Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
ppc.elf

Overview

General Information

Sample name:ppc.elf
Analysis ID:1644170
MD5:2cd360b0d894e0f981e7d07d8ce3fd34
SHA1:ad2a568258f2b2e423147e871ed38f8be67f0fcc
SHA256:e7e983300808962d7d01414484fd0c75b4ba77c3a1ce7204820705993d3bedfe
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Contains symbols with names commonly found in malware
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample and/or dropped files contains symbols with suspicious names
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1644170
Start date and time:2025-03-20 12:21:37 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 20s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ppc.elf
Detection:MAL
Classification:mal76.troj.linELF@0/0@1/0

Runtime Messages

Command:/tmp/ppc.elf
PID:5488
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
srolangvan.com
Standard Error:

Process Tree

  • system is lnxubuntu20
  • ppc.elf (PID: 5488, Parent: 5416, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/ppc.elf
    • ppc.elf New Fork (PID: 5490, Parent: 5488)
      • ppc.elf New Fork (PID: 5492, Parent: 5490)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ppc.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    ppc.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xded4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdee8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdefc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe03c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5488.1.00007f0a7c001000.00007f0a7c010000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xded4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdee8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdefc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe03c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • AV Detection
    • Networking
    • System Summary
    • Persistence and Installation Behavior
    • Malware Analysis System Evasion
    • Stealing of Sensitive Information
    • Remote Access Functionality

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: ppc.elfAvira: detected
    Source: ppc.elfReversingLabs: Detection: 38%
    Source: global trafficTCP traffic: 192.168.2.14:39270 -> 103.142.27.125:56999
    Source: /tmp/ppc.elf (PID: 5488)Socket: 127.0.0.1:46157Jump to behavior
    Source: global trafficDNS traffic detected: DNS query: srolangvan.com

    System Summary

    barindex
    Source: ppc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5488.1.00007f0a7c001000.00007f0a7c010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_kill_all
    Source: ELF static info symbol of initial sampleName: attack_method_nudp
    Source: ELF static info symbol of initial sampleName: attack_method_stdhex
    Source: ELF static info symbol of initial sampleName: attack_method_tcp
    Source: ELF static info symbol of initial sampleName: attack_ongoing
    Source: ELF static info symbol of initial sampleName: attack_parse
    Source: ppc.elfELF static info symbol of initial sample: hexPayload
    Source: ppc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5488.1.00007f0a7c001000.00007f0a7c010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal76.troj.linELF@0/0@1/0
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/1583/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/2672/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/110/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/111/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/112/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/113/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/234/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/1577/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/114/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/235/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/115/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/116/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/117/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/118/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/119/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/10/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/917/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/11/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/12/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/13/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/14/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/15/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/16/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/17/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/18/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/19/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/1593/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/240/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/120/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/3094/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/121/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/242/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/3406/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/1/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/122/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/243/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/2/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/123/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/244/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/1589/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/3/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/124/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/245/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/1588/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/125/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/4/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/246/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/3402/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/126/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/5/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/247/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/127/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/6/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/248/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/128/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/7/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/249/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/8/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/129/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/800/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/9/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/801/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/803/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/20/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/806/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/21/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/807/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/928/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/22/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/23/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/24/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/25/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/26/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/27/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/28/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/29/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/3783/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/3420/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/490/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/250/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/130/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/251/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/131/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/252/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/132/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/253/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/254/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/255/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/135/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/256/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/1599/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/257/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/378/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/258/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/3412/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/259/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/30/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/35/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/1371/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/260/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/261/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/262/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/142/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/263/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5492)File opened: /proc/264/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5488)Queries kernel information via 'uname': Jump to behavior
    Source: ppc.elf, 5488.1.0000564ddaa5e000.0000564ddab0e000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
    Source: ppc.elf, 5488.1.00007ffdd2b92000.00007ffdd2bb3000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc/tmp/ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ppc.elf
    Source: ppc.elf, 5488.1.0000564ddaa5e000.0000564ddab0e000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
    Source: ppc.elf, 5488.1.00007ffdd2b92000.00007ffdd2bb3000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: ppc.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: ppc.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Masquerading    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local System1
    Non-Standard Port    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1644170 Sample: ppc.elf Startdate: 20/03/2025 Architecture: LINUX Score: 76 14 srolangvan.com 103.142.27.125, 39270, 56999 WEBICO-AS-VNWebicoCompanyLimitedVN Viet Nam 2->14 16 Malicious sample detected (through community Yara rule) 2->16 18 Antivirus / Scanner detection for submitted sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 2 other signatures 2->22 8 ppc.elf 2->8         started        signatures3 process4 process5 10 ppc.elf 8->10         started        process6 12 ppc.elf 10->12         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    ppc.elf39%ReversingLabsLinux.Backdoor.Mirai
    ppc.elf100%AviraEXP/ELF.Mirai.J

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Download Network PCAP: filteredfull

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    srolangvan.com
    		103.142.27.125
    		truefalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      103.142.27.125
      		srolangvan.comViet Nam
      		135951WEBICO-AS-VNWebicoCompanyLimitedVNfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      103.142.27.125spc.elfGet hashmaliciousMiraiBrowse
        x86.elfGet hashmaliciousMiraiBrowse
          mpsl.elfGet hashmaliciousMiraiBrowse
            mips.elfGet hashmaliciousMiraiBrowse
              arm.elfGet hashmaliciousUnknownBrowse
                arm6.elfGet hashmaliciousMiraiBrowse

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  srolangvan.comspc.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  x86.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  mpsl.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  mips.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  arm.elfGet hashmaliciousUnknownBrowse
                  • 103.142.27.125
                  arm6.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  sh4.elfGet hashmaliciousMiraiBrowse
                  • 160.22.161.89
                  debug.dbg.elfGet hashmaliciousMiraiBrowse
                  • 160.22.161.89
                  x86.elfGet hashmaliciousMiraiBrowse
                  • 160.22.161.89
                  m68k.elfGet hashmaliciousUnknownBrowse
                  • 160.22.161.89

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  WEBICO-AS-VNWebicoCompanyLimitedVNspc.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  x86.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  mpsl.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  mips.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  arm.elfGet hashmaliciousUnknownBrowse
                  • 103.142.27.125
                  arm6.elfGet hashmaliciousMiraiBrowse
                  • 103.142.27.125
                  http://admin-globalviolationpolicies.online/Get hashmaliciousUnknownBrowse
                  • 103.130.216.144
                  0ILPz2ji09.exeGet hashmaliciousAgentTeslaBrowse
                  • 103.130.216.118
                  SecuriteInfo.com.Win32.PWSX-gen.18151.17745.exeGet hashmaliciousAgentTeslaBrowse
                  • 103.130.216.118
                  https://mail.thesteampowered.help/Get hashmaliciousUnknownBrowse
                  • 103.130.217.240

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  No created / dropped files found

                  Static File Info

                  General

                  File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, not stripped
                  Entropy (8bit):6.1369408944836525
                  TrID:
                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                  File name:ppc.elf
                  File size:82'366 bytes
                  MD5:2cd360b0d894e0f981e7d07d8ce3fd34
                  SHA1:ad2a568258f2b2e423147e871ed38f8be67f0fcc
                  SHA256:e7e983300808962d7d01414484fd0c75b4ba77c3a1ce7204820705993d3bedfe
                  SHA512:7302c79f9af9685b9cfca14b477c5d1cba776473dbb91fb68d3268d3e6aebca90e44220e0b1f52a984bf2e0a4e1aac90613a9fa9a1e69cca2da02b5b84287980
                  SSDEEP:1536:odN/vFI2N8WgsxzsCFVl3CdX6+v6fMmKVTIp2v:y/vCg8WgisCFVg5vhTVTd
                  TLSH:5F833B0273290967C09799B019EF1FF197B6ECD026F2B206A92D7FA44772FB11485F46
                  File Content Preview:.ELF...........................4.........4. ...(..........................................................,`...............T...T...T................dt.Q.............................!..|......$H...H......$8!. |...N.. .!..|.......?.............../...@..`= .

