Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
spc.elf

Overview

General Information

Sample name:spc.elf
Analysis ID:1644167
MD5:a60b3b19007c77bebc3b39cbc7c9f715
SHA1:4a754917d13a9bf9aa0fff6f87d6c4af4c8fe4da
SHA256:bc616fa35cbfa53c12aaafbae4d705dae76d428baf7f54c2def61aff3f43bf3f
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Contains symbols with names commonly found in malware
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Sample and/or dropped files contains symbols with suspicious names
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1644167
Start date and time:2025-03-20 12:21:19 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 21s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:spc.elf
Detection:MAL
Classification:mal76.troj.linELF@0/0@1/0

Runtime Messages

Command:/tmp/spc.elf
PID:5527
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
srolangvan.com
Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5508, Parent: 3670)
  • rm (PID: 5508, Parent: 3670, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.EqcodCZfIa /tmp/tmp.sDE9wo9jdb /tmp/tmp.a8socnlqy4
  • dash New Fork (PID: 5509, Parent: 3670)
  • cat (PID: 5509, Parent: 3670, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.EqcodCZfIa
  • dash New Fork (PID: 5510, Parent: 3670)
  • head (PID: 5510, Parent: 3670, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5511, Parent: 3670)
  • tr (PID: 5511, Parent: 3670, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5512, Parent: 3670)
  • cut (PID: 5512, Parent: 3670, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5513, Parent: 3670)
  • cat (PID: 5513, Parent: 3670, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.EqcodCZfIa
  • dash New Fork (PID: 5514, Parent: 3670)
  • head (PID: 5514, Parent: 3670, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5515, Parent: 3670)
  • tr (PID: 5515, Parent: 3670, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5516, Parent: 3670)
  • cut (PID: 5516, Parent: 3670, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5517, Parent: 3670)
  • rm (PID: 5517, Parent: 3670, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.EqcodCZfIa /tmp/tmp.sDE9wo9jdb /tmp/tmp.a8socnlqy4
  • spc.elf (PID: 5527, Parent: 5442, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/spc.elf
    • spc.elf New Fork (PID: 5530, Parent: 5527)
      • spc.elf New Fork (PID: 5532, Parent: 5530)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
spc.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    spc.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x101e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x101fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10210:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10224:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10238:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1024c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10260:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10274:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10288:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1029c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x102b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x102c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x102d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x102ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10300:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10314:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10328:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1033c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10350:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10364:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10378:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5527.1.00007f9d80011000.00007f9d80022000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x101e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x101fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10210:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10224:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10238:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1024c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10260:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10274:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10288:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1029c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x102b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x102c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x102d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x102ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10300:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10314:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10328:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1033c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10350:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10364:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10378:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    Process Memory Space: spc.elf PID: 5527Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x25e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x25f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x260c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x265c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2684:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2698:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x26ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x26c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x26d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x26e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x26fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2710:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2724:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2738:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x274c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2760:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x2774:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • AV Detection
    • Networking
    • System Summary
    • Persistence and Installation Behavior
    • Malware Analysis System Evasion
    • Stealing of Sensitive Information
    • Remote Access Functionality

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: spc.elfAvira: detected
    Source: spc.elfReversingLabs: Detection: 41%
    Source: global trafficTCP traffic: 192.168.2.15:55726 -> 103.142.27.125:56999
    Source: /tmp/spc.elf (PID: 5527)Socket: 127.0.0.1:46157Jump to behavior
    Source: global trafficDNS traffic detected: DNS query: srolangvan.com

    System Summary

    barindex
    Source: spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5527.1.00007f9d80011000.00007f9d80022000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: spc.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_kill_all
    Source: ELF static info symbol of initial sampleName: attack_method_nudp
    Source: ELF static info symbol of initial sampleName: attack_method_stdhex
    Source: ELF static info symbol of initial sampleName: attack_method_tcp
    Source: ELF static info symbol of initial sampleName: attack_ongoing
    Source: ELF static info symbol of initial sampleName: attack_parse
    Source: spc.elfELF static info symbol of initial sample: hexPayload
    Source: spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5527.1.00007f9d80011000.00007f9d80022000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: spc.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal76.troj.linELF@0/0@1/0
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/110/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/231/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/111/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/112/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/233/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/113/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/114/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/235/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/115/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1333/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/116/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1695/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/117/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/118/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/119/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/911/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/3875/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/914/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/10/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/917/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/11/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/12/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/13/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/14/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/15/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/16/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/17/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/18/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/19/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1591/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/120/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/121/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/122/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/243/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/2/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/123/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/3/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/124/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1588/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/125/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/4/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/246/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/126/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/5/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/127/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/6/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1585/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/128/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/7/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/129/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/8/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/800/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/9/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/802/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/803/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/804/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/20/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/21/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/3407/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/22/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/23/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/24/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/25/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/26/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/27/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/28/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/29/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1484/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/490/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/250/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/130/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/251/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/131/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/132/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/133/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1479/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/378/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/258/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/259/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/931/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1595/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/812/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/933/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/30/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/3419/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/35/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/3310/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/260/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/261/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/262/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/142/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/263/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/264/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/265/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/145/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/266/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/267/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/268/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/3303/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/269/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1486/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/1806/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/3440/cmdlineJump to behavior
    Source: /tmp/spc.elf (PID: 5532)File opened: /proc/270/cmdlineJump to behavior
    Source: /usr/bin/dash (PID: 5508)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.EqcodCZfIa /tmp/tmp.sDE9wo9jdb /tmp/tmp.a8socnlqy4Jump to behavior
    Source: /usr/bin/dash (PID: 5517)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.EqcodCZfIa /tmp/tmp.sDE9wo9jdb /tmp/tmp.a8socnlqy4Jump to behavior
    Source: /tmp/spc.elf (PID: 5527)Queries kernel information via 'uname': Jump to behavior
    Source: spc.elf, 5527.1.000055d0e4b3c000.000055d0e4ba1000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
    Source: spc.elf, 5527.1.000055d0e4b3c000.000055d0e4ba1000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/sparc
    Source: spc.elf, 5527.1.00007ffe0257b000.00007ffe0259c000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/spc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/spc.elf
    Source: spc.elf, 5527.1.00007ffe0257b000.00007ffe0259c000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: spc.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: spc.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Masquerading    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local System1
    Non-Standard Port    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    File Deletion    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1644167 Sample: spc.elf Startdate: 20/03/2025 Architecture: LINUX Score: 76 20 srolangvan.com 103.142.27.125, 55726, 56999 WEBICO-AS-VNWebicoCompanyLimitedVN Viet Nam 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 2 other signatures 2->28 8 dash rm spc.elf 2->8         started        10 dash rm 2->10         started        12 dash cut 2->12         started        14 7 other processes 2->14 signatures3 process4 process5 16 spc.elf 8->16         started        process6 18 spc.elf 16->18         started       

    Screenshots

    Download Video

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    spc.elf42%ReversingLabsLinux.Backdoor.Mirai
    spc.elf100%AviraEXP/ELF.Mirai.J

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Download Network PCAP: filteredfull

