sigaddset.symtab0x40ae4076FUNC<unknown>HIDDEN2
        __GI_sigemptyset.symtab0x40ae9036FUNC<unknown>HIDDEN2
        __GI_signal.symtab0x40aec0228FUNC<unknown>HIDDEN2
        __GI_sigprocmask.symtab0x409ca0176FUNC<unknown>HIDDEN2
        __GI_sleep.symtab0x40dc20404FUNC<unknown>HIDDEN2
        __GI_socket.symtab0x40ae0060FUNC<unknown>HIDDEN2
        __GI_srandom_r.symtab0x40ccec400FUNC<unknown>HIDDEN2
        __GI_strchr.symtab0x411490248FUNC<unknown>HIDDEN2
        __GI_strchrnul.symtab0x411590248FUNC<unknown>HIDDEN2
        __GI_strcmp.symtab0x41169044FUNC<unknown>HIDDEN2
        __GI_strcoll.symtab0x41169044FUNC<unknown>HIDDEN2
        __GI_strcspn.symtab0x4116c0144FUNC<unknown>HIDDEN2
        __GI_strlen.symtab0x40a3b0184FUNC<unknown>HIDDEN2
        __GI_strrchr.symtab0x411750160FUNC<unknown>HIDDEN2
        __GI_strspn.symtab0x4117f072FUNC<unknown>HIDDEN2
        __GI_sysconf.symtab0x40d3ac792FUNC<unknown>HIDDEN2
        __GI_tcgetattr.symtab0x411880176FUNC<unknown>HIDDEN2
        __GI_time.symtab0x409d5016FUNC<unknown>HIDDEN2
        __GI_times.symtab0x40f0f016FUNC<unknown>HIDDEN2
        __GI_write.symtab0x40e06c192FUNC<unknown>HIDDEN2
        __JCR_END__.symtab0x4239040OBJECT<unknown>DEFAULT9
        __JCR_LIST__.symtab0x4239040OBJECT<unknown>DEFAULT9
        __app_fini.symtab0x4245ec4OBJECT<unknown>HIDDEN13
        __atexit_lock.symtab0x423a3024OBJECT<unknown>DEFAULT10
        __bss_start.symtab0x423fd00NOTYPE<unknown>DEFAULTSHN_ABS
        __check_one_fd.symtab0x40e4ac136FUNC<unknown>DEFAULT2
        __close.symtab0x40de7c176FUNC<unknown>DEFAULT2
        __close_nocancel.symtab0x40de5440FUNC<unknown>DEFAULT2
        __ctype_b.symtab0x423a604OBJECT<unknown>DEFAULT10
        __curbrk.symtab0x426b604OBJECT<unknown>HIDDEN13
        __deregister_frame_info.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
        __do_global_ctors_aux.symtab0x4126800FUNC<unknown>DEFAULT2
        __do_global_dtors_aux.symtab0x4001400FUNC<unknown>DEFAULT2
        __environ.symtab0x4245e44OBJECT<unknown>DEFAULT13
        __errno_location.symtab0x40a29028FUNC<unknown>DEFAULT2
        __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __exit_cleanup.symtab0x4240804OBJECT<unknown>HIDDEN13
        __fcntl_nocancel.symtab0x409880108FUNC<unknown>DEFAULT2
        __fgetc_unlocked.symtab0x410d60388FUNC<unknown>DEFAULT2
        __fini_array_end.symtab0x4238f40NOTYPE<unknown>HIDDEN6
        __fini_array_start.symtab0x4238f40NOTYPE<unknown>HIDDEN6
        __fork.symtab0x40d6d0988FUNC<unknown>DEFAULT2
        __fork_generation_pointer.symtab0x423fd44OBJECT<unknown>HIDDEN12
        __fork_handlers.symtab0x423fd84OBJECT<unknown>HIDDEN12
        __fork_lock.symtab0x4240904OBJECT<unknown>HIDDEN13
        __getdents.symtab0x40ec80268FUNC<unknown>HIDDEN2
        __getdents64.symtab0x412050436FUNC<unknown>HIDDEN2
        __getpagesize.symtab0x40ee1048FUNC<unknown>DEFAULT2
        __getpid.symtab0x40dab084FUNC<unknown>DEFAULT2
        __h_errno_location.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
        __init_array_end.symtab0x4238f40NOTYPE<unknown>HIDDEN6
        __init_array_start.symtab0x4238f40NOTYPE<unknown>HIDDEN6
        __libc_accept.symtab0x40a4fc220FUNC<unknown>DEFAULT2
        __libc_close.symtab0x40de7c176FUNC<unknown>DEFAULT2
        __libc_connect.symtab0x40a65c220FUNC<unknown>DEFAULT2
        __libc_disable_asynccancel.symtab0x40e230136FUNC<unknown>HIDDEN2
        __libc_enable_asynccancel.symtab0x40e2b8220FUNC<unknown>HIDDEN2
        __libc_errno.symtab0x04TLS<unknown>HIDDEN6
        __libc_fcntl.symtab0x4098ec268FUNC<unknown>DEFAULT2
        __libc_fork.symtab0x40d6d0988FUNC<unknown>DEFAULT2
        __libc_h_errno.symtab0x44TLS<unknown>HIDDEN6
        __libc_nanosleep.symtab0x40ef6c200FUNC<unknown>DEFAULT2
        __libc_open.symtab0x40df6c192FUNC<unknown>DEFAULT2
        __libc_read.symtab0x40e16c192FUNC<unknown>DEFAULT2
        __libc_recv.symtab0x40a85c240FUNC<unknown>DEFAULT2
        __libc_recvfrom.symtab0x40a9c0280FUNC<unknown>DEFAULT2