                  Static ELF Info

                  ELF header

                  Class:ELF32
                  Data:2's complement, big endian
                  Version:1 (current)
                  Machine:PowerPC
                  Version Number:0x1
                  Type:EXEC (Executable file)
                  OS/ABI:UNIX - System V
                  ABI Version:0
                  Entry Point Address:0x10000218
                  Flags:0x0
                  ELF Header Size:52
                  Program Header Offset:52
                  Program Header Size:32
                  Number of Program Headers:4
                  Section Header Offset:64392
                  Section Header Size:40
                  Number of Section Headers:19
                  Header String Table Index:16

                  Sections

                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                  NULL0x00x00x00x00x0000
                  .initPROGBITS0x100000b40xb40x240x00x6AX004
                  .textPROGBITS0x100000d80xd80xd91c0x00x6AX004
                  .finiPROGBITS0x1000d9f40xd9f40x200x00x6AX004
                  .rodataPROGBITS0x1000da140xda140x10dc0x00x2A004
                  .eh_framePROGBITS0x1001f0000xf0000x540x00x3WA004
                  .tbssNOBITS0x1001f0540xf0540x80x00x403WAT004
                  .ctorsPROGBITS0x1001f0540xf0540x80x00x3WA004
                  .dtorsPROGBITS0x1001f05c0xf05c0x80x00x3WA004
                  .jcrPROGBITS0x1001f0640xf0640x40x00x3WA004
                  .dataPROGBITS0x1001f0680xf0680x1cc0x00x3WA004
                  .gotPROGBITS0x1001f2340xf2340x100x40x7WAX004
                  .sdataPROGBITS0x1001f2440xf2440x440x00x3WA004
                  .sbssNOBITS0x1001f2880xf2880x740x00x3WA004
                  .bssNOBITS0x1001f2fc0xf2880x29640x00x3WA004
                  .commentPROGBITS0x00xf2880x8820x00x0001
                  .shstrtabSTRTAB0x00xfb0a0x7e0x00x0001
                  .symtabSYMTAB0x00xfe800x26300x100x0182054
                  .strtabSTRTAB0x00x124b00x1d0e0x00x0001

                  Program Segments

                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                  LOAD0x00x100000000x100000000xeaf00xeaf06.23070x5R E0x10000.init .text .fini .rodata
                  LOAD0xf0000x1001f0000x1001f0000x2880x2c603.96900x7RWE0x10000.eh_frame .tbss .ctors .dtors .jcr .data .got .sdata .sbss .bss
                  TLS0xf0540x1001f0540x1001f0540x00x80.00000x4R 0x4.tbss
                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                  Symbols