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    srolangvan.com
    		103.142.27.125
    		truefalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      103.142.27.125
      		srolangvan.comViet Nam
      		135951WEBICO-AS-VNWebicoCompanyLimitedVNfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      103.142.27.125x86.elfGet hashmaliciousMiraiBrowse
        mpsl.elfGet hashmaliciousMiraiBrowse
          mips.elfGet hashmaliciousMiraiBrowse
            arm.elfGet hashmaliciousUnknownBrowse
              arm6.elfGet hashmaliciousMiraiBrowse

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                srolangvan.comx86.elfGet hashmaliciousMiraiBrowse
                • 103.142.27.125
                mpsl.elfGet hashmaliciousMiraiBrowse
                • 103.142.27.125
                mips.elfGet hashmaliciousMiraiBrowse
                • 103.142.27.125
                arm.elfGet hashmaliciousUnknownBrowse
                • 103.142.27.125
                arm6.elfGet hashmaliciousMiraiBrowse
                • 103.142.27.125
                sh4.elfGet hashmaliciousMiraiBrowse
                • 160.22.161.89
                debug.dbg.elfGet hashmaliciousMiraiBrowse
                • 160.22.161.89
                x86.elfGet hashmaliciousMiraiBrowse
                • 160.22.161.89
                m68k.elfGet hashmaliciousUnknownBrowse
                • 160.22.161.89
                arm.elfGet hashmaliciousUnknownBrowse
                • 160.22.161.89

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                WEBICO-AS-VNWebicoCompanyLimitedVNx86.elfGet hashmaliciousMiraiBrowse
                • 103.142.27.125
                mpsl.elfGet hashmaliciousMiraiBrowse
                • 103.142.27.125
                mips.elfGet hashmaliciousMiraiBrowse
                • 103.142.27.125
                arm.elfGet hashmaliciousUnknownBrowse
                • 103.142.27.125
                arm6.elfGet hashmaliciousMiraiBrowse
                • 103.142.27.125
                http://admin-globalviolationpolicies.online/Get hashmaliciousUnknownBrowse
                • 103.130.216.144
                0ILPz2ji09.exeGet hashmaliciousAgentTeslaBrowse
                • 103.130.216.118
                SecuriteInfo.com.Win32.PWSX-gen.18151.17745.exeGet hashmaliciousAgentTeslaBrowse
                • 103.130.216.118
                https://mail.thesteampowered.help/Get hashmaliciousUnknownBrowse
                • 103.130.217.240
                https://thesteampowered.help/Get hashmaliciousUnknownBrowse
                • 103.130.217.240

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, not stripped
                Entropy (8bit):5.872604995807564
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:spc.elf
                File size:94'631 bytes
                MD5:a60b3b19007c77bebc3b39cbc7c9f715
                SHA1:4a754917d13a9bf9aa0fff6f87d6c4af4c8fe4da
                SHA256:bc616fa35cbfa53c12aaafbae4d705dae76d428baf7f54c2def61aff3f43bf3f
                SHA512:a818a50db92850dfbee9b5ff2ce994667af49e923bec66347ef0bec22ad33c4a12a2336ac011dd238ba19bee785f0004afedae2dacf1e5fa547650bb029a8ac0
                SSDEEP:1536:Fc2JQHIZvPAJBNZMYUU7gQpnM0RJUgpQoQoESS6DJ95k2j:ykA7NiYpFn3Qg2oRS6l95N
                TLSH:EB934B32773A1B23C0E1A47940EB8B3A73F65BC91A64820B7A651F9C7F56AD034437B5
                File Content Preview:.ELF...........................4..,8.....4. ...(.......................0...0.............. ... ... ....x..2............... H.. H.. H................dt.Q................................@..(....@.?.................#.....cx..`.....!.....!l..@.....".........`

                Static ELF Info

                ELF header

                Class:ELF32
                Data:2's complement, big endian
                Version:1 (current)
                Machine:Sparc
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:UNIX - System V
                ABI Version:0
                Entry Point Address:0x101c4
                Flags:0x0
                ELF Header Size:52
                Program Header Offset:52
                Program Header Size:32
                Number of Program Headers:4
                Section Header Offset:76856
                Section Header Size:40
                Number of Section Headers:17
                Header String Table Index:14

                Sections

                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                NULL0x00x00x00x00x0000
                .initPROGBITS0x100b40xb40x1c0x00x6AX004
                .textPROGBITS0x100d00xd00x100240x00x6AX004
                .finiPROGBITS0x200f40x100f40x140x00x6AX004
                .rodataPROGBITS0x201080x101080xd280x00x2A008
                .eh_framePROGBITS0x320000x120000x480x00x3WA004
                .tbssNOBITS0x320480x120480x80x00x403WAT004
                .ctorsPROGBITS0x320480x120480x80x00x3WA004
                .dtorsPROGBITS0x320500x120500x80x00x3WA004
                .jcrPROGBITS0x320580x120580x40x00x3WA004
                .gotPROGBITS0x3205c0x1205c0x10c0x40x3WA004
                .dataPROGBITS0x321680x121680x2100x00x3WA004
                .bssNOBITS0x323780x123780x2f680x00x3WA008
                .commentPROGBITS0x00x123780x84c0x00x0001
                .shstrtabSTRTAB0x00x12bc40x710x00x0001
                .symtabSYMTAB0x00x12ee00x25f00x100x0162054
                .strtabSTRTAB0x00x154d00x1cd70x00x0001

                Program Segments

                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x100000x100000x10e300x10e305.97910x5R E0x10000.init .text .fini .rodata
                LOAD0x120000x320000x320000x3780x32e04.35600x6RW 0x10000.eh_frame .tbss .ctors .dtors .jcr .got .data .bss
                TLS0x120480x320480x320480x00x80.00000x4R 0x4.tbss
                GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                Symbols

                NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                .symtab0x100b40SECTION<unknown>DEFAULT1
                .symtab0x100d00SECTION<unknown>DEFAULT2
                .symtab0x200f40SECTION<unknown>DEFAULT3
                .symtab0x201080SECTION<unknown>DEFAULT4
                .symtab0x320000SECTION<unknown>DEFAULT5
                .symtab0x320480SECTION<unknown>DEFAULT6
                .symtab0x320480SECTION<unknown>DEFAULT7
                .symtab0x320500SECTION<unknown>DEFAULT8
                .symtab0x320580SECTION<unknown>DEFAULT9
                .symtab0x3205c0SECTION<unknown>DEFAULT10
                .symtab0x321680SECTION<unknown>DEFAULT11
                .symtab0x323780SECTION<unknown>DEFAULT12
                .symtab0x00SECTION<unknown>DEFAULT13
                .LLC3.symtab0x20b100NOTYPE<unknown>DEFAULT4
                .rem.symtab0x16e6044FUNC<unknown>DEFAULT2
                .udiv.symtab0x16e4020FUNC<unknown>DEFAULT2
                .umul.symtab0x16e5412FUNC<unknown>DEFAULT2
                .urem.symtab0x16e2032FUNC<unknown>DEFAULT2
                C.23.5636.symtab0x20a6c24OBJECT<unknown>DEFAULT4
                LOCAL_ADDR.symtab0x34ee04OBJECT<unknown>DEFAULT12
                _Exit.symtab0x1cd08128FUNC<unknown>DEFAULT2
                _GLOBAL_OFFSET_TABLE_.symtab0x3205c0OBJECT<unknown>HIDDEN10
                _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                __CTOR_END__.symtab0x3204c0OBJECT<unknown>DEFAULT7
                __CTOR_LIST__.symtab0x320480OBJECT<unknown>DEFAULT7
                __C_ctype_b.symtab0x322884OBJECT<unknown>DEFAULT11
                __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                __C_ctype_b_data.symtab0x20b22768OBJECT<unknown>DEFAULT4
                __DTOR_END__.symtab0x320540OBJECT<unknown>DEFAULT8
                __DTOR_LIST__.symtab0x320500OBJECT<unknown>DEFAULT8
                __EH_FRAME_BEGIN__.symtab0x320000OBJECT<unknown>DEFAULT5
                __FRAME_END__.symtab0x320440OBJECT<unknown>DEFAULT5
                __GI___C_ctype_b.symtab0x322884OBJECT<unknown>HIDDEN11
                __GI___close.symtab0x1c10c124FUNC<unknown>HIDDEN2
                __GI___close_nocancel.symtab0x1c11832FUNC<unknown>HIDDEN2
                __GI___ctype_b.symtab0x3228c4OBJECT<unknown>HIDDEN11
                __GI___errno_location.symtab0x1779036FUNC<unknown>HIDDEN2
                __GI___fcntl_nocancel.symtab0x16e94196FUNC<unknown>HIDDEN2
                __GI___fgetc_unlocked.symtab0x1eb94344FUNC<unknown>HIDDEN2
                __GI___libc_close.symtab0x1c10c124FUNC<unknown>HIDDEN2
                __GI___libc_fcntl.symtab0x16f58248FUNC<unknown>HIDDEN2
                __GI___libc_open.symtab0x1c188132FUNC<unknown>HIDDEN2
                __GI___libc_read.symtab0x1c290132FUNC<unknown>HIDDEN2
                __GI___libc_write.symtab0x1c20c132FUNC<unknown>HIDDEN2
                __GI___open.symtab0x1c188132FUNC<unknown>HIDDEN2
                __GI___open_nocancel.symtab0x1c19432FUNC<unknown>HIDDEN2
                __GI___read.symtab0x1c290132FUNC<unknown>HIDDEN2
                __GI___read_nocancel.symtab0x1c29c32FUNC<unknown>HIDDEN2
                __GI___sigaddset.symtab0x195b844FUNC<unknown>HIDDEN2
                __GI___sigdelset.symtab0x195e444FUNC<unknown>HIDDEN2
                __GI___sigismember.symtab0x1959040FUNC<unknown>HIDDEN2
                __GI___uClibc_fini.symtab0x1c534168FUNC<unknown>HIDDEN2
                __GI___uClibc_init.symtab0x1c63092FUNC<unknown>HIDDEN2
                __GI___write.symtab0x1c20c132FUNC<unknown>HIDDEN2
                __GI___write_nocancel.symtab0x1c21832FUNC<unknown>HIDDEN2
                __GI__exit.symtab0x1cd08128FUNC<unknown>HIDDEN2
                __GI_abort.symtab0x1a9c4280FUNC<unknown>HIDDEN2
                __GI_accept.symtab0x1916896FUNC<unknown>HIDDEN2
                __GI_atoi.symtab0x1f51824FUNC<unknown>HIDDEN2
                __GI_bind.symtab0x191c836FUNC<unknown>HIDDEN2
                __GI_brk.symtab0x1fb3888FUNC<unknown>HIDDEN2
                __GI_close.symtab0x1c10c124FUNC<unknown>HIDDEN2
                __GI_closedir.symtab0x173ac208FUNC<unknown>HIDDEN2
                __GI_config_close.symtab0x1d7c864FUNC<unknown>HIDDEN2
                __GI_config_open.symtab0x1d81080FUNC<unknown>HIDDEN2
                __GI_config_read.symtab0x1d46c860FUNC<unknown>HIDDEN2
                __GI_connect.symtab0x191ec96FUNC<unknown>HIDDEN2
                __GI_exit.symtab0x1b058168FUNC<unknown>HIDDEN2
                __GI_fclose.symtab0x1d868860FUNC<unknown>HIDDEN2
                __GI_fcntl.symtab0x16f58248FUNC<unknown>HIDDEN2
                __GI_fflush_unlocked.symtab0x1e7ac992FUNC<unknown>HIDDEN2
                __GI_fgetc.symtab0x1e280320FUNC<unknown>HIDDEN2
                __GI_fgetc_unlocked.symtab0x1eb94344FUNC<unknown>HIDDEN2
                __GI_fgets.symtab0x1e3c0260FUNC<unknown>HIDDEN2
                __GI_fgets_unlocked.symtab0x1ecec160FUNC<unknown>HIDDEN2
                __GI_fopen.symtab0x1dbc424FUNC<unknown>HIDDEN2
                __GI_fork.symtab0x1b9481088FUNC<unknown>HIDDEN2
                __GI_fstat.symtab0x1cd90116FUNC<unknown>HIDDEN2
                __GI_getc_unlocked.symtab0x1eb94344FUNC<unknown>HIDDEN2
                __GI_getdtablesize.symtab0x1cebc40FUNC<unknown>HIDDEN2
                __GI_getegid.symtab0x1cee432FUNC<unknown>HIDDEN2
                __GI_geteuid.symtab0x1cf0432FUNC<unknown>HIDDEN2
                __GI_getgid.symtab0x1cf2432FUNC<unknown>HIDDEN2
                __GI_getpagesize.symtab0x1cf4c56FUNC<unknown>HIDDEN2
                __GI_getpid.symtab0x1be4c88FUNC<unknown>HIDDEN2
                __GI_getrlimit.symtab0x1cf8c92FUNC<unknown>HIDDEN2
                __GI_getsockname.symtab0x1924c36FUNC<unknown>HIDDEN2
                __GI_getuid.symtab0x1cfe832FUNC<unknown>HIDDEN2
                __GI_inet_addr.symtab0x1914040FUNC<unknown>HIDDEN2
                __GI_inet_aton.symtab0x1f3e8244FUNC<unknown>HIDDEN2
                __GI_initstate_r.symtab0x1ae48244FUNC<unknown>HIDDEN2
                __GI_ioctl.symtab0x1fb98228FUNC<unknown>HIDDEN2
                __GI_isatty.symtab0x1f35432FUNC<unknown>HIDDEN2
                __GI_kill.symtab0x1707892FUNC<unknown>HIDDEN2
                __GI_listen.symtab0x1929c28FUNC<unknown>HIDDEN2
                __GI_lseek64.symtab0x20030124FUNC<unknown>HIDDEN2
                __GI_memcpy.symtab0x17e184212FUNC<unknown>HIDDEN2
                __GI_memmove.symtab0x178341508FUNC<unknown>HIDDEN2
                __GI_mempcpy.symtab0x2000832FUNC<unknown>HIDDEN2
                __GI_memset.symtab0x18ec0416FUNC<unknown>HIDDEN2
                __GI_mmap.symtab0x1d010108FUNC<unknown>HIDDEN2
                __GI_mremap.symtab0x1d084104FUNC<unknown>HIDDEN2
                __GI_munmap.symtab0x1d0f492FUNC<unknown>HIDDEN2
                __GI_nanosleep.symtab0x1d1b472FUNC<unknown>HIDDEN2
                __GI_open.symtab0x1c188132FUNC<unknown>HIDDEN2
                __GI_opendir.symtab0x17534228FUNC<unknown>HIDDEN2
                __GI_raise.symtab0x1beac264FUNC<unknown>HIDDEN2
                __GI_random.symtab0x1aaf4108FUNC<unknown>HIDDEN2
                __GI_random_r.symtab0x1acc0152FUNC<unknown>HIDDEN2
                __GI_read.symtab0x1c290132FUNC<unknown>HIDDEN2
                __GI_readdir.symtab0x176d0184FUNC<unknown>HIDDEN2
                __GI_readdir64.symtab0x1d3b0188FUNC<unknown>HIDDEN2
                __GI_readlink.symtab0x1714c96FUNC<unknown>HIDDEN2
                __GI_recv.symtab0x192b892FUNC<unknown>HIDDEN2
                __GI_recvfrom.symtab0x1931496FUNC<unknown>HIDDEN2
                __GI_sbrk.symtab0x1d204108FUNC<unknown>HIDDEN2
                __GI_select.symtab0x1721c84FUNC<unknown>HIDDEN2
                __GI_send.symtab0x1937492FUNC<unknown>HIDDEN2