        __libc_select.symtab0x409b50260FUNC<unknown>DEFAULT2
        __libc_send.symtab0x40ab1c240FUNC<unknown>DEFAULT2
        __libc_sendto.symtab0x40ac80280FUNC<unknown>DEFAULT2
        __libc_setup_tls.symtab0x411b08660FUNC<unknown>DEFAULT2
        __libc_sigaction.symtab0x40ea9028FUNC<unknown>DEFAULT2
        __libc_stack_end.symtab0x4245e04OBJECT<unknown>DEFAULT13
        __libc_write.symtab0x40e06c192FUNC<unknown>DEFAULT2
        __lll_lock_wait_private.symtab0x40ddc0120FUNC<unknown>HIDDEN2
        __malloc_consolidate.symtab0x40c2a4520FUNC<unknown>HIDDEN2
        __malloc_largebin_index.symtab0x40b040140FUNC<unknown>DEFAULT2
        __malloc_lock.symtab0x42393024OBJECT<unknown>DEFAULT10
        __malloc_state.symtab0x426bc8888OBJECT<unknown>DEFAULT13
        __malloc_trim.symtab0x40c180292FUNC<unknown>DEFAULT2
        __nptl_deallocate_tsd.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
        __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        __open.symtab0x40df6c192FUNC<unknown>DEFAULT2
        __open_nocancel.symtab0x40df4440FUNC<unknown>DEFAULT2
        __pagesize.symtab0x4245e84OBJECT<unknown>DEFAULT13
        __preinit_array_end.symtab0x4238f40NOTYPE<unknown>HIDDEN6
        __preinit_array_start.symtab0x4238f40NOTYPE<unknown>HIDDEN6
        __progname.symtab0x423a544OBJECT<unknown>DEFAULT10
        __progname_full.symtab0x423a584OBJECT<unknown>DEFAULT10
        __pthread_initialize_minimal.symtab0x411d9c28FUNC<unknown>DEFAULT2
        __pthread_mutex_init.symtab0x40e3a88FUNC<unknown>DEFAULT2
        __pthread_mutex_lock.symtab0x40e3a08FUNC<unknown>DEFAULT2
        __pthread_mutex_trylock.symtab0x40e3a08FUNC<unknown>DEFAULT2
        __pthread_mutex_unlock.symtab0x40e3a08FUNC<unknown>DEFAULT2
        __pthread_return_0.symtab0x40e3a08FUNC<unknown>DEFAULT2
        __pthread_unwind.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
        __read.symtab0x40e16c192FUNC<unknown>DEFAULT2
        __read_nocancel.symtab0x40e14440FUNC<unknown>DEFAULT2
        __register_frame_info.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
        __rtld_fini.symtab0x4245f04OBJECT<unknown>HIDDEN13
        __sigaddset.symtab0x40afd844FUNC<unknown>DEFAULT2
        __sigdelset.symtab0x40b00448FUNC<unknown>DEFAULT2
        __sigismember.symtab0x40afb040FUNC<unknown>DEFAULT2
        __sigjmp_save.symtab0x41259096FUNC<unknown>HIDDEN2
        __sigsetjmp.symtab0x40ead036FUNC<unknown>DEFAULT2
        __sigsetjmp_aux.symtab0x411ed0128FUNC<unknown>DEFAULT2
        __start.symtab0x400290100FUNC<unknown>DEFAULT2
        __stdin.symtab0x423a8c4OBJECT<unknown>DEFAULT10
        __stdio_READ.symtab0x412210144FUNC<unknown>HIDDEN2
        __stdio_WRITE.symtab0x4122a0344FUNC<unknown>HIDDEN2
        __stdio_rfill.symtab0x41240088FUNC<unknown>HIDDEN2
        __stdio_trans2r_o.symtab0x412460220FUNC<unknown>HIDDEN2
        __stdio_wcommit.symtab0x4103f0100FUNC<unknown>HIDDEN2
        __stdout.symtab0x423a904OBJECT<unknown>DEFAULT10
        __sys_accept.symtab0x40a4c060FUNC<unknown>DEFAULT2
        __sys_connect.symtab0x40a62060FUNC<unknown>DEFAULT2
        __sys_recv.symtab0x40a82060FUNC<unknown>DEFAULT2
        __sys_recvfrom.symtab0x40a950112FUNC<unknown>DEFAULT2
        __sys_send.symtab0x40aae060FUNC<unknown>DEFAULT2
        __sys_sendto.symtab0x40ac10112FUNC<unknown>DEFAULT2
        __syscall_error.symtab0x40eb0092FUNC<unknown>DEFAULT2
        __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __syscall_nanosleep.symtab0x40ef3060FUNC<unknown>DEFAULT2
        __syscall_rt_sigaction.symtab0x40eb6060FUNC<unknown>DEFAULT2
        __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __syscall_select.symtab0x409af096FUNC<unknown>DEFAULT2
        __tls_get_addr.symtab0x411ae832FUNC<unknown>DEFAULT2
        __uClibc_fini.symtab0x40e3e0204FUNC<unknown>DEFAULT2
        __uClibc_init.symtab0x40e534120FUNC<unknown>DEFAULT2
        __uClibc_main.symtab0x40e5ac1132FUNC<unknown>DEFAULT2