                  NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                  .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  .symtab0x100000b40SECTION<unknown>DEFAULT1
                  .symtab0x100000d80SECTION<unknown>DEFAULT2
                  .symtab0x1000d9f40SECTION<unknown>DEFAULT3
                  .symtab0x1000da140SECTION<unknown>DEFAULT4
                  .symtab0x1001f0000SECTION<unknown>DEFAULT5
                  .symtab0x1001f0540SECTION<unknown>DEFAULT6
                  .symtab0x1001f0540SECTION<unknown>DEFAULT7
                  .symtab0x1001f05c0SECTION<unknown>DEFAULT8
                  .symtab0x1001f0640SECTION<unknown>DEFAULT9
                  .symtab0x1001f0680SECTION<unknown>DEFAULT10
                  .symtab0x1001f2340SECTION<unknown>DEFAULT11
                  .symtab0x1001f2440SECTION<unknown>DEFAULT12
                  .symtab0x1001f2880SECTION<unknown>DEFAULT13
                  .symtab0x1001f2fc0SECTION<unknown>DEFAULT14
                  .symtab0x00SECTION<unknown>DEFAULT15
                  C.3.5322.symtab0x1000e79c12OBJECT<unknown>DEFAULT4
                  C.3.6052.symtab0x1000eacc12OBJECT<unknown>DEFAULT4
                  C.3.6106.symtab0x1000eac012OBJECT<unknown>DEFAULT4
                  C.4.5416.symtab0x1000e35024OBJECT<unknown>DEFAULT4
                  C.4.6053.symtab0x1000ead812OBJECT<unknown>DEFAULT4
                  C.6.6061.symtab0x1000eae412OBJECT<unknown>DEFAULT4
                  C.7.5462.symtab0x1000e7a812OBJECT<unknown>DEFAULT4
                  LOCAL_ADDR.symtab0x1001f2904OBJECT<unknown>DEFAULT13
                  _Exit.symtab0x1000acb892FUNC<unknown>DEFAULT2
                  _GLOBAL_OFFSET_TABLE_.symtab0x1001f2380OBJECT<unknown>HIDDEN11
                  _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  _SDA_BASE_.symtab0x100272440NOTYPE<unknown>DEFAULT12
                  _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  __CTOR_END__.symtab0x1001f0580OBJECT<unknown>DEFAULT7
                  __CTOR_LIST__.symtab0x1001f0540OBJECT<unknown>DEFAULT7
                  __C_ctype_b.symtab0x1001f2644OBJECT<unknown>DEFAULT12
                  __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  __C_ctype_b_data.symtab0x1000e7be768OBJECT<unknown>DEFAULT4
                  __DTOR_END__.symtab0x1001f0600OBJECT<unknown>DEFAULT8
                  __DTOR_LIST__.symtab0x1001f05c0OBJECT<unknown>DEFAULT8
                  __EH_FRAME_BEGIN__.symtab0x1001f0000OBJECT<unknown>DEFAULT5
                  __FRAME_END__.symtab0x1001f0500OBJECT<unknown>DEFAULT5
                  __GI___C_ctype_b.symtab0x1001f2644OBJECT<unknown>HIDDEN12
                  __GI___close.symtab0x1000a47c116FUNC<unknown>HIDDEN2
                  __GI___close_nocancel.symtab0x1000a48816FUNC<unknown>HIDDEN2
                  __GI___ctype_b.symtab0x1001f2684OBJECT<unknown>HIDDEN12
                  __GI___errno_location.symtab0x1000784820FUNC<unknown>HIDDEN2
                  __GI___fcntl_nocancel.symtab0x100070f0116FUNC<unknown>HIDDEN2
                  __GI___fgetc_unlocked.symtab0x1000c6bc312FUNC<unknown>HIDDEN2
                  __GI___libc_close.symtab0x1000a47c116FUNC<unknown>HIDDEN2
                  __GI___libc_fcntl.symtab0x10007164236FUNC<unknown>HIDDEN2
                  __GI___libc_open.symtab0x1000a4f0132FUNC<unknown>HIDDEN2
                  __GI___libc_read.symtab0x1000a5f8132FUNC<unknown>HIDDEN2
                  __GI___libc_write.symtab0x1000a574132FUNC<unknown>HIDDEN2
                  __GI___open.symtab0x1000a4f0132FUNC<unknown>HIDDEN2
                  __GI___open_nocancel.symtab0x1000a4fc16FUNC<unknown>HIDDEN2
                  __GI___read.symtab0x1000a5f8132FUNC<unknown>HIDDEN2
                  __GI___read_nocancel.symtab0x1000a60416FUNC<unknown>HIDDEN2
                  __GI___sigaddset.symtab0x1000814440FUNC<unknown>HIDDEN2
                  __GI___sigdelset.symtab0x1000816c40FUNC<unknown>HIDDEN2
                  __GI___sigismember.symtab0x1000811c40FUNC<unknown>HIDDEN2
                  __GI___uClibc_fini.symtab0x1000a7f8144FUNC<unknown>HIDDEN2
                  __GI___uClibc_init.symtab0x1000a8e8100FUNC<unknown>HIDDEN2
                  __GI___write.symtab0x1000a574132FUNC<unknown>HIDDEN2
                  __GI___write_nocancel.symtab0x1000a58016FUNC<unknown>HIDDEN2
                  __GI__exit.symtab0x1000acb892FUNC<unknown>HIDDEN2
                  __GI_abort.symtab0x10009484248FUNC<unknown>HIDDEN2
                  __GI_accept.symtab0x10007ac8120FUNC<unknown>HIDDEN2
                  __GI_bind.symtab0x10007b4052FUNC<unknown>HIDDEN2
                  __GI_brk.symtab0x1000d2dc52FUNC<unknown>HIDDEN2
                  __GI_close.symtab0x1000a47c116FUNC<unknown>HIDDEN2
                  __GI_closedir.symtab0x10007474212FUNC<unknown>HIDDEN2
                  __GI_config_close.symtab0x1000b67480FUNC<unknown>HIDDEN2
                  __GI_config_open.symtab0x1000b6c484FUNC<unknown>HIDDEN2
                  __GI_config_read.symtab0x1000b340820FUNC<unknown>HIDDEN2
                  __GI_connect.symtab0x10007ba8120FUNC<unknown>HIDDEN2
                  __GI_exit.symtab0x10009a9c136FUNC<unknown>HIDDEN2
                  __GI_fclose.symtab0x1000b718640FUNC<unknown>HIDDEN2
                  __GI_fcntl.symtab0x10007164236FUNC<unknown>HIDDEN2
                  __GI_fflush_unlocked.symtab0x1000c3d4744FUNC<unknown>HIDDEN2
                  __GI_fgetc.symtab0x1000bf94304FUNC<unknown>HIDDEN2
                  __GI_fgetc_unlocked.symtab0x1000c6bc312FUNC<unknown>HIDDEN2
                  __GI_fgets.symtab0x1000c0c4244FUNC<unknown>HIDDEN2
                  __GI_fgets_unlocked.symtab0x1000c7f4196FUNC<unknown>HIDDEN2
                  __GI_fopen.symtab0x1000b99812FUNC<unknown>HIDDEN2
                  __GI_fork.symtab0x10009edc824FUNC<unknown>HIDDEN2
                  __GI_fstat.symtab0x1000ad14124FUNC<unknown>HIDDEN2
                  __GI_getc_unlocked.symtab0x1000c6bc312FUNC<unknown>HIDDEN2
                  __GI_getdtablesize.symtab0x1000ae4056FUNC<unknown>HIDDEN2
                  __GI_getegid.symtab0x1000ae7816FUNC<unknown>HIDDEN2
                  __GI_geteuid.symtab0x1000ae8816FUNC<unknown>HIDDEN2
                  __GI_getgid.symtab0x1000ae9816FUNC<unknown>HIDDEN2
                  __GI_getpagesize.symtab0x1000aea828FUNC<unknown>HIDDEN2
                  __GI_getpid.symtab0x1000a21456FUNC<unknown>HIDDEN2
                  __GI_getrlimit.symtab0x1000aec452FUNC<unknown>HIDDEN2
                  __GI_getsockname.symtab0x10007c2052FUNC<unknown>HIDDEN2
                  __GI_getuid.symtab0x1000aef816FUNC<unknown>HIDDEN2
                  __GI_inet_addr.symtab0x10007a6052FUNC<unknown>HIDDEN2
                  __GI_inet_aton.symtab0x1000cd68208FUNC<unknown>HIDDEN2
                  __GI_initstate_r.symtab0x100098d0236FUNC<unknown>HIDDEN2
                  __GI_ioctl.symtab0x1000d14c228FUNC<unknown>HIDDEN2
                  __GI_isatty.symtab0x1000cca044FUNC<unknown>HIDDEN2
                  __GI_kill.symtab0x1000726052FUNC<unknown>HIDDEN2
                  __GI_listen.symtab0x10007c8852FUNC<unknown>HIDDEN2
                  __GI_lseek64.symtab0x1000d918112FUNC<unknown>HIDDEN2
                  __GI_memcpy.symtab0x10007894156FUNC<unknown>HIDDEN2
                  __GI_memmove.symtab0x1000c8b8164FUNC<unknown>HIDDEN2
                  __GI_mempcpy.symtab0x1000d71452FUNC<unknown>HIDDEN2
                  __GI_memset.symtab0x10007930144FUNC<unknown>HIDDEN2
                  __GI_mmap.symtab0x1000af0852FUNC<unknown>HIDDEN2
                  __GI_mremap.symtab0x1000af3c52FUNC<unknown>HIDDEN2
                  __GI_munmap.symtab0x1000af7052FUNC<unknown>HIDDEN2
                  __GI_nanosleep.symtab0x1000afd8112FUNC<unknown>HIDDEN2
                  __GI_open.symtab0x1000a4f0132FUNC<unknown>HIDDEN2
                  __GI_opendir.symtab0x10007600208FUNC<unknown>HIDDEN2
                  __GI_raise.symtab0x1000a24c148FUNC<unknown>HIDDEN2
                  __GI_random.symtab0x10009580104FUNC<unknown>HIDDEN2
                  __GI_random_r.symtab0x10009750140FUNC<unknown>HIDDEN2
                  __GI_read.symtab0x1000a5f8132FUNC<unknown>HIDDEN2
