Edit tour

Linux Analysis Report
hiss.mips.elf

Overview

General Information

Sample name:	hiss.mips.elf
Analysis ID:	1644330
MD5:	939c3a8d56cf4f8aec415842d28c6cae
SHA1:	4ac21ce4f37d50a1afbb85c708bbb9cf66b74072
SHA256:	02356742d3564b258677fe18441eb71defc05ec029a53e31a1f2ce6a3d7acedb
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	48
Range:	0 - 100

Signatures

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1644330
Start date and time:	2025-03-20 14:29:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	hiss.mips.elf
Detection:	MAL
Classification:	mal48.linELF@0/1@52/0

Warnings

VT rate limit hit for: horse.ipcamlover.ru

Runtime Messages

Command:	/tmp/hiss.mips.elf
PID:	5487
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

hiss.mips.elf (PID: 5487, Parent: 5412, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/hiss.mips.elf

hiss.mips.elf New Fork (PID: 5489, Parent: 5487)

hiss.mips.elf New Fork (PID: 5490, Parent: 5487)

hiss.mips.elf New Fork (PID: 5492, Parent: 5487)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Spreading
• Networking
• System Summary
• Persistence and Installation Behavior
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: hiss.mips.elf

Virustotal: Detection: 12%

Perma Link

Source: hiss.mips.elf

String: |||self(deleted)/dev/usr//bin//sbin//cmdlinewgetcurlftp

Source: global traffic

TCP traffic: 192.168.2.14:42014 -> 77.232.36.152:8080

Source: /tmp/hiss.mips.elf (PID: 5487)

Socket: 127.0.0.1:45995

Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknown	UDP traffic detected without corresponding DNS query: 180.76.76.76
Source: unknown	UDP traffic detected without corresponding DNS query: 185.85.15.34
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknown	UDP traffic detected without corresponding DNS query: 180.76.76.76
Source: unknown	UDP traffic detected without corresponding DNS query: 185.85.15.34
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknown	UDP traffic detected without corresponding DNS query: 180.76.76.76
Source: unknown	UDP traffic detected without corresponding DNS query: 185.85.15.34
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknown	UDP traffic detected without corresponding DNS query: 180.76.76.76
Source: unknown	UDP traffic detected without corresponding DNS query: 185.85.15.34
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknown	UDP traffic detected without corresponding DNS query: 180.76.76.76
Source: unknown	UDP traffic detected without corresponding DNS query: 185.85.15.34
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.222.222
Source: unknown	UDP traffic detected without corresponding DNS query: 208.67.220.220
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknown	UDP traffic detected without corresponding DNS query: 180.76.76.76
Source: unknown	UDP traffic detected without corresponding DNS query: 185.85.15.34

Source: global traffic	DNS traffic detected: DNS query: dog.xlabsecurity.ru
Source: global traffic	DNS traffic detected: DNS query: kitty.xlabresearch.ru
Source: global traffic	DNS traffic detected: DNS query: horse.ipcamlover.ru
Source: global traffic	DNS traffic detected: DNS query: fish.dvrhelpers.su

Source: hiss.mips.elf, 5489.1.00007f5ddd1a0000.00007f5ddd32c000.rw-.sdmp

String found in binary or memory: http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken

Source: unknown

Network traffic detected: HTTP traffic on port 46540 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal48.linELF@0/1@52/0

Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/hiss.mips.elf (PID: 5490)	File opened: /proc/9/cmdline	Jump to behavior

Source: /tmp/hiss.mips.elf (PID: 5487)

Queries kernel information via 'uname':

Jump to behavior

Source: hiss.mips.elf, 5489.1.00007ffd7a7b2000.00007ffd7a7d3000.rw-.sdmp	Binary or memory string: -V/tmp/qemu-open.jN1s0g
Source: hiss.mips.elf, 5487.1.0000562deb794000.0000562deb81b000.rw-.sdmp, hiss.mips.elf, 5489.1.0000562deb794000.0000562deb81b000.rw-.sdmp, hiss.mips.elf, 5490.1.0000562deb794000.0000562deb81b000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: hiss.mips.elf, 5487.1.00007ffd7a7b2000.00007ffd7a7d3000.rw-.sdmp, hiss.mips.elf, 5489.1.00007ffd7a7b2000.00007ffd7a7d3000.rw-.sdmp, hiss.mips.elf, 5490.1.00007ffd7a7b2000.00007ffd7a7d3000.rw-.sdmp	Binary or memory string: {x86_64/usr/bin/qemu-mips/tmp/hiss.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/hiss.mips.elf
Source: hiss.mips.elf, 5489.1.00007ffd7a7b2000.00007ffd7a7d3000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.jN1s0g
Source: hiss.mips.elf, 5487.1.00007ffd7a7b2000.00007ffd7a7d3000.rw-.sdmp, hiss.mips.elf, 5489.1.00007ffd7a7b2000.00007ffd7a7d3000.rw-.sdmp, hiss.mips.elf, 5490.1.00007ffd7a7b2000.00007ffd7a7d3000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: hiss.mips.elf, 5487.1.0000562deb794000.0000562deb81b000.rw-.sdmp, hiss.mips.elf, 5489.1.0000562deb794000.0000562deb81b000.rw-.sdmp, hiss.mips.elf, 5490.1.0000562deb794000.0000562deb81b000.rw-.sdmp	Binary or memory string: -V!/etc/qemu-binfmt/mips