                __GI_sendto.symtab0x193d096FUNC<unknown>HIDDEN2
                __GI_setsid.symtab0x1727880FUNC<unknown>HIDDEN2
                __GI_setsockopt.symtab0x1943044FUNC<unknown>HIDDEN2
                __GI_setstate_r.symtab0x1af3c276FUNC<unknown>HIDDEN2
                __GI_sigaction.symtab0x1cb04264FUNC<unknown>HIDDEN2
                __GI_sigaddset.symtab0x1948872FUNC<unknown>HIDDEN2
                __GI_sigemptyset.symtab0x194d016FUNC<unknown>HIDDEN2
                __GI_signal.symtab0x194e8168FUNC<unknown>HIDDEN2
                __GI_sigprocmask.symtab0x172d0172FUNC<unknown>HIDDEN2
                __GI_sleep.symtab0x1bfbc336FUNC<unknown>HIDDEN2
                __GI_socket.symtab0x1945c36FUNC<unknown>HIDDEN2
                __GI_srandom_r.symtab0x1ad58232FUNC<unknown>HIDDEN2
                __GI_strchr.symtab0x1ee00524FUNC<unknown>HIDDEN2
                __GI_strchrnul.symtab0x1f0cc260FUNC<unknown>HIDDEN2
                __GI_strcspn.symtab0x1f1d060FUNC<unknown>HIDDEN2
                __GI_strlen.symtab0x190c8120FUNC<unknown>HIDDEN2
                __GI_strncmp.symtab0x1f20c244FUNC<unknown>HIDDEN2
                __GI_strrchr.symtab0x1f00c192FUNC<unknown>HIDDEN2
                __GI_strspn.symtab0x1f30084FUNC<unknown>HIDDEN2
                __GI_strtol.symtab0x1f53020FUNC<unknown>HIDDEN2
                __GI_sysconf.symtab0x1b4cc1140FUNC<unknown>HIDDEN2
                __GI_tcgetattr.symtab0x1f374108FUNC<unknown>HIDDEN2
                __GI_time.symtab0x1737c40FUNC<unknown>HIDDEN2
                __GI_times.symtab0x1d27040FUNC<unknown>HIDDEN2
                __GI_write.symtab0x1c20c132FUNC<unknown>HIDDEN2
                __JCR_END__.symtab0x320580OBJECT<unknown>DEFAULT9
                __JCR_LIST__.symtab0x320580OBJECT<unknown>DEFAULT9
                __app_fini.symtab0x329744OBJECT<unknown>HIDDEN12
                __atexit_lock.symtab0x3226424OBJECT<unknown>DEFAULT11
                __bss_start.symtab0x323780NOTYPE<unknown>DEFAULTSHN_ABS
                __check_one_fd.symtab0x1c5dc84FUNC<unknown>DEFAULT2
                __close.symtab0x1c10c124FUNC<unknown>DEFAULT2
                __close_nocancel.symtab0x1c11832FUNC<unknown>DEFAULT2
                __ctype_b.symtab0x3228c4OBJECT<unknown>DEFAULT11
                __curbrk.symtab0x34edc4OBJECT<unknown>HIDDEN12
                __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                __do_global_ctors_aux.symtab0x200ac0FUNC<unknown>DEFAULT2
                __do_global_dtors_aux.symtab0x100d00FUNC<unknown>DEFAULT2
                __dso_handle.symtab0x321680OBJECT<unknown>HIDDEN11
                __environ.symtab0x3296c4OBJECT<unknown>DEFAULT12
                __errno_location.symtab0x1779036FUNC<unknown>DEFAULT2
                __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                __exit_cleanup.symtab0x3241c4OBJECT<unknown>HIDDEN12
                __fcntl_nocancel.symtab0x16e94196FUNC<unknown>DEFAULT2
                __fgetc_unlocked.symtab0x1eb94344FUNC<unknown>DEFAULT2
                __fini_array_end.symtab0x320480NOTYPE<unknown>HIDDEN6
                __fini_array_start.symtab0x320480NOTYPE<unknown>HIDDEN6
                __fork.symtab0x1b9481088FUNC<unknown>DEFAULT2
                __fork_generation_pointer.symtab0x352ac4OBJECT<unknown>HIDDEN12
                __fork_handlers.symtab0x352b04OBJECT<unknown>HIDDEN12
                __fork_lock.symtab0x324204OBJECT<unknown>HIDDEN12
                __getdents.symtab0x1ce0c176FUNC<unknown>HIDDEN2
                __getdents64.symtab0x1fc84304FUNC<unknown>HIDDEN2
                __getpagesize.symtab0x1cf4c56FUNC<unknown>DEFAULT2
                __getpid.symtab0x1be4c88FUNC<unknown>DEFAULT2
                __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                __init_array_end.symtab0x320480NOTYPE<unknown>HIDDEN6
                __init_array_start.symtab0x320480NOTYPE<unknown>HIDDEN6
                __libc_accept.symtab0x1916896FUNC<unknown>DEFAULT2
                __libc_close.symtab0x1c10c124FUNC<unknown>DEFAULT2
                __libc_connect.symtab0x191ec96FUNC<unknown>DEFAULT2
                __libc_disable_asynccancel.symtab0x1c31c196FUNC<unknown>HIDDEN2
                __libc_enable_asynccancel.symtab0x1c3e0268FUNC<unknown>HIDDEN2
                __libc_errno.symtab0x04TLS<unknown>HIDDEN6
                __libc_fcntl.symtab0x16f58248FUNC<unknown>DEFAULT2
                __libc_fork.symtab0x1b9481088FUNC<unknown>DEFAULT2
                __libc_h_errno.symtab0x44TLS<unknown>HIDDEN6
                __libc_nanosleep.symtab0x1d1b472FUNC<unknown>DEFAULT2
                __libc_open.symtab0x1c188132FUNC<unknown>DEFAULT2
                __libc_read.symtab0x1c290132FUNC<unknown>DEFAULT2
                __libc_recv.symtab0x192b892FUNC<unknown>DEFAULT2
                __libc_recvfrom.symtab0x1931496FUNC<unknown>DEFAULT2
                __libc_select.symtab0x1721c84FUNC<unknown>DEFAULT2
                __libc_send.symtab0x1937492FUNC<unknown>DEFAULT2
                __libc_sendto.symtab0x193d096FUNC<unknown>DEFAULT2
                __libc_setup_tls.symtab0x1f800636FUNC<unknown>DEFAULT2
                __libc_sigaction.symtab0x1cb04264FUNC<unknown>DEFAULT2
                __libc_stack_end.symtab0x329684OBJECT<unknown>DEFAULT12
                __libc_write.symtab0x1c20c132FUNC<unknown>DEFAULT2
                __lll_lock_wait_private.symtab0x1bda0172FUNC<unknown>HIDDEN2
                __malloc_consolidate.symtab0x1a59c436FUNC<unknown>HIDDEN2
                __malloc_largebin_index.symtab0x19610144FUNC<unknown>DEFAULT2
                __malloc_lock.symtab0x3218824OBJECT<unknown>DEFAULT11
                __malloc_state.symtab0x34f34888OBJECT<unknown>DEFAULT12
                __malloc_trim.symtab0x1a4ec176FUNC<unknown>DEFAULT2
                __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                __open.symtab0x1c188132FUNC<unknown>DEFAULT2
                __open_nocancel.symtab0x1c19432FUNC<unknown>DEFAULT2
                __pagesize.symtab0x329704OBJECT<unknown>DEFAULT12
                __preinit_array_end.symtab0x320480NOTYPE<unknown>HIDDEN6
                __preinit_array_start.symtab0x320480NOTYPE<unknown>HIDDEN6
                __progname.symtab0x322804OBJECT<unknown>DEFAULT11
                __progname_full.symtab0x322844OBJECT<unknown>DEFAULT11
                __pthread_initialize_minimal.symtab0x1fa7c24FUNC<unknown>DEFAULT2
                __pthread_mutex_init.symtab0x1c4f48FUNC<unknown>DEFAULT2
                __pthread_mutex_lock.symtab0x1c4ec8FUNC<unknown>DEFAULT2
                __pthread_mutex_trylock.symtab0x1c4ec8FUNC<unknown>DEFAULT2
                __pthread_mutex_unlock.symtab0x1c4ec8FUNC<unknown>DEFAULT2
                __pthread_return_0.symtab0x1c4ec8FUNC<unknown>DEFAULT2
                __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                __read.symtab0x1c290132FUNC<unknown>DEFAULT2
                __read_nocancel.symtab0x1c29c32FUNC<unknown>DEFAULT2
                __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                __rt_sigreturn_stub.symtab0x1cadc16FUNC<unknown>DEFAULT2
                __rtld_fini.symtab0x329784OBJECT<unknown>HIDDEN12
                __sigaddset.symtab0x195b844FUNC<unknown>DEFAULT2
                __sigdelset.symtab0x195e444FUNC<unknown>DEFAULT2
                __sigismember.symtab0x1959040FUNC<unknown>DEFAULT2
                __sigjmp_save.symtab0x1f4dc60FUNC<unknown>HIDDEN2
                __sigreturn_stub.symtab0x1caec16FUNC<unknown>DEFAULT2
                __sigsetjmp.symtab0x1cc8028FUNC<unknown>DEFAULT2
                __socketcall.symtab0x1cca492FUNC<unknown>HIDDEN2
                __socketcall.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                __sparc32_atomic_locks.symtab0x323d864OBJECT<unknown>HIDDEN12