                  __GI_readdir.symtab0x10007788192FUNC<unknown>HIDDEN2
                  __GI_readdir64.symtab0x1000b27c196FUNC<unknown>HIDDEN2
                  __GI_readlink.symtab0x100072c852FUNC<unknown>HIDDEN2
                  __GI_recv.symtab0x10007cf0128FUNC<unknown>HIDDEN2
                  __GI_recvfrom.symtab0x10007da4144FUNC<unknown>HIDDEN2
                  __GI_sbrk.symtab0x1000b048116FUNC<unknown>HIDDEN2
                  __GI_select.symtab0x10007330136FUNC<unknown>HIDDEN2
                  __GI_send.symtab0x10007e68128FUNC<unknown>HIDDEN2
                  __GI_sendto.symtab0x10007f1c144FUNC<unknown>HIDDEN2
                  __GI_setsid.symtab0x100073b852FUNC<unknown>HIDDEN2
                  __GI_setsockopt.symtab0x10007fac52FUNC<unknown>HIDDEN2
                  __GI_setstate_r.symtab0x100099bc224FUNC<unknown>HIDDEN2
                  __GI_sigaction.symtab0x1000ce3836FUNC<unknown>HIDDEN2
                  __GI_sigaddset.symtab0x1000801452FUNC<unknown>HIDDEN2
                  __GI_sigemptyset.symtab0x1000804820FUNC<unknown>HIDDEN2
                  __GI_signal.symtab0x1000805c192FUNC<unknown>HIDDEN2
                  __GI_sigprocmask.symtab0x100073ec120FUNC<unknown>HIDDEN2
                  __GI_sleep.symtab0x1000a2e0292FUNC<unknown>HIDDEN2
                  __GI_socket.symtab0x10007fe052FUNC<unknown>HIDDEN2
                  __GI_srandom_r.symtab0x100097dc244FUNC<unknown>HIDDEN2
                  __GI_strchr.symtab0x1000c95c256FUNC<unknown>HIDDEN2
                  __GI_strchrnul.symtab0x1000ca5c248FUNC<unknown>HIDDEN2
                  __GI_strcmp.symtab0x1000cb5452FUNC<unknown>HIDDEN2
                  __GI_strcoll.symtab0x1000cb5452FUNC<unknown>HIDDEN2
                  __GI_strcspn.symtab0x1000cb8896FUNC<unknown>HIDDEN2
                  __GI_strlen.symtab0x100079c0160FUNC<unknown>HIDDEN2
                  __GI_strrchr.symtab0x1000cbe8112FUNC<unknown>HIDDEN2
                  __GI_strspn.symtab0x1000cc5872FUNC<unknown>HIDDEN2
                  __GI_sysconf.symtab0x10009c6c624FUNC<unknown>HIDDEN2
                  __GI_tcgetattr.symtab0x1000cccc156FUNC<unknown>HIDDEN2
                  __GI_tcsetattr.symtab0x1000d748376FUNC<unknown>HIDDEN2
                  __GI_time.symtab0x1000746416FUNC<unknown>HIDDEN2
                  __GI_times.symtab0x1000b0bc16FUNC<unknown>HIDDEN2
                  __GI_write.symtab0x1000a574132FUNC<unknown>HIDDEN2
                  __JCR_END__.symtab0x1001f0640OBJECT<unknown>DEFAULT9
                  __JCR_LIST__.symtab0x1001f0640OBJECT<unknown>DEFAULT9
                  __app_fini.symtab0x1001f2c04OBJECT<unknown>HIDDEN13
                  __atexit_lock.symtab0x1001f15024OBJECT<unknown>DEFAULT10
                  __bss_start.symtab0x1001f2880NOTYPE<unknown>DEFAULTSHN_ABS
                  __check_one_fd.symtab0x1000a88896FUNC<unknown>DEFAULT2
                  __close.symtab0x1000a47c116FUNC<unknown>DEFAULT2
                  __close_nocancel.symtab0x1000a48816FUNC<unknown>DEFAULT2
                  __ctype_b.symtab0x1001f2684OBJECT<unknown>DEFAULT12
                  __curbrk.symtab0x1001f2f84OBJECT<unknown>DEFAULT13
                  __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  __do_global_ctors_aux.symtab0x1000d9880FUNC<unknown>DEFAULT2
                  __do_global_dtors_aux.symtab0x100000d80FUNC<unknown>DEFAULT2
                  __dso_handle.symtab0x1001f0680OBJECT<unknown>HIDDEN10
                  __environ.symtab0x1001f2b84OBJECT<unknown>DEFAULT13
                  __errno_location.symtab0x1000784820FUNC<unknown>DEFAULT2
                  __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  __exit_cleanup.symtab0x1001f2a44OBJECT<unknown>HIDDEN13
                  __fcntl_nocancel.symtab0x100070f0116FUNC<unknown>DEFAULT2
                  __fgetc_unlocked.symtab0x1000c6bc312FUNC<unknown>DEFAULT2
                  __fini_array_end.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                  __fini_array_start.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                  __fork.symtab0x10009edc824FUNC<unknown>DEFAULT2
                  __fork_generation_pointer.symtab0x1001f2a84OBJECT<unknown>HIDDEN13
                  __fork_handlers.symtab0x1001f2ac4OBJECT<unknown>HIDDEN13
                  __fork_lock.symtab0x1001f2b04OBJECT<unknown>HIDDEN13
                  __getdents.symtab0x1000ad90176FUNC<unknown>HIDDEN2
                  __getdents64.symtab0x1000d344344FUNC<unknown>HIDDEN2
                  __getpagesize.symtab0x1000aea828FUNC<unknown>DEFAULT2
                  __getpid.symtab0x1000a21456FUNC<unknown>DEFAULT2
                  __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  __init_array_end.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                  __init_array_start.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                  __libc_accept.symtab0x10007ac8120FUNC<unknown>DEFAULT2
                  __libc_close.symtab0x1000a47c116FUNC<unknown>DEFAULT2
                  __libc_connect.symtab0x10007ba8120FUNC<unknown>DEFAULT2
                  __libc_disable_asynccancel.symtab0x1000a67c124FUNC<unknown>HIDDEN2
                  __libc_enable_asynccancel.symtab0x1000a6f8172FUNC<unknown>HIDDEN2
                  __libc_errno.symtab0x04TLS<unknown>HIDDEN6
                  __libc_fcntl.symtab0x10007164236FUNC<unknown>DEFAULT2
                  __libc_fork.symtab0x10009edc824FUNC<unknown>DEFAULT2
                  __libc_h_errno.symtab0x44TLS<unknown>HIDDEN6
                  __libc_nanosleep.symtab0x1000afd8112FUNC<unknown>DEFAULT2
                  __libc_open.symtab0x1000a4f0132FUNC<unknown>DEFAULT2
                  __libc_read.symtab0x1000a5f8132FUNC<unknown>DEFAULT2
                  __libc_recv.symtab0x10007cf0128FUNC<unknown>DEFAULT2
                  __libc_recvfrom.symtab0x10007da4144FUNC<unknown>DEFAULT2
                  __libc_select.symtab0x10007330136FUNC<unknown>DEFAULT2
                  __libc_send.symtab0x10007e68128FUNC<unknown>DEFAULT2
                  __libc_sendto.symtab0x10007f1c144FUNC<unknown>DEFAULT2
                  __libc_setup_tls.symtab0x1000cee8464FUNC<unknown>DEFAULT2
                  __libc_sigaction.symtab0x1000ce3836FUNC<unknown>DEFAULT2
                  __libc_stack_end.symtab0x1001f2b44OBJECT<unknown>DEFAULT13
                  __libc_write.symtab0x1000a574132FUNC<unknown>DEFAULT2
                  __lll_lock_wait_private.symtab0x1000a404120FUNC<unknown>HIDDEN2
                  __malloc_consolidate.symtab0x1000906c460FUNC<unknown>HIDDEN2
                  __malloc_largebin_index.symtab0x10008194112FUNC<unknown>DEFAULT2
                  __malloc_lock.symtab0x1001f07424OBJECT<unknown>DEFAULT10
                  __malloc_state.symtab0x100218e8888OBJECT<unknown>DEFAULT14
                  __malloc_trim.symtab0x10008fb4184FUNC<unknown>DEFAULT2
                  __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  __open.symtab0x1000a4f0132FUNC<unknown>DEFAULT2
                  __open_nocancel.symtab0x1000a4fc16FUNC<unknown>DEFAULT2
                  __pagesize.symtab0x1001f2bc4OBJECT<unknown>DEFAULT13
                  __preinit_array_end.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                  __preinit_array_start.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                  __progname.symtab0x1001f25c4OBJECT<unknown>DEFAULT12
                  __progname_full.symtab0x1001f2604OBJECT<unknown>DEFAULT12
                  __pthread_initialize_minimal.symtab0x1000d0b812FUNC<unknown>DEFAULT2
                  __pthread_mutex_init.symtab0x1000a7ac8FUNC<unknown>DEFAULT2
                  __pthread_mutex_lock.symtab0x1000a7a48FUNC<unknown>DEFAULT2
                  __pthread_mutex_trylock.symtab0x1000a7a48FUNC<unknown>DEFAULT2
                  __pthread_mutex_unlock.symtab0x1000a7a48FUNC<unknown>DEFAULT2
                  __pthread_return_0.symtab0x1000a7a48FUNC<unknown>DEFAULT2
                  __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  __read.symtab0x1000a5f8132FUNC<unknown>DEFAULT2
                  __read_nocancel.symtab0x1000a60416FUNC<unknown>DEFAULT2
                  __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  __rtld_fini.symtab0x1001f2c44OBJECT<unknown>HIDDEN13