        __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __uclibc_progname.symtab0x423a504OBJECT<unknown>HIDDEN10
        __write.symtab0x40e06c192FUNC<unknown>DEFAULT2
        __write_nocancel.symtab0x40e04440FUNC<unknown>DEFAULT2
        __xstat32_conv.symtab0x40f1f8220FUNC<unknown>HIDDEN2
        __xstat64_conv.symtab0x40f100248FUNC<unknown>HIDDEN2
        _dl_aux_init.symtab0x411dc040FUNC<unknown>DEFAULT2
        _dl_nothread_init_static_tls.symtab0x411de8148FUNC<unknown>HIDDEN2
        _dl_phdr.symtab0x423ffc4OBJECT<unknown>DEFAULT12
        _dl_phnum.symtab0x4240004OBJECT<unknown>DEFAULT12
        _dl_tls_dtv_gaps.symtab0x423ff01OBJECT<unknown>DEFAULT12
        _dl_tls_dtv_slotinfo_list.symtab0x423fec4OBJECT<unknown>DEFAULT12
        _dl_tls_generation.symtab0x423ff44OBJECT<unknown>DEFAULT12
        _dl_tls_max_dtv_idx.symtab0x423fe44OBJECT<unknown>DEFAULT12
        _dl_tls_setup.symtab0x411a84100FUNC<unknown>DEFAULT2
        _dl_tls_static_align.symtab0x423fe04OBJECT<unknown>DEFAULT12
        _dl_tls_static_nelem.symtab0x423ff84OBJECT<unknown>DEFAULT12
        _dl_tls_static_size.symtab0x423fe84OBJECT<unknown>DEFAULT12
        _dl_tls_static_used.symtab0x423fdc4OBJECT<unknown>DEFAULT12
        _edata.symtab0x423fd00NOTYPE<unknown>DEFAULTSHN_ABS
        _end.symtab0x426f400NOTYPE<unknown>DEFAULTSHN_ABS
        _exit.symtab0x40eba076FUNC<unknown>DEFAULT2
        _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _fbss.symtab0x423fd00NOTYPE<unknown>DEFAULTSHN_ABS
        _fdata.symtab0x4239100NOTYPE<unknown>DEFAULT10
        _fini.symtab0x4126f028FUNC<unknown>DEFAULT3
        _fixed_buffers.symtab0x4246208192OBJECT<unknown>DEFAULT13
        _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ftext.symtab0x4001400NOTYPE<unknown>DEFAULT2
        _gp.symtab0x42bb600NOTYPE<unknown>DEFAULTSHN_ABS
        _gp_disp.symtab0x00OBJECT<unknown>DEFAULTSHN_UNDEF
        _init.symtab0x4000b428FUNC<unknown>DEFAULT1
        _pthread_cleanup_pop_restore.symtab0x40e3bc36FUNC<unknown>DEFAULT2
        _pthread_cleanup_push_defer.symtab0x40e3b012FUNC<unknown>DEFAULT2
        _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _setjmp.symtab0x40eab028FUNC<unknown>DEFAULT2
        _sigintr.symtab0x426bb816OBJECT<unknown>HIDDEN13
        _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _stdio_fopen.symtab0x40fd001168FUNC<unknown>HIDDEN2
        _stdio_init.symtab0x410190184FUNC<unknown>HIDDEN2
        _stdio_openlist.symtab0x423a944OBJECT<unknown>DEFAULT10
        _stdio_openlist_add_lock.symtab0x42460012OBJECT<unknown>DEFAULT13
        _stdio_openlist_dec_use.symtab0x410720648FUNC<unknown>HIDDEN2
        _stdio_openlist_del_count.symtab0x42461c4OBJECT<unknown>DEFAULT13
        _stdio_openlist_del_lock.symtab0x42460c12OBJECT<unknown>DEFAULT13
        _stdio_openlist_use_count.symtab0x4246184OBJECT<unknown>DEFAULT13
        _stdio_streams.symtab0x423a98204OBJECT<unknown>DEFAULT10
        _stdio_term.symtab0x410248416FUNC<unknown>HIDDEN2
        _stdio_user_locking.symtab0x423a704OBJECT<unknown>DEFAULT10
        _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        abort.symtab0x40c7a0408FUNC<unknown>DEFAULT2
        abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        accept.symtab0x40a4fc220FUNC<unknown>DEFAULT2
        accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        anti_gdb_entry.symtab0x406c8c32FUNC<unknown>DEFAULT2
        attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        attack_get_opt_int.symtab0x4009d4116FUNC<unknown>DEFAULT2
        attack_get_opt_ip.symtab0x400960116FUNC<unknown>DEFAULT2
        attack_init.symtab0x400a481220FUNC<unknown>DEFAULT2
        attack_kill_all.symtab0x40048c448FUNC<unknown>DEFAULT2
        attack_method_nudp.symtab0x405d682320FUNC<unknown>DEFAULT2
        attack_method_stdhex.symtab0x4059681024FUNC<unknown>DEFAULT2
        attack_method_tcp.symtab0x4017702120FUNC<unknown>DEFAULT2
        attack_ongoing.symtab0x42403832OBJECT<unknown>DEFAULT13