                __stdin.symtab0x322a04OBJECT<unknown>DEFAULT11
                __stdio_READ.symtab0x1fdb4104FUNC<unknown>HIDDEN2
                __stdio_WRITE.symtab0x1fe24248FUNC<unknown>HIDDEN2
                __stdio_rfill.symtab0x1ff1c56FUNC<unknown>HIDDEN2
                __stdio_trans2r_o.symtab0x1ff5c172FUNC<unknown>HIDDEN2
                __stdio_wcommit.symtab0x1e24856FUNC<unknown>HIDDEN2
                __stdout.symtab0x322a44OBJECT<unknown>DEFAULT11
                __syscall_error.symtab0x1cab440FUNC<unknown>HIDDEN2
                __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                __syscall_nanosleep.symtab0x1d15892FUNC<unknown>DEFAULT2
                __syscall_select.symtab0x171b4104FUNC<unknown>DEFAULT2
                __uClibc_fini.symtab0x1c534168FUNC<unknown>DEFAULT2
                __uClibc_init.symtab0x1c63092FUNC<unknown>DEFAULT2
                __uClibc_main.symtab0x1c68c1056FUNC<unknown>DEFAULT2
                __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                __uclibc_progname.symtab0x3227c4OBJECT<unknown>HIDDEN11
                __write.symtab0x1c20c132FUNC<unknown>DEFAULT2
                __write_nocancel.symtab0x1c21832FUNC<unknown>DEFAULT2
                __xstat32_conv.symtab0x1d324132FUNC<unknown>HIDDEN2
                __xstat64_conv.symtab0x1d298140FUNC<unknown>HIDDEN2
                _dl_aux_init.symtab0x1fa9c64FUNC<unknown>DEFAULT2
                _dl_nothread_init_static_tls.symtab0x1fadc84FUNC<unknown>HIDDEN2
                _dl_phdr.symtab0x352d44OBJECT<unknown>DEFAULT12
                _dl_phnum.symtab0x352d84OBJECT<unknown>DEFAULT12
                _dl_tls_dtv_gaps.symtab0x352c81OBJECT<unknown>DEFAULT12
                _dl_tls_dtv_slotinfo_list.symtab0x352c44OBJECT<unknown>DEFAULT12
                _dl_tls_generation.symtab0x352cc4OBJECT<unknown>DEFAULT12
                _dl_tls_max_dtv_idx.symtab0x352bc4OBJECT<unknown>DEFAULT12
                _dl_tls_setup.symtab0x1f7a492FUNC<unknown>DEFAULT2
                _dl_tls_static_align.symtab0x352b84OBJECT<unknown>DEFAULT12
                _dl_tls_static_nelem.symtab0x352d04OBJECT<unknown>DEFAULT12
                _dl_tls_static_size.symtab0x352c04OBJECT<unknown>DEFAULT12
                _dl_tls_static_used.symtab0x352b44OBJECT<unknown>DEFAULT12
                _edata.symtab0x323780NOTYPE<unknown>DEFAULTSHN_ABS
                _end.symtab0x352e00NOTYPE<unknown>DEFAULTSHN_ABS
                _exit.symtab0x1cd08128FUNC<unknown>DEFAULT2
                _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                _fini.symtab0x200f40FUNC<unknown>DEFAULT3
                _fixed_buffers.symtab0x329a08192OBJECT<unknown>DEFAULT12
                _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                _init.symtab0x100b40FUNC<unknown>DEFAULT1
                _pthread_cleanup_pop_restore.symtab0x1c50836FUNC<unknown>DEFAULT2
                _pthread_cleanup_push_defer.symtab0x1c4fc12FUNC<unknown>DEFAULT2
                _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                _setjmp.symtab0x1cc748FUNC<unknown>DEFAULT2
                _sigintr.symtab0x34f2c8OBJECT<unknown>HIDDEN12
                _start.symtab0x101c456FUNC<unknown>DEFAULT2
                _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                _stdio_fopen.symtab0x1dbe41188FUNC<unknown>HIDDEN2
                _stdio_init.symtab0x1e090124FUNC<unknown>HIDDEN2
                _stdio_openlist.symtab0x322a84OBJECT<unknown>DEFAULT11
                _stdio_openlist_add_lock.symtab0x3298012OBJECT<unknown>DEFAULT12
                _stdio_openlist_dec_use.symtab0x1e4cc736FUNC<unknown>HIDDEN2
                _stdio_openlist_del_count.symtab0x3299c4OBJECT<unknown>DEFAULT12
                _stdio_openlist_del_lock.symtab0x3298c12OBJECT<unknown>DEFAULT12
                _stdio_openlist_use_count.symtab0x329984OBJECT<unknown>DEFAULT12
                _stdio_streams.symtab0x322ac204OBJECT<unknown>DEFAULT11
                _stdio_term.symtab0x1e10c316FUNC<unknown>HIDDEN2
                _stdio_user_locking.symtab0x322904OBJECT<unknown>DEFAULT11
                _stdlib_strto_l.symtab0x1f54c472FUNC<unknown>HIDDEN2
                _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                abort.symtab0x1a9c4280FUNC<unknown>DEFAULT2
                abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                accept.symtab0x1916896FUNC<unknown>DEFAULT2
                accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                anti_gdb_entry.symtab0x14fb820FUNC<unknown>DEFAULT2
                atoi.symtab0x1f51824FUNC<unknown>DEFAULT2
                atol.symtab0x1f51824FUNC<unknown>DEFAULT2
                atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                attack_get_opt_int.symtab0x106dc112FUNC<unknown>DEFAULT2
                attack_get_opt_ip.symtab0x1066c112FUNC<unknown>DEFAULT2
                attack_init.symtab0x1074c1024FUNC<unknown>DEFAULT2
                attack_kill_all.symtab0x102d4392FUNC<unknown>DEFAULT2
                attack_method_nudp.symtab0x146881408FUNC<unknown>DEFAULT2
                attack_method_stdhex.symtab0x143c0712FUNC<unknown>DEFAULT2
                attack_method_tcp.symtab0x111cc1620FUNC<unknown>DEFAULT2
                attack_ongoing.symtab0x3239c32OBJECT<unknown>DEFAULT12
                attack_parse.symtab0x1045c528FUNC<unknown>DEFAULT2
                attack_start.symtab0x101fc216FUNC<unknown>DEFAULT2
                attack_tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                attack_tcp_ack.symtab0x125ac1744FUNC<unknown>DEFAULT2
                attack_tcp_legit.symtab0x133181696FUNC<unknown>DEFAULT2
                attack_tcp_null.symtab0x139b81904FUNC<unknown>DEFAULT2
                attack_tcp_sack2.symtab0x118201640FUNC<unknown>DEFAULT2
                attack_tcp_stomp.symtab0x11e881828FUNC<unknown>DEFAULT2
                attack_tcp_syn.symtab0x10b4c1664FUNC<unknown>DEFAULT2
                attack_tcp_syndata.symtab0x12c7c1692FUNC<unknown>DEFAULT2
                attack_udp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                attack_udp_plain.symtab0x14130656FUNC<unknown>DEFAULT2
                bcopy.symtab0x1782812FUNC<unknown>DEFAULT2
                been_there_done_that.symtab0x324184OBJECT<unknown>DEFAULT12
                bind.symtab0x191c836FUNC<unknown>DEFAULT2
                bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                brk.symtab0x1fb3888FUNC<unknown>DEFAULT2
                brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                bsd_signal.symtab0x194e8168FUNC<unknown>DEFAULT2
                bzero.symtab0x18e8c52FUNC<unknown>DEFAULT2
                call___do_global_ctors_aux.symtab0x200e80FUNC<unknown>DEFAULT2
                call___do_global_dtors_aux.symtab0x1014c0FUNC<unknown>DEFAULT2
                call_frame_dummy.symtab0x101b80FUNC<unknown>DEFAULT2
                calloc.symtab0x1a034284FUNC<unknown>DEFAULT2
                calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                checksum_generic.symtab0x14c08100FUNC<unknown>DEFAULT2
                checksum_tcpudp.symtab0x14c6c200FUNC<unknown>DEFAULT2
                clock.symtab0x177b456FUNC<unknown>DEFAULT2
                clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                close.symtab0x1c10c124FUNC<unknown>DEFAULT2
                closedir.symtab0x173ac208FUNC<unknown>DEFAULT2
                closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                completed.4753.symtab0x323781OBJECT<unknown>DEFAULT12
                connect.symtab0x191ec96FUNC<unknown>DEFAULT2
                connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                ensure_single_instance.symtab0x14fcc356FUNC<unknown>DEFAULT2