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
hiss.mips.elf	12%	Virustotal		Browse
hiss.mips.elf	11%	ReversingLabs	Linux.Trojan.DDOSAgent

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
horse.ipcamlover.ru	77.232.36.152	true	false	unknown
dog.xlabsecurity.ru	146.112.61.108	true	false	unknown
fish.dvrhelpers.su	91.142.77.79	true	false	unknown
kitty.xlabresearch.ru	unknown	unknown	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken	hiss.mips.elf, 5489.1.00007f5ddd1a0000.00007f5ddd32c000.rw-.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.232.39.139	unknown	Russian Federation	28968	EUT-ASEUTIPNetworkRU	false
185.125.190.26	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.142.77.79	fish.dvrhelpers.su	Russian Federation	48720	VTSL1-ASRU	false
77.232.36.152	horse.ipcamlover.ru	Russian Federation	28968	EUT-ASEUTIPNetworkRU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
77.232.39.139	hiss.arm5.elf	Get hash	malicious	Unknown	Browse
185.125.190.26	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	Space.arm.elf	Get hash	malicious	Mirai	Browse
	Space.mips.elf	Get hash	malicious	Unknown	Browse
	Space.x86_64.elf	Get hash	malicious	Unknown	Browse
	sshd.elf	Get hash	malicious	Unknown	Browse
	.5r3fqt67ew531has4231.sh4.elf	Get hash	malicious	Gafgyt, Mirai, Moobot, Okiru	Browse
	yakuza.m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse
91.142.77.79	hiss.arm7.elf	Get hash	malicious	Unknown	Browse
91.142.77.79	meow.arm7.elf	Get hash	malicious	Unknown	Browse
77.232.36.152	hiss.arm7.elf	Get hash	malicious	Unknown	Browse
77.232.36.152	na.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
horse.ipcamlover.ru	hiss.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.36.152
	hiss.arm5.elf	Get hash	malicious	Unknown	Browse	77.232.42.137
	meow.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.40.219
dog.xlabsecurity.ru	hiss.arm7.elf	Get hash	malicious	Unknown	Browse	146.112.61.108
	hiss.arm5.elf	Get hash	malicious	Unknown	Browse	146.112.61.108
	meow.arm7.elf	Get hash	malicious	Unknown	Browse	91.142.77.79
fish.dvrhelpers.su	hiss.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.42.137
fish.dvrhelpers.su	hiss.arm5.elf	Get hash	malicious	Unknown	Browse	77.232.41.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	na.elf	Get hash	malicious	Prometei	Browse	185.125.190.26
	na.elf	Get hash	malicious	Prometei	Browse	185.125.190.26
	ppc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	185.125.190.26
	na.elf	Get hash	malicious	Prometei	Browse	185.125.190.26
	hoho.armv6l.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	hoho.powerpc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Space.arm.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	Space.mips.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	Space.ppc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
EUT-ASEUTIPNetworkRU	hiss.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.42.137
	hiss.arm5.elf	Get hash	malicious	Unknown	Browse	77.232.42.137
	nabm68k.elf	Get hash	malicious	Unknown	Browse	77.232.49.124
	spc.elf	Get hash	malicious	Mirai	Browse	62.181.57.176
	telnet.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	62.181.57.176
	meow.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.36.208
	hiss.arm5.elf	Get hash	malicious	Unknown	Browse	77.232.39.139
	meow.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.42.137
	na.elf	Get hash	malicious	Unknown	Browse	77.232.36.152
	https://stacksports.captainu.com	Get hash	malicious	Unknown	Browse	77.232.36.155
EUT-ASEUTIPNetworkRU	hiss.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.42.137
	hiss.arm5.elf	Get hash	malicious	Unknown	Browse	77.232.42.137
	nabm68k.elf	Get hash	malicious	Unknown	Browse	77.232.49.124
	spc.elf	Get hash	malicious	Mirai	Browse	62.181.57.176
	telnet.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	62.181.57.176
	meow.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.36.208
	hiss.arm5.elf	Get hash	malicious	Unknown	Browse	77.232.39.139
	meow.arm7.elf	Get hash	malicious	Unknown	Browse	77.232.42.137
	na.elf	Get hash	malicious	Unknown	Browse	77.232.36.152
	https://stacksports.captainu.com	Get hash	malicious	Unknown	Browse	77.232.36.155
VTSL1-ASRU	hiss.arm7.elf	Get hash	malicious	Unknown	Browse	91.142.78.22
	hiss.arm5.elf	Get hash	malicious	Unknown	Browse	91.142.78.22
	meow.arm7.elf	Get hash	malicious	Unknown	Browse	91.142.77.79
	SecuriteInfo.com.Win32.MalwareX-gen.27138.13961.dll	Get hash	malicious	GO Backdoor	Browse	91.142.74.28
	SecuriteInfo.com.Win32.MalwareX-gen.27138.13961.dll	Get hash	malicious	GO Backdoor	Browse	91.142.74.28
	SecuriteInfo.com.Win32.Malware-gen.26009.9463.exe	Get hash	malicious	GO Backdoor	Browse	91.142.74.28
	Notepad3_v6.23.203.2.exe	Get hash	malicious	Amadey, GO Backdoor	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.73.198
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/tmp/qemu-open.jN1s0g (deleted)