                  __sigaddset.symtab0x1000814440FUNC<unknown>DEFAULT2
                  __sigdelset.symtab0x1000816c40FUNC<unknown>DEFAULT2
                  __sigismember.symtab0x1000811c40FUNC<unknown>DEFAULT2
                  __sigjmp_save.symtab0x1000d8c088FUNC<unknown>HIDDEN2
                  __sigsetjmp.symtab0x1000d230172FUNC<unknown>DEFAULT2
                  __stdin.symtab0x1001f2784OBJECT<unknown>DEFAULT12
                  __stdio_READ.symtab0x1000d49c120FUNC<unknown>HIDDEN2
                  __stdio_WRITE.symtab0x1000d514264FUNC<unknown>HIDDEN2
                  __stdio_rfill.symtab0x1000d61c72FUNC<unknown>HIDDEN2
                  __stdio_trans2r_o.symtab0x1000d664176FUNC<unknown>HIDDEN2
                  __stdio_wcommit.symtab0x1000bf4876FUNC<unknown>HIDDEN2
                  __stdout.symtab0x1001f27c4OBJECT<unknown>DEFAULT12
                  __sys_accept.symtab0x10007a9452FUNC<unknown>DEFAULT2
                  __sys_connect.symtab0x10007b7452FUNC<unknown>DEFAULT2
                  __sys_recv.symtab0x10007cbc52FUNC<unknown>DEFAULT2
                  __sys_recvfrom.symtab0x10007d7052FUNC<unknown>DEFAULT2
                  __sys_send.symtab0x10007e3452FUNC<unknown>DEFAULT2
                  __sys_sendto.symtab0x10007ee852FUNC<unknown>DEFAULT2
                  __syscall_error.symtab0x1000ac9428FUNC<unknown>HIDDEN2
                  __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  __syscall_nanosleep.symtab0x1000afa452FUNC<unknown>DEFAULT2
                  __syscall_rt_sigaction.symtab0x1000d31052FUNC<unknown>DEFAULT2
                  __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  __syscall_select.symtab0x100072fc52FUNC<unknown>DEFAULT2
                  __uClibc_fini.symtab0x1000a7f8144FUNC<unknown>DEFAULT2
                  __uClibc_init.symtab0x1000a8e8100FUNC<unknown>DEFAULT2
                  __uClibc_main.symtab0x1000a94c840FUNC<unknown>DEFAULT2
                  __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  __uclibc_progname.symtab0x1001f2584OBJECT<unknown>HIDDEN12
                  __write.symtab0x1000a574132FUNC<unknown>DEFAULT2
                  __write_nocancel.symtab0x1000a58016FUNC<unknown>DEFAULT2
                  __xstat32_conv.symtab0x1000b1b0204FUNC<unknown>HIDDEN2
                  __xstat64_conv.symtab0x1000b0cc228FUNC<unknown>HIDDEN2
                  _dl_aux_init.symtab0x1000d0c428FUNC<unknown>DEFAULT2
                  _dl_nothread_init_static_tls.symtab0x1000d0e0108FUNC<unknown>HIDDEN2
                  _dl_phdr.symtab0x1001f2f04OBJECT<unknown>DEFAULT13
                  _dl_phnum.symtab0x1001f2f44OBJECT<unknown>DEFAULT13
                  _dl_tls_dtv_gaps.symtab0x1001f2e41OBJECT<unknown>DEFAULT13
                  _dl_tls_dtv_slotinfo_list.symtab0x1001f2e04OBJECT<unknown>DEFAULT13
                  _dl_tls_generation.symtab0x1001f2e84OBJECT<unknown>DEFAULT13
                  _dl_tls_max_dtv_idx.symtab0x1001f2d84OBJECT<unknown>DEFAULT13
                  _dl_tls_setup.symtab0x1000ce9880FUNC<unknown>DEFAULT2
                  _dl_tls_static_align.symtab0x1001f2d44OBJECT<unknown>DEFAULT13
                  _dl_tls_static_nelem.symtab0x1001f2ec4OBJECT<unknown>DEFAULT13
                  _dl_tls_static_size.symtab0x1001f2dc4OBJECT<unknown>DEFAULT13
                  _dl_tls_static_used.symtab0x1001f2d04OBJECT<unknown>DEFAULT13
                  _edata.symtab0x1001f2880NOTYPE<unknown>DEFAULTSHN_ABS
                  _end.symtab0x10021c600NOTYPE<unknown>DEFAULTSHN_ABS
                  _exit.symtab0x1000acb892FUNC<unknown>DEFAULT2
                  _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  _fini.symtab0x1000d9f40FUNC<unknown>DEFAULT3
                  _fixed_buffers.symtab0x1001f3648192OBJECT<unknown>DEFAULT14
                  _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  _init.symtab0x100000b40FUNC<unknown>DEFAULT1
                  _pthread_cleanup_pop_restore.symtab0x1000a7c056FUNC<unknown>DEFAULT2
                  _pthread_cleanup_push_defer.symtab0x1000a7b412FUNC<unknown>DEFAULT2
                  _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  _setjmp.symtab0x1000acb08FUNC<unknown>DEFAULT2
                  _sigintr.symtab0x1001f29c8OBJECT<unknown>HIDDEN13
                  _start.symtab0x1000021872FUNC<unknown>DEFAULT2
                  _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  _stdio_fopen.symtab0x1000b9a41000FUNC<unknown>HIDDEN2
                  _stdio_init.symtab0x1000bd8c128FUNC<unknown>HIDDEN2
                  _stdio_openlist.symtab0x1001f2804OBJECT<unknown>DEFAULT12
                  _stdio_openlist_add_lock.symtab0x1001f34c12OBJECT<unknown>DEFAULT14
                  _stdio_openlist_dec_use.symtab0x1000c1b8540FUNC<unknown>HIDDEN2
                  _stdio_openlist_del_count.symtab0x1001f2cc4OBJECT<unknown>DEFAULT13
                  _stdio_openlist_del_lock.symtab0x1001f35812OBJECT<unknown>DEFAULT14
                  _stdio_openlist_use_count.symtab0x1001f2c84OBJECT<unknown>DEFAULT13
                  _stdio_streams.symtab0x1001f168204OBJECT<unknown>DEFAULT10
                  _stdio_term.symtab0x1000be0c316FUNC<unknown>HIDDEN2
                  _stdio_user_locking.symtab0x1001f2844OBJECT<unknown>DEFAULT12
                  _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  abort.symtab0x10009484248FUNC<unknown>DEFAULT2
                  abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  accept.symtab0x10007ac8120FUNC<unknown>DEFAULT2
                  accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  anti_gdb_entry.symtab0x1000509c20FUNC<unknown>DEFAULT2
                  attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  attack_get_opt_int.symtab0x10000834132FUNC<unknown>DEFAULT2
                  attack_get_opt_ip.symtab0x100007b4128FUNC<unknown>DEFAULT2
                  attack_init.symtab0x100008b81068FUNC<unknown>DEFAULT2
                  attack_kill_all.symtab0x10000374404FUNC<unknown>DEFAULT2
                  attack_method_nudp.symtab0x100046581620FUNC<unknown>DEFAULT2
                  attack_method_stdhex.symtab0x10004358768FUNC<unknown>DEFAULT2
                  attack_method_tcp.symtab0x100012dc1592FUNC<unknown>DEFAULT2
                  attack_ongoing.symtab0x1001f31832OBJECT<unknown>DEFAULT14
                  attack_parse.symtab0x10000508684FUNC<unknown>DEFAULT2
                  attack_start.symtab0x10000260276FUNC<unknown>DEFAULT2
                  attack_tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  attack_tcp_ack.symtab0x100025c81624FUNC<unknown>DEFAULT2
                  attack_tcp_legit.symtab0x1000325c1668FUNC<unknown>DEFAULT2
                  attack_tcp_null.symtab0x100038e01908FUNC<unknown>DEFAULT2
                  attack_tcp_sack2.symtab0x100019141608FUNC<unknown>DEFAULT2
                  attack_tcp_stomp.symtab0x10001f5c1644FUNC<unknown>DEFAULT2
                  attack_tcp_syn.symtab0x10000ce41528FUNC<unknown>DEFAULT2
                  attack_tcp_syndata.symtab0x10002c201596FUNC<unknown>DEFAULT2
                  attack_udp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  attack_udp_plain.symtab0x10004058768FUNC<unknown>DEFAULT2
                  been_there_done_that.symtab0x1001f3484OBJECT<unknown>DEFAULT14
                  bind.symtab0x10007b4052FUNC<unknown>DEFAULT2
                  bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  brk.symtab0x1000d2dc52FUNC<unknown>DEFAULT2
                  bsd_signal.symtab0x1000805c192FUNC<unknown>DEFAULT2
                  call___do_global_ctors_aux.symtab0x1000d9d80FUNC<unknown>DEFAULT2
                  call___do_global_dtors_aux.symtab0x100001700FUNC<unknown>DEFAULT2
                  call_frame_dummy.symtab0x100001fc0FUNC<unknown>DEFAULT2
                  calloc.symtab0x10008b14264FUNC<unknown>DEFAULT2
                  calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  checksum_generic.symtab0x10004cac100FUNC<unknown>DEFAULT2
                  checksum_tcpudp.symtab0x10004d10188FUNC<unknown>DEFAULT2
                  clock.symtab0x1000785c56FUNC<unknown>DEFAULT2