                environ.symtab0x3296c4OBJECT<unknown>DEFAULT12
                errno.symtab0x04TLS<unknown>DEFAULT6
                errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                exit.symtab0x1b058168FUNC<unknown>DEFAULT2
                exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fclose.symtab0x1d868860FUNC<unknown>DEFAULT2
                fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fcntl.symtab0x16f58248FUNC<unknown>DEFAULT2
                fd_ctrl.symtab0x321744OBJECT<unknown>DEFAULT11
                fd_serv.symtab0x321784OBJECT<unknown>DEFAULT11
                fd_to_DIR.symtab0x17484176FUNC<unknown>DEFAULT2
                fdopendir.symtab0x17618176FUNC<unknown>DEFAULT2
                fflush_unlocked.symtab0x1e7ac992FUNC<unknown>DEFAULT2
                fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fgetc.symtab0x1e280320FUNC<unknown>DEFAULT2
                fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fgetc_unlocked.symtab0x1eb94344FUNC<unknown>DEFAULT2
                fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fgets.symtab0x1e3c0260FUNC<unknown>DEFAULT2
                fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fgets_unlocked.symtab0x1ecec160FUNC<unknown>DEFAULT2
                fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fopen.symtab0x1dbc424FUNC<unknown>DEFAULT2
                fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fork.symtab0x1b9481088FUNC<unknown>DEFAULT2
                fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fork_handler_pool.symtab0x324241348OBJECT<unknown>DEFAULT12
                frame_dummy.symtab0x101580FUNC<unknown>DEFAULT2
                free.symtab0x1a758564FUNC<unknown>DEFAULT2
                free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                fstat.symtab0x1cd90116FUNC<unknown>DEFAULT2
                fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getc.symtab0x1e280320FUNC<unknown>DEFAULT2
                getc_unlocked.symtab0x1eb94344FUNC<unknown>DEFAULT2
                getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getdtablesize.symtab0x1cebc40FUNC<unknown>DEFAULT2
                getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getegid.symtab0x1cee432FUNC<unknown>DEFAULT2
                getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                geteuid.symtab0x1cf0432FUNC<unknown>DEFAULT2
                geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getgid.symtab0x1cf2432FUNC<unknown>DEFAULT2
                getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getpagesize.symtab0x1cf4c56FUNC<unknown>DEFAULT2
                getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getpid.symtab0x1be4c88FUNC<unknown>DEFAULT2
                getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getppid.symtab0x1705032FUNC<unknown>DEFAULT2
                getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getrlimit.symtab0x1cf8c92FUNC<unknown>DEFAULT2
                getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getsockname.symtab0x1924c36FUNC<unknown>DEFAULT2
                getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getsockopt.symtab0x1927044FUNC<unknown>DEFAULT2
                getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                getuid.symtab0x1cfe832FUNC<unknown>DEFAULT2
                getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                h_errno.symtab0x44TLS<unknown>DEFAULT6
                hexPayload.symtab0x321704OBJECT<unknown>DEFAULT11
                index.symtab0x1ee00524FUNC<unknown>DEFAULT2
                inet_addr.symtab0x1914040FUNC<unknown>DEFAULT2
                inet_aton.symtab0x1f3e8244FUNC<unknown>DEFAULT2
                inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                init_static_tls.symtab0x1f72c120FUNC<unknown>DEFAULT2
                initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                initstate.symtab0x1abdc124FUNC<unknown>DEFAULT2
                initstate_r.symtab0x1ae48244FUNC<unknown>DEFAULT2
                ioctl.symtab0x1fb98228FUNC<unknown>DEFAULT2
                ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                isatty.symtab0x1f35432FUNC<unknown>DEFAULT2
                isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                kill.symtab0x1707892FUNC<unknown>DEFAULT2
                kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                killer.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                killer_init.symtab0x14ec0248FUNC<unknown>DEFAULT2
                killer_kill.symtab0x14d3444FUNC<unknown>DEFAULT2
                killer_kill_by_port.symtab0x162ac1532FUNC<unknown>DEFAULT2
                killer_mirai_exists.symtab0x14d60352FUNC<unknown>DEFAULT2
                killer_pid.symtab0x323bc4OBJECT<unknown>DEFAULT12
                libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                libc-lowlevellock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                listen.symtab0x1929c28FUNC<unknown>DEFAULT2
                listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                local_bind.4409.symtab0x321801OBJECT<unknown>DEFAULT11
                lseek64.symtab0x20030124FUNC<unknown>DEFAULT2
                main.symtab0x151a81700FUNC<unknown>DEFAULT2
                main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                malloc.symtab0x196a82436FUNC<unknown>DEFAULT2
                malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                malloc_trim.symtab0x1a98c48FUNC<unknown>DEFAULT2
                memcpy.symtab0x17e184212FUNC<unknown>DEFAULT2
                memmove.symtab0x178341508FUNC<unknown>DEFAULT2
                mempcpy.symtab0x2000832FUNC<unknown>DEFAULT2
                mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                memset.symtab0x18ec0416FUNC<unknown>DEFAULT2
                methods.symtab0x323984OBJECT<unknown>DEFAULT12
                methods_len.symtab0x323941OBJECT<unknown>DEFAULT12
                mmap.symtab0x1d010108FUNC<unknown>DEFAULT2
                mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                mremap.symtab0x1d084104FUNC<unknown>DEFAULT2
                mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                munmap.symtab0x1d0f492FUNC<unknown>DEFAULT2
                munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                mylock.symtab0x321a024OBJECT<unknown>DEFAULT11
                mylock.symtab0x321b824OBJECT<unknown>DEFAULT11
                nanosleep.symtab0x1d1b472FUNC<unknown>DEFAULT2
                nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                object.4768.symtab0x3237c24OBJECT<unknown>DEFAULT12
                open.symtab0x1c188132FUNC<unknown>DEFAULT2
                opendir.symtab0x17534228FUNC<unknown>DEFAULT2
                opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                p.4751.symtab0x3216c0OBJECT<unknown>DEFAULT11
                parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                pending_connection.symtab0x323c01OBJECT<unknown>DEFAULT12
                prctl.symtab0x170dc104FUNC<unknown>DEFAULT2
                prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                program_invocation_name.symtab0x322844OBJECT<unknown>DEFAULT11
                program_invocation_short_name.symtab0x322804OBJECT<unknown>DEFAULT11
                raise.symtab0x1beac264FUNC<unknown>DEFAULT2
                raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                rand.symtab0x1aadc16FUNC<unknown>DEFAULT2
                rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                rand_alphastr.symtab0x158ec300FUNC<unknown>DEFAULT2
                rand_init.symtab0x1589c80FUNC<unknown>DEFAULT2
                rand_next.symtab0x1584c80FUNC<unknown>DEFAULT2
                rand_str.symtab0x15a18248FUNC<unknown>DEFAULT2
                random.symtab0x1aaf4108FUNC<unknown>DEFAULT2
                random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                random_poly_info.symtab0x20a8440OBJECT<unknown>DEFAULT4
                random_r.symtab0x1acc0152FUNC<unknown>DEFAULT2
                random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                randtbl.symtab0x321d0128OBJECT<unknown>DEFAULT11
                read.symtab0x1c290132FUNC<unknown>DEFAULT2
                readdir.symtab0x176d0184FUNC<unknown>DEFAULT2
                readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                readdir64.symtab0x1d3b0188FUNC<unknown>DEFAULT2
                readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                readlink.symtab0x1714c96FUNC<unknown>DEFAULT2
                readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                realloc.symtab0x1a158916FUNC<unknown>DEFAULT2
                realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                recv.symtab0x192b892FUNC<unknown>DEFAULT2
                recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                recvfrom.symtab0x1931496FUNC<unknown>DEFAULT2
                recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                resolv_entries_free.symtab0x15b1056FUNC<unknown>DEFAULT2
                resolv_lookup.symtab0x15b481296FUNC<unknown>DEFAULT2
                resolve_cnc_addr.symtab0x15130120FUNC<unknown>DEFAULT2
                resolve_func.symtab0x3217c4OBJECT<unknown>DEFAULT11
                rindex.symtab0x1f00c192FUNC<unknown>DEFAULT2
                rt_sigaction.symtab0x1cc0c104FUNC<unknown>DEFAULT2
                sbrk.symtab0x1d204108FUNC<unknown>DEFAULT2
                sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                select.symtab0x1721c84FUNC<unknown>DEFAULT2
                select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                send.symtab0x1937492FUNC<unknown>DEFAULT2
                send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                sendto.symtab0x193d096FUNC<unknown>DEFAULT2
                sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                setjmp.symtab0x1cc7c4FUNC<unknown>DEFAULT2
                setsid.symtab0x1727880FUNC<unknown>DEFAULT2
                setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                setsockopt.symtab0x1943044FUNC<unknown>DEFAULT2
                setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                setstate.symtab0x1ab60124FUNC<unknown>DEFAULT2
                setstate_r.symtab0x1af3c276FUNC<unknown>DEFAULT2
                sigaction.symtab0x1cb04264FUNC<unknown>DEFAULT2
                sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                sigaddset.symtab0x1948872FUNC<unknown>DEFAULT2
                sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                sigemptyset.symtab0x194d016FUNC<unknown>DEFAULT2
                sigjmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                signal.symtab0x194e8168FUNC<unknown>DEFAULT2
                signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                sigprocmask.symtab0x172d0172FUNC<unknown>DEFAULT2
                sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                sleep.symtab0x1bfbc336FUNC<unknown>DEFAULT2
                sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                socket.symtab0x1945c36FUNC<unknown>DEFAULT2
                socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                srand.symtab0x1ac58104FUNC<unknown>DEFAULT2
                srandom.symtab0x1ac58104FUNC<unknown>DEFAULT2
                srandom_r.symtab0x1ad58232FUNC<unknown>DEFAULT2
                srv_addr.symtab0x34ee416OBJECT<unknown>DEFAULT12
                static_dtv.symtab0x349a0512OBJECT<unknown>DEFAULT12
                static_map.symtab0x34ea852OBJECT<unknown>DEFAULT12
                static_slotinfo.symtab0x34ba0776OBJECT<unknown>DEFAULT12
                stderr.symtab0x3229c4OBJECT<unknown>DEFAULT11
                stdin.symtab0x322944OBJECT<unknown>DEFAULT11
                stdout.symtab0x322984OBJECT<unknown>DEFAULT11
                strchr.symtab0x1ee00524FUNC<unknown>DEFAULT2
                strchrnul.symtab0x1f0cc260FUNC<unknown>DEFAULT2
                strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                strcspn.symtab0x1f1d060FUNC<unknown>DEFAULT2
                strcspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                strlen.symtab0x190c8120FUNC<unknown>DEFAULT2
                strncmp.symtab0x1f20c244FUNC<unknown>DEFAULT2
                strncmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                strrchr.symtab0x1f00c192FUNC<unknown>DEFAULT2
                strspn.symtab0x1f30084FUNC<unknown>DEFAULT2
                strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                strtol.symtab0x1f53020FUNC<unknown>DEFAULT2
                strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                sysconf.symtab0x1b4cc1140FUNC<unknown>DEFAULT2
                sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                table.symtab0x34ef456OBJECT<unknown>DEFAULT12
                table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                table_init.symtab0x161b0252FUNC<unknown>DEFAULT2
                table_key.symtab0x321844OBJECT<unknown>DEFAULT11
                table_lock_val.symtab0x16080152FUNC<unknown>DEFAULT2
                table_retrieve_val.symtab0x1605840FUNC<unknown>DEFAULT2
                table_unlock_val.symtab0x16118152FUNC<unknown>DEFAULT2
                tcgetattr.symtab0x1f374108FUNC<unknown>DEFAULT2
                tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                time.symtab0x1737c40FUNC<unknown>DEFAULT2
                time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                times.symtab0x1d27040FUNC<unknown>DEFAULT2
                times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                unsafe_state.symtab0x3225020OBJECT<unknown>DEFAULT11
                update_process.symtab0x141288FUNC<unknown>DEFAULT2
                util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                util_atoi.symtab0x16ba0376FUNC<unknown>DEFAULT2
                util_fdgets.symtab0x16a08100FUNC<unknown>DEFAULT2
                util_isalpha.symtab0x169cc40FUNC<unknown>DEFAULT2
                util_isdigit.symtab0x169f420FUNC<unknown>DEFAULT2
                util_itoa.symtab0x16d18264FUNC<unknown>DEFAULT2
                util_local_addr.symtab0x16a6c132FUNC<unknown>DEFAULT2
                util_memcpy.symtab0x1697844FUNC<unknown>DEFAULT2
                util_strcat.symtab0x168d876FUNC<unknown>DEFAULT2
                util_strcpy.symtab0x1692484FUNC<unknown>DEFAULT2
                util_stristr.symtab0x16af0176FUNC<unknown>DEFAULT2
                util_strlen.symtab0x168a848FUNC<unknown>DEFAULT2
                util_zero.symtab0x169a440FUNC<unknown>DEFAULT2
                w.symtab0x323d04OBJECT<unknown>DEFAULT12
                write.symtab0x1c20c132FUNC<unknown>DEFAULT2
                x.symtab0x323c44OBJECT<unknown>DEFAULT12
                xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                y.symtab0x323c84OBJECT<unknown>DEFAULT12
                z.symtab0x323cc4OBJECT<unknown>DEFAULT12