        attack_parse.symtab0x40064c788FUNC<unknown>DEFAULT2
        attack_start.symtab0x400300396FUNC<unknown>DEFAULT2
        attack_tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        attack_tcp_ack.symtab0x4031f02248FUNC<unknown>DEFAULT2
        attack_tcp_legit.symtab0x4043542228FUNC<unknown>DEFAULT2
        attack_tcp_null.symtab0x404c082468FUNC<unknown>DEFAULT2
        attack_tcp_sack2.symtab0x401fb82144FUNC<unknown>DEFAULT2
        attack_tcp_stomp.symtab0x4028182520FUNC<unknown>DEFAULT2
        attack_tcp_syn.symtab0x400f0c2148FUNC<unknown>DEFAULT2
        attack_tcp_syndata.symtab0x403ab82204FUNC<unknown>DEFAULT2
        attack_udp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        attack_udp_plain.symtab0x4055b4948FUNC<unknown>DEFAULT2
        been_there_done_that.symtab0x4240704OBJECT<unknown>DEFAULT13
        bind.symtab0x40a5e060FUNC<unknown>DEFAULT2
        bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        brk.symtab0x411e8080FUNC<unknown>DEFAULT2
        brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        bsd_signal.symtab0x40aec0228FUNC<unknown>DEFAULT2
        calloc.symtab0x40bba0344FUNC<unknown>DEFAULT2
        calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        checksum_generic.symtab0x40667892FUNC<unknown>DEFAULT2
        checksum_tcpudp.symtab0x4066d4168FUNC<unknown>DEFAULT2
        clock.symtab0x40a2b0108FUNC<unknown>DEFAULT2
        clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        close.symtab0x40de7c176FUNC<unknown>DEFAULT2
        closedir.symtab0x409d60292FUNC<unknown>DEFAULT2
        closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        completed.4786.symtab0x4240101OBJECT<unknown>DEFAULT13
        connect.symtab0x40a65c220FUNC<unknown>DEFAULT2
        connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        ensure_single_instance.symtab0x406cac568FUNC<unknown>DEFAULT2
        environ.symtab0x4245e44OBJECT<unknown>DEFAULT13
        errno.symtab0x04TLS<unknown>DEFAULT6
        errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        exit.symtab0x40d0c0240FUNC<unknown>DEFAULT2
        exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fclose.symtab0x40f9b0804FUNC<unknown>DEFAULT2
        fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fcntl.symtab0x4098ec268FUNC<unknown>DEFAULT2
        fd_ctrl.symtab0x4239184OBJECT<unknown>DEFAULT10
        fd_serv.symtab0x42391c4OBJECT<unknown>DEFAULT10
        fd_to_DIR.symtab0x409e90276FUNC<unknown>DEFAULT2
        fdopendir.symtab0x40a094228FUNC<unknown>DEFAULT2
        fflush_unlocked.symtab0x4109a8940FUNC<unknown>DEFAULT2
        fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgetc.symtab0x410460372FUNC<unknown>DEFAULT2
        fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgetc_unlocked.symtab0x410d60388FUNC<unknown>DEFAULT2
        fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgets.symtab0x4105e0320FUNC<unknown>DEFAULT2
        fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgets_unlocked.symtab0x410ef0276FUNC<unknown>DEFAULT2
        fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fopen.symtab0x40fce028FUNC<unknown>DEFAULT2
        fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fork.symtab0x40d6d0988FUNC<unknown>DEFAULT2
        fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fork_handler_pool.symtab0x4240941348OBJECT<unknown>DEFAULT13
        frame_dummy.symtab0x4001fc0FUNC<unknown>DEFAULT2
        free.symtab0x40c4ac660FUNC<unknown>DEFAULT2
        free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fstat.symtab0x40ebf0136FUNC<unknown>DEFAULT2
        fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getc.symtab0x410460372FUNC<unknown>DEFAULT2
        getc_unlocked.symtab0x410d60388FUNC<unknown>DEFAULT2
        getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getdtablesize.symtab0x40ed9072FUNC<unknown>DEFAULT2
        getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getegid.symtab0x40ede016FUNC<unknown>DEFAULT2
        getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        geteuid.symtab0x40edf016FUNC<unknown>DEFAULT2
        geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getgid.symtab0x40ee0016FUNC<unknown>DEFAULT2
        getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getpagesize.symtab0x40ee1048FUNC<unknown>DEFAULT2
        getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getpid.symtab0x40dab084FUNC<unknown>DEFAULT2
        getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getppid.symtab0x409a0016FUNC<unknown>DEFAULT2
        getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getrlimit.symtab0x40ee4060FUNC<unknown>DEFAULT2
        getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getsockname.symtab0x40a74060FUNC<unknown>DEFAULT2
        getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getsockopt.symtab0x40a78096FUNC<unknown>DEFAULT2
        getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getuid.symtab0x40ee8016FUNC<unknown>DEFAULT2
        getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        h_errno.symtab0x44TLS<unknown>DEFAULT6
        hexPayload.symtab0x4239144OBJECT<unknown>DEFAULT10
        hlt.symtab0x4002ec0NOTYPE<unknown>DEFAULT2
        index.symtab0x411490248FUNC<unknown>DEFAULT2
        inet_addr.symtab0x40a47072FUNC<unknown>DEFAULT2
        inet_aton.symtab0x411930244FUNC<unknown>DEFAULT2
        inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        init_static_tls.symtab0x411a3084FUNC<unknown>DEFAULT2
        initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        initstate.symtab0x40cabc208FUNC<unknown>DEFAULT2
        initstate_r.symtab0x40ce7c300FUNC<unknown>DEFAULT2
        ioctl.symtab0x411f50248FUNC<unknown>DEFAULT2
        ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        isatty.symtab0x41184060FUNC<unknown>DEFAULT2
        isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        kill.symtab0x409a1056FUNC<unknown>DEFAULT2
        kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        killer.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        killer_init.symtab0x406a28612FUNC<unknown>DEFAULT2
        killer_kill.symtab0x40677c60FUNC<unknown>DEFAULT2
        killer_kill_by_port.symtab0x4089002356FUNC<unknown>DEFAULT2
        killer_mirai_exists.symtab0x4067b8624FUNC<unknown>DEFAULT2
        killer_pid.symtab0x4240584OBJECT<unknown>DEFAULT13
        libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        libc-lowlevellock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        listen.symtab0x40a7e060FUNC<unknown>DEFAULT2
        listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        local_bind.4398.symtab0x4239241OBJECT<unknown>DEFAULT10
        lseek64.symtab0x4125f0140FUNC<unknown>DEFAULT2
        main.symtab0x406fd82792FUNC<unknown>DEFAULT2
        main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        malloc.symtab0x40b0cc2764FUNC<unknown>DEFAULT2
        malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        malloc_trim.symtab0x40c74084FUNC<unknown>DEFAULT2
        memcpy.symtab0x411010308FUNC<unknown>DEFAULT2
        memmove.symtab0x411150824FUNC<unknown>DEFAULT2
        memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mempcpy.symtab0x41254076FUNC<unknown>DEFAULT2
        mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        memset.symtab0x40a320144FUNC<unknown>DEFAULT2
        methods.symtab0x4240344OBJECT<unknown>DEFAULT13
        methods_len.symtab0x4240301OBJECT<unknown>DEFAULT13
        mmap.symtab0x40ea20112FUNC<unknown>DEFAULT2
        mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mremap.symtab0x40ee9096FUNC<unknown>DEFAULT2
        mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        munmap.symtab0x40eef060FUNC<unknown>DEFAULT2
        munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mylock.symtab0x42395024OBJECT<unknown>DEFAULT10