                  clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  close.symtab0x1000a47c116FUNC<unknown>DEFAULT2
                  closedir.symtab0x10007474212FUNC<unknown>DEFAULT2
                  closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  completed.5580.symtab0x1001f2fc0OBJECT<unknown>DEFAULT14
                  connect.symtab0x10007ba8120FUNC<unknown>DEFAULT2
                  connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  ensure_single_instance.symtab0x100050b0492FUNC<unknown>DEFAULT2
                  environ.symtab0x1001f2b84OBJECT<unknown>DEFAULT13
                  errno.symtab0x04TLS<unknown>DEFAULT6
                  errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  exit.symtab0x10009a9c136FUNC<unknown>DEFAULT2
                  exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fclose.symtab0x1000b718640FUNC<unknown>DEFAULT2
                  fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fcntl.symtab0x10007164236FUNC<unknown>DEFAULT2
                  fd_ctrl.symtab0x1001f24c4OBJECT<unknown>DEFAULT12
                  fd_serv.symtab0x1001f2504OBJECT<unknown>DEFAULT12
                  fd_to_DIR.symtab0x10007548184FUNC<unknown>DEFAULT2
                  fdopendir.symtab0x100076d0184FUNC<unknown>DEFAULT2
                  fflush_unlocked.symtab0x1000c3d4744FUNC<unknown>DEFAULT2
                  fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fgetc.symtab0x1000bf94304FUNC<unknown>DEFAULT2
                  fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fgetc_unlocked.symtab0x1000c6bc312FUNC<unknown>DEFAULT2
                  fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fgets.symtab0x1000c0c4244FUNC<unknown>DEFAULT2
                  fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fgets_unlocked.symtab0x1000c7f4196FUNC<unknown>DEFAULT2
                  fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fopen.symtab0x1000b99812FUNC<unknown>DEFAULT2
                  fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fork.symtab0x10009edc824FUNC<unknown>DEFAULT2
                  fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  frame_dummy.symtab0x1000018c0FUNC<unknown>DEFAULT2
                  free.symtab0x10009238524FUNC<unknown>DEFAULT2
                  free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  fstat.symtab0x1000ad14124FUNC<unknown>DEFAULT2
                  fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getc.symtab0x1000bf94304FUNC<unknown>DEFAULT2
                  getc_unlocked.symtab0x1000c6bc312FUNC<unknown>DEFAULT2
                  getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getdtablesize.symtab0x1000ae4056FUNC<unknown>DEFAULT2
                  getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getegid.symtab0x1000ae7816FUNC<unknown>DEFAULT2
                  getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  geteuid.symtab0x1000ae8816FUNC<unknown>DEFAULT2
                  geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getgid.symtab0x1000ae9816FUNC<unknown>DEFAULT2
                  getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getpagesize.symtab0x1000aea828FUNC<unknown>DEFAULT2
                  getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getpid.symtab0x1000a21456FUNC<unknown>DEFAULT2
                  getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getppid.symtab0x1000725016FUNC<unknown>DEFAULT2
                  getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getrlimit.symtab0x1000aec452FUNC<unknown>DEFAULT2
                  getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getsockname.symtab0x10007c2052FUNC<unknown>DEFAULT2
                  getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getsockopt.symtab0x10007c5452FUNC<unknown>DEFAULT2
                  getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  getuid.symtab0x1000aef816FUNC<unknown>DEFAULT2
                  getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  h_errno.symtab0x44TLS<unknown>DEFAULT6
                  hexPayload.symtab0x1001f2444OBJECT<unknown>DEFAULT12
                  index.symtab0x1000c95c256FUNC<unknown>DEFAULT2
                  inet_addr.symtab0x10007a6052FUNC<unknown>DEFAULT2
                  inet_aton.symtab0x1000cd68208FUNC<unknown>DEFAULT2
                  inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  init_static_tls.symtab0x1000ce5c60FUNC<unknown>DEFAULT2
                  initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  initstate.symtab0x10009664132FUNC<unknown>DEFAULT2
                  initstate_r.symtab0x100098d0236FUNC<unknown>DEFAULT2
                  ioctl.symtab0x1000d14c228FUNC<unknown>DEFAULT2
                  ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  isatty.symtab0x1000cca044FUNC<unknown>DEFAULT2
                  isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  kill.symtab0x1000726052FUNC<unknown>DEFAULT2
                  kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  killer.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  killer_init.symtab0x10004fa0252FUNC<unknown>DEFAULT2
                  killer_kill.symtab0x10004dcc52FUNC<unknown>DEFAULT2
                  killer_kill_by_port.symtab0x100065841540FUNC<unknown>DEFAULT2
                  killer_mirai_exists.symtab0x10004e00416FUNC<unknown>DEFAULT2
                  killer_pid.symtab0x1001f2944OBJECT<unknown>DEFAULT13
                  libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  libc-lowlevellock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  listen.symtab0x10007c8852FUNC<unknown>DEFAULT2
                  listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  local_bind.4513.symtab0x1001f0701OBJECT<unknown>DEFAULT10
                  lseek64.symtab0x1000d918112FUNC<unknown>DEFAULT2
                  main.symtab0x1000533c1836FUNC<unknown>DEFAULT2
                  main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  malloc.symtab0x100082042320FUNC<unknown>DEFAULT2
                  malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  malloc_trim.symtab0x1000944464FUNC<unknown>DEFAULT2
                  memcpy.symtab0x10007894156FUNC<unknown>DEFAULT2
                  memcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  memmove.symtab0x1000c8b8164FUNC<unknown>DEFAULT2
                  memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  mempcpy.symtab0x1000d71452FUNC<unknown>DEFAULT2
                  mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  memset.symtab0x10007930144FUNC<unknown>DEFAULT2
                  memset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  methods.symtab0x1001f28c4OBJECT<unknown>DEFAULT13
                  methods_len.symtab0x1001f2881OBJECT<unknown>DEFAULT13
                  mmap.symtab0x1000af0852FUNC<unknown>DEFAULT2
                  mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  mremap.symtab0x1000af3c52FUNC<unknown>DEFAULT2
                  mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  munmap.symtab0x1000af7052FUNC<unknown>DEFAULT2
                  munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  mylock.symtab0x1001f08c24OBJECT<unknown>DEFAULT10
                  mylock.symtab0x1001f0a424OBJECT<unknown>DEFAULT10
                  nanosleep.symtab0x1000afd8112FUNC<unknown>DEFAULT2
                  nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  nprocessors_onln.symtab0x10009b24328FUNC<unknown>DEFAULT2
                  object.5595.symtab0x1001f3000OBJECT<unknown>DEFAULT14
                  open.symtab0x1000a4f0132FUNC<unknown>DEFAULT2
                  opendir.symtab0x10007600208FUNC<unknown>DEFAULT2
                  opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  p.5578.symtab0x1001f06c0OBJECT<unknown>DEFAULT10
                  parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  pending_connection.symtab0x1001f2981OBJECT<unknown>DEFAULT13
                  prctl.symtab0x1000729452FUNC<unknown>DEFAULT2
                  prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  program_invocation_name.symtab0x1001f2604OBJECT<unknown>DEFAULT12