                Network Behavior

                Download Network PCAP: filteredfull

                Network Port Distribution

                • Total Packets: 15
                • 56999 undefined
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Mar 20, 2025 12:22:00.197026968 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:22:00.535531044 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:22:00.535691977 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:22:00.537276983 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:22:00.875462055 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:22:00.875808954 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:22:01.219150066 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:22:10.544353962 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:22:10.881504059 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:22:10.881531000 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:22:10.881593943 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:22:26.436773062 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:22:26.438390970 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:22:41.780776978 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:22:41.781302929 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:22:57.120945930 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:22:57.121092081 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:23:10.932605982 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:23:11.272077084 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:23:11.272334099 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:23:26.852932930 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:23:26.853069067 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:23:42.200495958 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:23:42.200898886 CET5572656999192.168.2.15103.142.27.125
                Mar 20, 2025 12:23:57.540975094 CET5699955726103.142.27.125192.168.2.15
                Mar 20, 2025 12:23:57.541251898 CET5572656999192.168.2.15103.142.27.125
                TimestampSource PortDest PortSource IPDest IP
                Mar 20, 2025 12:22:00.092221022 CET5033553192.168.2.158.8.8.8
                Mar 20, 2025 12:22:00.195698977 CET53503358.8.8.8192.168.2.15

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Mar 20, 2025 12:22:00.092221022 CET192.168.2.158.8.8.80x5812Standard query (0)srolangvan.comA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Mar 20, 2025 12:22:00.195698977 CET8.8.8.8192.168.2.150x5812No error (0)srolangvan.com103.142.27.125A (IP address)IN (0x0001)false

                System Behavior

                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/rm
                Arguments:rm -f /tmp/tmp.EqcodCZfIa /tmp/tmp.sDE9wo9jdb /tmp/tmp.a8socnlqy4
                File size:72056 bytes
                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/cat
                Arguments:cat /tmp/tmp.EqcodCZfIa
                File size:43416 bytes
                MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/head
                Arguments:head -n 10
                File size:47480 bytes
                MD5 hash:fd96a67145172477dd57131396fc9608

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/tr
                Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                File size:51544 bytes
                MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/cut
                Arguments:cut -c -80
                File size:47480 bytes
                MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/cat
                Arguments:cat /tmp/tmp.EqcodCZfIa
                File size:43416 bytes
                MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/head
                Arguments:head -n 10
                File size:47480 bytes
                MD5 hash:fd96a67145172477dd57131396fc9608

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/tr
                Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                File size:51544 bytes
                MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/cut
                Arguments:cut -c -80
                File size:47480 bytes
                MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                File Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/dash
                Arguments:-
                File size:129816 bytes
                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                Process Activities


                General

                Start time (UTC):11:21:49
                Start date (UTC):20/03/2025
                Path:/usr/bin/rm
                Arguments:rm -f /tmp/tmp.EqcodCZfIa /tmp/tmp.sDE9wo9jdb /tmp/tmp.a8socnlqy4
                File size:72056 bytes
                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                File Activities


                General

                Start time (UTC):11:21:58
                Start date (UTC):20/03/2025
                Path:/tmp/spc.elf
                Arguments:/tmp/spc.elf
                File size:4379400 bytes
                MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                File Activities

                Process Activities

                System Activities

                Network Activities


                General

                Start time (UTC):11:21:58
                Start date (UTC):20/03/2025
                Path:/tmp/spc.elf
                Arguments:-
                File size:4379400 bytes
                MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                Process Activities

                Network Activities


                General

                Start time (UTC):11:21:58
                Start date (UTC):20/03/2025
                Path:/tmp/spc.elf
                Arguments:-
                File size:4379400 bytes
                MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                File Activities

                Process Activities