Download File

Process:	/tmp/hiss.mips.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	316
Entropy (8bit):	3.4803968983295768
Encrypted:	false
SSDEEP:	6:URFtDFV8eVYHT/VUk/FYDFV8W/xDCY/V5x/VDM/V+4D/VH:I/TaiMQ7NLHMfF
MD5:	D529CDC1146D4D6120F3C5A36F2B9707
SHA1:	68EB4637823A9500C127E27368BFECDAE7031E71
SHA-256:	E1EEA281BF654565C84F5A7A6E66674348F692875D9EBAB3068DF0B93AD9D8F0
SHA-512:	000FEB10578A6F1B083DDFC27B2288EDCBEBCA69F0826A64F3DC8DA043C8E896621E8B774D0D6CED23B72813B532FEBC5BEE0DD74007AAF6FCFDB5B0515629D0
Malicious:	false
Reputation:	low
Preview:	400000-419000 r-xp 00000000 fd:00 531606 /tmp/hiss.mips.elf.459000-45a000 rw-p 00019000 fd:00 531606 /tmp/hiss.mips.elf.45a000-45f000 rw-p 00000000 00:00 0 .45f000-460000 rw-p 00000000 00:00 0 .7f7ff000-7f800000 ---p 00000000 00:00 0 .7f800000-80000000 rw-p 00000000 00:00 0 [stack].

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.370997455425079
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	hiss.mips.elf
File size:	114'244 bytes
MD5:	939c3a8d56cf4f8aec415842d28c6cae
SHA1:	4ac21ce4f37d50a1afbb85c708bbb9cf66b74072
SHA256:	02356742d3564b258677fe18441eb71defc05ec029a53e31a1f2ce6a3d7acedb
SHA512:	1ada3572b8639219cd0074df2445b21a6c414e09cd3c3bd9ed89306235fb74ad27b03899f1df2601c997740e8c00d1000caedc994ac85b8004197821d79d2275
SSDEEP:	3072:hc8oJrbYjZvRHO/JgDu+WRNDO19q/sMBY+Xju:hc8oJrcjZ5HmJgtWR9QwDBY+Xa
TLSH:	D1B3841E2E11DFBDF69D82304BB78A219298729627E1C645F29CD7081F7074F641FBA8
File Content Preview:	.ELF.....................@.....4...L.....4. ...(....p........@...@...........................@...@.....x...x.................E...E.....d..Nh........dt.Q.................................................F.P<...'......!'.......................<...'..`...!...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4002b0
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	113484
Section Header Size:	40
Number of Section Headers:	19
Header String Table Index:	18