        mylock.symtab0x42397024OBJECT<unknown>DEFAULT10
        nanosleep.symtab0x40ef6c200FUNC<unknown>DEFAULT2
        nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        nprocessors_onln.symtab0x40d1b0508FUNC<unknown>DEFAULT2
        object.4798.symtab0x42401424OBJECT<unknown>DEFAULT13
        open.symtab0x40df6c192FUNC<unknown>DEFAULT2
        opendir.symtab0x409fa4240FUNC<unknown>DEFAULT2
        opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        p.4784.symtab0x4239100OBJECT<unknown>DEFAULT10
        parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        pending_connection.symtab0x42405c1OBJECT<unknown>DEFAULT13
        prctl.symtab0x409a5096FUNC<unknown>DEFAULT2
        prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        program_invocation_name.symtab0x423a584OBJECT<unknown>DEFAULT10
        program_invocation_short_name.symtab0x423a544OBJECT<unknown>DEFAULT10
        raise.symtab0x40db10264FUNC<unknown>DEFAULT2
        raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rand.symtab0x40c94028FUNC<unknown>DEFAULT2
        rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rand_alphastr.symtab0x407bc8368FUNC<unknown>DEFAULT2
        rand_init.symtab0x407b1c172FUNC<unknown>DEFAULT2
        rand_next.symtab0x407ac092FUNC<unknown>DEFAULT2
        rand_str.symtab0x407d38256FUNC<unknown>DEFAULT2
        random.symtab0x40c960164FUNC<unknown>DEFAULT2
        random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        random_poly_info.symtab0x4130d040OBJECT<unknown>DEFAULT4
        random_r.symtab0x40cc40172FUNC<unknown>DEFAULT2
        random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        randtbl.symtab0x423988128OBJECT<unknown>DEFAULT10
        read.symtab0x40e16c192FUNC<unknown>DEFAULT2
        readdir.symtab0x40a180264FUNC<unknown>DEFAULT2
        readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        readdir64.symtab0x40f2e0272FUNC<unknown>DEFAULT2
        readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        readlink.symtab0x409ab060FUNC<unknown>DEFAULT2
        readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        realloc.symtab0x40bd001152FUNC<unknown>DEFAULT2
        realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        recv.symtab0x40a85c240FUNC<unknown>DEFAULT2
        recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        recvfrom.symtab0x40a9c0280FUNC<unknown>DEFAULT2
        recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        resolv_entries_free.symtab0x407e38116FUNC<unknown>DEFAULT2
        resolv_lookup.symtab0x407eac1708FUNC<unknown>DEFAULT2
        resolve_cnc_addr.symtab0x406ee4244FUNC<unknown>DEFAULT2
        resolve_func.symtab0x4239204OBJECT<unknown>DEFAULT10
        rindex.symtab0x411750160FUNC<unknown>DEFAULT2
        sbrk.symtab0x40f040164FUNC<unknown>DEFAULT2
        sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        select.symtab0x409b50260FUNC<unknown>DEFAULT2
        select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        send.symtab0x40ab1c240FUNC<unknown>DEFAULT2
        send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sendto.symtab0x40ac80280FUNC<unknown>DEFAULT2
        sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        setjmp_aux.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        setsid.symtab0x409c6060FUNC<unknown>DEFAULT2
        setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        setsockopt.symtab0x40ada096FUNC<unknown>DEFAULT2
        setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        setstate.symtab0x40ca04184FUNC<unknown>DEFAULT2
        setstate_r.symtab0x40cfa8272FUNC<unknown>DEFAULT2
        sigaction.symtab0x40ea9028FUNC<unknown>DEFAULT2
        sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigaddset.symtab0x40ae4076FUNC<unknown>DEFAULT2
        sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigemptyset.symtab0x40ae9036FUNC<unknown>DEFAULT2
        sigjmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        signal.symtab0x40aec0228FUNC<unknown>DEFAULT2
        signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigprocmask.symtab0x409ca0176FUNC<unknown>DEFAULT2
        sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sleep.symtab0x40dc20404FUNC<unknown>DEFAULT2
        sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        socket.symtab0x40ae0060FUNC<unknown>DEFAULT2
        socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        srand.symtab0x40cb8c172FUNC<unknown>DEFAULT2
        srandom.symtab0x40cb8c172FUNC<unknown>DEFAULT2
        srandom_r.symtab0x40ccec400FUNC<unknown>DEFAULT2
        srv_addr.symtab0x426b7016OBJECT<unknown>DEFAULT13
        static_dtv.symtab0x426620512OBJECT<unknown>DEFAULT13
        static_map.symtab0x426b2852OBJECT<unknown>DEFAULT13
        static_slotinfo.symtab0x426820776OBJECT<unknown>DEFAULT13
        stderr.symtab0x423a884OBJECT<unknown>DEFAULT10
        stdin.symtab0x423a804OBJECT<unknown>DEFAULT10
        stdout.symtab0x423a844OBJECT<unknown>DEFAULT10
        strchr.symtab0x411490248FUNC<unknown>DEFAULT2
        strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strchrnul.symtab0x411590248FUNC<unknown>DEFAULT2
        strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strcmp.symtab0x41169044FUNC<unknown>DEFAULT2
        strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strcoll.symtab0x41169044FUNC<unknown>DEFAULT2
        strcspn.symtab0x4116c0144FUNC<unknown>DEFAULT2
        strcspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strlen.symtab0x40a3b0184FUNC<unknown>DEFAULT2
        strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strrchr.symtab0x411750160FUNC<unknown>DEFAULT2
        strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strspn.symtab0x4117f072FUNC<unknown>DEFAULT2
        strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sysconf.symtab0x40d3ac792FUNC<unknown>DEFAULT2
        sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        table.symtab0x426b8056OBJECT<unknown>DEFAULT13
        table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        table_init.symtab0x408754428FUNC<unknown>DEFAULT2
        table_key.symtab0x4239284OBJECT<unknown>DEFAULT10
        table_lock_val.symtab0x40858c228FUNC<unknown>DEFAULT2
        table_retrieve_val.symtab0x40855852FUNC<unknown>DEFAULT2
        table_unlock_val.symtab0x408670228FUNC<unknown>DEFAULT2
        tcgetattr.symtab0x411880176FUNC<unknown>DEFAULT2
        tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        time.symtab0x409d5016FUNC<unknown>DEFAULT2
        time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        times.symtab0x40f0f016FUNC<unknown>DEFAULT2
        times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        unsafe_state.symtab0x423a1020OBJECT<unknown>DEFAULT10
        update_process.symtab0x4055ac8FUNC<unknown>DEFAULT2
        util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        util_atoi.symtab0x4095fc348FUNC<unknown>DEFAULT2
        util_fdgets.symtab0x40939c200FUNC<unknown>DEFAULT2
        util_isalpha.symtab0x40935c48FUNC<unknown>DEFAULT2
        util_isdigit.symtab0x40938c16FUNC<unknown>DEFAULT2
        util_itoa.symtab0x409758284FUNC<unknown>DEFAULT2
        util_local_addr.symtab0x409464244FUNC<unknown>DEFAULT2
        util_memcpy.symtab0x40931044FUNC<unknown>DEFAULT2
        util_strcat.symtab0x40927064FUNC<unknown>DEFAULT2
        util_strcpy.symtab0x4092b096FUNC<unknown>DEFAULT2
        util_stristr.symtab0x409558164FUNC<unknown>DEFAULT2
        util_strlen.symtab0x40923460FUNC<unknown>DEFAULT2
        util_zero.symtab0x40933c32FUNC<unknown>DEFAULT2
        w.symtab0x42406c4OBJECT<unknown>DEFAULT13
        write.symtab0x40e06c192FUNC<unknown>DEFAULT2
        x.symtab0x4240604OBJECT<unknown>DEFAULT13
        xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        y.symtab0x4240644OBJECT<unknown>DEFAULT13
        z.symtab0x4240684OBJECT<unknown>DEFAULT13