                  program_invocation_short_name.symtab0x1001f25c4OBJECT<unknown>DEFAULT12
                  raise.symtab0x1000a24c148FUNC<unknown>DEFAULT2
                  raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  rand.symtab0x1000957c4FUNC<unknown>DEFAULT2
                  rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  rand_alphastr.symtab0x10005b28364FUNC<unknown>DEFAULT2
                  rand_init.symtab0x10005ab8112FUNC<unknown>DEFAULT2
                  rand_next.symtab0x10005a6880FUNC<unknown>DEFAULT2
                  rand_str.symtab0x10005c94256FUNC<unknown>DEFAULT2
                  random.symtab0x10009580104FUNC<unknown>DEFAULT2
                  random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  random_poly_info.symtab0x1000e36840OBJECT<unknown>DEFAULT4
                  random_r.symtab0x10009750140FUNC<unknown>DEFAULT2
                  random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  randtbl.symtab0x1001f0d0128OBJECT<unknown>DEFAULT10
                  read.symtab0x1000a5f8132FUNC<unknown>DEFAULT2
                  readdir.symtab0x10007788192FUNC<unknown>DEFAULT2
                  readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  readdir64.symtab0x1000b27c196FUNC<unknown>DEFAULT2
                  readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  readlink.symtab0x100072c852FUNC<unknown>DEFAULT2
                  readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  realloc.symtab0x10008c1c920FUNC<unknown>DEFAULT2
                  realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  recv.symtab0x10007cf0128FUNC<unknown>DEFAULT2
                  recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  recvfrom.symtab0x10007da4144FUNC<unknown>DEFAULT2
                  recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  resolv_entries_free.symtab0x10005d9468FUNC<unknown>DEFAULT2
                  resolv_lookup.symtab0x10005dd81340FUNC<unknown>DEFAULT2
                  resolve_cnc_addr.symtab0x1000529c160FUNC<unknown>DEFAULT2
                  resolve_func.symtab0x1001f2484OBJECT<unknown>DEFAULT12
                  rindex.symtab0x1000cbe8112FUNC<unknown>DEFAULT2
                  sbrk.symtab0x1000b048116FUNC<unknown>DEFAULT2
                  sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  select.symtab0x10007330136FUNC<unknown>DEFAULT2
                  select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  send.symtab0x10007e68128FUNC<unknown>DEFAULT2
                  send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  sendto.symtab0x10007f1c144FUNC<unknown>DEFAULT2
                  sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  setsid.symtab0x100073b852FUNC<unknown>DEFAULT2
                  setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  setsockopt.symtab0x10007fac52FUNC<unknown>DEFAULT2
                  setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  setstate.symtab0x100095e8124FUNC<unknown>DEFAULT2
                  setstate_r.symtab0x100099bc224FUNC<unknown>DEFAULT2
                  sigaction.symtab0x1000ce3836FUNC<unknown>DEFAULT2
                  sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  sigaddset.symtab0x1000801452FUNC<unknown>DEFAULT2
                  sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  sigemptyset.symtab0x1000804820FUNC<unknown>DEFAULT2
                  sigjmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  signal.symtab0x1000805c192FUNC<unknown>DEFAULT2
                  signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  sigprocmask.symtab0x100073ec120FUNC<unknown>DEFAULT2
                  sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  sleep.symtab0x1000a2e0292FUNC<unknown>DEFAULT2
                  sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  socket.symtab0x10007fe052FUNC<unknown>DEFAULT2
                  socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  srand.symtab0x100096e8104FUNC<unknown>DEFAULT2
                  srandom.symtab0x100096e8104FUNC<unknown>DEFAULT2
                  srandom_r.symtab0x100097dc244FUNC<unknown>DEFAULT2
                  srv_addr.symtab0x100218a016OBJECT<unknown>DEFAULT14
                  static_dtv.symtab0x1002166c512OBJECT<unknown>DEFAULT14
                  static_map.symtab0x1002186c52OBJECT<unknown>DEFAULT14
                  static_slotinfo.symtab0x10021364776OBJECT<unknown>DEFAULT14
                  stderr.symtab0x1001f2744OBJECT<unknown>DEFAULT12
                  stdin.symtab0x1001f26c4OBJECT<unknown>DEFAULT12
                  stdout.symtab0x1001f2704OBJECT<unknown>DEFAULT12
                  strchr.symtab0x1000c95c256FUNC<unknown>DEFAULT2
                  strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  strchrnul.symtab0x1000ca5c248FUNC<unknown>DEFAULT2
                  strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  strcmp.symtab0x1000cb5452FUNC<unknown>DEFAULT2
                  strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  strcoll.symtab0x1000cb5452FUNC<unknown>DEFAULT2
                  strcspn.symtab0x1000cb8896FUNC<unknown>DEFAULT2
                  strcspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  strlen.symtab0x100079c0160FUNC<unknown>DEFAULT2
                  strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  strrchr.symtab0x1000cbe8112FUNC<unknown>DEFAULT2
                  strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  strspn.symtab0x1000cc5872FUNC<unknown>DEFAULT2
                  strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  sysconf.symtab0x10009c6c624FUNC<unknown>DEFAULT2
                  sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  table.symtab0x100218b056OBJECT<unknown>DEFAULT14
                  table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  table_init.symtab0x10006454304FUNC<unknown>DEFAULT2
                  table_key.symtab0x1001f2544OBJECT<unknown>DEFAULT12
                  table_lock_val.symtab0x1000633c140FUNC<unknown>DEFAULT2
                  table_retrieve_val.symtab0x1000631440FUNC<unknown>DEFAULT2
                  table_unlock_val.symtab0x100063c8140FUNC<unknown>DEFAULT2
                  tcgetattr.symtab0x1000cccc156FUNC<unknown>DEFAULT2
                  tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  tcsetattr.symtab0x1000d748376FUNC<unknown>DEFAULT2
                  tcsetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  time.symtab0x1000746416FUNC<unknown>DEFAULT2
                  time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  times.symtab0x1000b0bc16FUNC<unknown>DEFAULT2
                  times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  unsafe_state.symtab0x1001f0bc20OBJECT<unknown>DEFAULT10
                  update_process.symtab0x100040544FUNC<unknown>DEFAULT2
                  util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  util_atoi.symtab0x10006ebc308FUNC<unknown>DEFAULT2
                  util_fdgets.symtab0x10006cc0164FUNC<unknown>DEFAULT2
                  util_isalpha.symtab0x10006c7848FUNC<unknown>DEFAULT2
                  util_isdigit.symtab0x10006ca824FUNC<unknown>DEFAULT2
                  util_itoa.symtab0x10006ff0256FUNC<unknown>DEFAULT2
                  util_local_addr.symtab0x10006d64172FUNC<unknown>DEFAULT2
                  util_memcpy.symtab0x10006c3036FUNC<unknown>DEFAULT2
                  util_strcat.symtab0x10006bb060FUNC<unknown>DEFAULT2
                  util_strcpy.symtab0x10006bec68FUNC<unknown>DEFAULT2
                  util_stristr.symtab0x10006e10172FUNC<unknown>DEFAULT2
                  util_strlen.symtab0x10006b8840FUNC<unknown>DEFAULT2
                  util_zero.symtab0x10006c5436FUNC<unknown>DEFAULT2
                  w.symtab0x1001f3384OBJECT<unknown>DEFAULT14
                  write.symtab0x1000a574132FUNC<unknown>DEFAULT2
                  x.symtab0x1001f33c4OBJECT<unknown>DEFAULT14
                  xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                  y.symtab0x1001f3404OBJECT<unknown>DEFAULT14
                  z.symtab0x1001f3444OBJECT<unknown>DEFAULT14