        Network Behavior

        Download Network PCAP: filteredfull

        Network Port Distribution

        • Total Packets: 15
        • 56999 undefined
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Mar 20, 2025 12:18:11.193557978 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:18:11.516935110 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:18:11.517132044 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:18:11.531018972 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:18:11.857486010 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:18:11.858285904 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:18:12.180047035 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:18:21.541218042 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:18:21.863307953 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:18:21.863338947 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:18:21.863535881 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:18:37.312503099 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:18:37.312787056 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:18:52.640777111 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:18:52.641112089 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:19:07.964070082 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:19:07.964371920 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:19:21.913017988 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:19:22.235631943 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:19:22.236051083 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:19:37.729372025 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:19:37.729589939 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:19:53.056859016 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:19:53.057214022 CET3805056999192.168.2.13103.142.27.125
        Mar 20, 2025 12:20:08.379635096 CET5699938050103.142.27.125192.168.2.13
        Mar 20, 2025 12:20:08.380012035 CET3805056999192.168.2.13103.142.27.125
        TimestampSource PortDest PortSource IPDest IP
        Mar 20, 2025 12:18:11.093703032 CET3405253192.168.2.138.8.8.8
        Mar 20, 2025 12:18:11.191696882 CET53340528.8.8.8192.168.2.13

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Mar 20, 2025 12:18:11.093703032 CET192.168.2.138.8.8.80x1911Standard query (0)srolangvan.comA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Mar 20, 2025 12:18:11.191696882 CET8.8.8.8192.168.2.130x1911No error (0)srolangvan.com103.142.27.125A (IP address)IN (0x0001)false

        System Behavior

        General

        Start time (UTC):11:18:09
        Start date (UTC):20/03/2025
        Path:/tmp/mips.elf
        Arguments:/tmp/mips.elf
        File size:5777432 bytes
        MD5 hash:0083f1f0e77be34ad27f849842bbb00c

        File Activities

        Process Activities

        System Activities

        Network Activities


        General

        Start time (UTC):11:18:10
        Start date (UTC):20/03/2025
        Path:/tmp/mips.elf
        Arguments:-
        File size:5777432 bytes
        MD5 hash:0083f1f0e77be34ad27f849842bbb00c

        Process Activities

        Network Activities


        General

        Start time (UTC):11:18:10
        Start date (UTC):20/03/2025
        Path:/tmp/mips.elf
        Arguments:-
        File size:5777432 bytes
        MD5 hash:0083f1f0e77be34ad27f849842bbb00c

        File Activities

        Process Activities


        General

        Start time (UTC):11:18:49
        Start date (UTC):20/03/2025
        Path:/usr/lib/systemd/systemd
        Arguments:-
        File size:1620224 bytes
        MD5 hash:9b2bec7092a40488108543f9334aab75

        Process Activities


        General

        Start time (UTC):11:18:49
        Start date (UTC):20/03/2025
        Path:/usr/lib/snapd/snap-failure
        Arguments:/usr/lib/snapd/snap-failure snapd
        File size:4764904 bytes
        MD5 hash:69136a7d575731ce62349f2e4d3e5c36

        File Activities

        Process Activities


        General

        Start time (UTC):11:18:49
        Start date (UTC):20/03/2025
        Path:/usr/lib/snapd/snap-failure
        Arguments:-
        File size:4764904 bytes
        MD5 hash:69136a7d575731ce62349f2e4d3e5c36

        Process Activities


        General

        Start time (UTC):11:18:49
        Start date (UTC):20/03/2025
        Path:/usr/bin/systemctl
        Arguments:systemctl stop snapd.socket
        File size:996584 bytes
        MD5 hash:4deddfb6741481f68aeac522cc26ff4b

        File Activities

        Network Activities


        General

        Start time (UTC):11:18:49
        Start date (UTC):20/03/2025
        Path:/usr/lib/snapd/snap-failure
        Arguments:-
        File size:4764904 bytes
        MD5 hash:69136a7d575731ce62349f2e4d3e5c36

        Process Activities