                  Network Behavior

                  Download Network PCAP: filteredfull

                  Network Port Distribution

                  • Total Packets: 15
                  • 56999 undefined
                  • 53 (DNS)
                  TimestampSource PortDest PortSource IPDest IP
                  Mar 20, 2025 12:22:18.879370928 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:22:19.212676048 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:22:19.212836981 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:22:19.215850115 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:22:19.550266027 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:22:19.550441027 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:22:19.885385990 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:22:29.225754976 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:22:29.560014009 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:22:29.560034990 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:22:29.560144901 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:22:45.125087023 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:22:45.125603914 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:23:00.460989952 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:23:00.461246014 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:23:15.798000097 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:23:15.798182011 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:23:29.611890078 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:23:29.948590994 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:23:29.948949099 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:23:45.286845922 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:23:45.287204027 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:24:00.622133017 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:24:00.622421026 CET3927056999192.168.2.14103.142.27.125
                  Mar 20, 2025 12:24:15.957318068 CET5699939270103.142.27.125192.168.2.14
                  Mar 20, 2025 12:24:15.957551956 CET3927056999192.168.2.14103.142.27.125
                  TimestampSource PortDest PortSource IPDest IP
                  Mar 20, 2025 12:22:18.787193060 CET3768253192.168.2.148.8.8.8
                  Mar 20, 2025 12:22:18.878046036 CET53376828.8.8.8192.168.2.14

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Mar 20, 2025 12:22:18.787193060 CET192.168.2.148.8.8.80x797cStandard query (0)srolangvan.comA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Mar 20, 2025 12:22:18.878046036 CET8.8.8.8192.168.2.140x797cNo error (0)srolangvan.com103.142.27.125A (IP address)IN (0x0001)false

                  System Behavior

                  General

                  Start time (UTC):11:22:17
                  Start date (UTC):20/03/2025
                  Path:/tmp/ppc.elf
                  Arguments:/tmp/ppc.elf
                  File size:5388968 bytes
                  MD5 hash:ae65271c943d3451b7f026d1fadccea6

                  File Activities

                  Process Activities

                  System Activities

                  Network Activities


                  General

                  Start time (UTC):11:22:18
                  Start date (UTC):20/03/2025
                  Path:/tmp/ppc.elf
                  Arguments:-
                  File size:5388968 bytes
                  MD5 hash:ae65271c943d3451b7f026d1fadccea6

                  Process Activities

                  Network Activities


                  General

                  Start time (UTC):11:22:18
                  Start date (UTC):20/03/2025
                  Path:/tmp/ppc.elf
                  Arguments:-
                  File size:5388968 bytes
                  MD5 hash:ae65271c943d3451b7f026d1fadccea6

                  File Activities

                  Process Activities