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.reginfo	MIPS_REGINFO	0x4000b4	0xb4	0x18	0x18	0x2	A	4
.init	PROGBITS	0x4000cc	0xcc	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400160	0x160	0x16f90	0x0	0x6	AX	16
.fini	PROGBITS	0x4170f0	0x170f0	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x417150	0x17150	0x1c28	0x0	0x2	A	16
.eh_frame	PROGBITS	0x459000	0x19000	0x4	0x0	0x3	WA	4
.ctors	PROGBITS	0x459004	0x19004	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x45900c	0x1900c	0x8	0x0	0x3	WA	4
.jcr	PROGBITS	0x459014	0x19014	0x4	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x459018	0x19018	0x30	0x0	0x3	WA	4
.data	PROGBITS	0x459050	0x19050	0x310	0x0	0x3	WA	16
.got	PROGBITS	0x459360	0x19360	0x500	0x4	0x10000003	WAp	16
.sdata	PROGBITS	0x459860	0x19860	0x4	0x0	0x10000003	WAp	4
.sbss	NOBITS	0x459864	0x19864	0x8	0x0	0x10000003	WAp	4
.bss	NOBITS	0x459870	0x19864	0x45f8	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0xbe2	0x19864	0x0	0x0	0x0		1
.pdr	PROGBITS	0x0	0x19864	0x2260	0x0	0x0		4
.shstrtab	STRTAB	0x0	0x1bac4	0x88	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
<unknown>	0xb4	0x4000b4	0x4000b4	0x18	0x18	0.9834	0x4	R	0x4	.reginfo
LOAD	0x0	0x400000	0x400000	0x18d78	0x18d78	5.5495	0x5	R E	0x10000	.reginfo .init .text .fini .rodata
LOAD	0x19000	0x459000	0x459000	0x864	0x4e68	4.6318	0x6	RW	0x10000	.eh_frame .ctors .dtors .jcr .data.rel.ro .data .got .sdata .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 72
• 8080 undefined
• 3702 undefined
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2025 14:30:14.100678921 CET	46540	443	192.168.2.14	185.125.190.26
Mar 20, 2025 14:30:22.736128092 CET	42014	8080	192.168.2.14	77.232.36.152
Mar 20, 2025 14:30:23.091963053 CET	8080	42014	77.232.36.152	192.168.2.14
Mar 20, 2025 14:30:23.092066050 CET	42014	8080	192.168.2.14	77.232.36.152
Mar 20, 2025 14:30:25.094533920 CET	42014	8080	192.168.2.14	77.232.36.152
Mar 20, 2025 14:30:25.449067116 CET	8080	42014	77.232.36.152	192.168.2.14
Mar 20, 2025 14:30:25.449376106 CET	42014	8080	192.168.2.14	77.232.36.152
Mar 20, 2025 14:30:25.806164980 CET	8080	42014	77.232.36.152	192.168.2.14
Mar 20, 2025 14:30:25.806184053 CET	8080	42014	77.232.36.152	192.168.2.14
Mar 20, 2025 14:30:25.808531046 CET	42014	8080	192.168.2.14	77.232.36.152
Mar 20, 2025 14:30:35.812910080 CET	42014	8080	192.168.2.14	77.232.36.152
Mar 20, 2025 14:30:36.168410063 CET	8080	42014	77.232.36.152	192.168.2.14
Mar 20, 2025 14:30:45.588237047 CET	46540	443	192.168.2.14	185.125.190.26
Mar 20, 2025 14:31:07.259421110 CET	50416	3702	192.168.2.14	91.142.77.79
Mar 20, 2025 14:31:07.622848034 CET	3702	50416	91.142.77.79	192.168.2.14
Mar 20, 2025 14:31:07.622993946 CET	50416	3702	192.168.2.14	91.142.77.79
Mar 20, 2025 14:31:09.624301910 CET	50416	3702	192.168.2.14	91.142.77.79
Mar 20, 2025 14:31:09.985126972 CET	3702	50416	91.142.77.79	192.168.2.14
Mar 20, 2025 14:31:09.985341072 CET	50416	3702	192.168.2.14	91.142.77.79
Mar 20, 2025 14:31:10.348550081 CET	3702	50416	91.142.77.79	192.168.2.14
Mar 20, 2025 14:31:10.348572016 CET	3702	50416	91.142.77.79	192.168.2.14
Mar 20, 2025 14:31:10.351712942 CET	50416	3702	192.168.2.14	91.142.77.79
Mar 20, 2025 14:31:20.360508919 CET	50416	3702	192.168.2.14	91.142.77.79
Mar 20, 2025 14:31:20.728137016 CET	3702	50416	91.142.77.79	192.168.2.14
Mar 20, 2025 14:31:39.043605089 CET	49990	3702	192.168.2.14	77.232.39.139
Mar 20, 2025 14:31:39.402364016 CET	3702	49990	77.232.39.139	192.168.2.14
Mar 20, 2025 14:31:39.402838945 CET	49990	3702	192.168.2.14	77.232.39.139
Mar 20, 2025 14:31:41.404325008 CET	49990	3702	192.168.2.14	77.232.39.139
Mar 20, 2025 14:31:41.763051033 CET	3702	49990	77.232.39.139	192.168.2.14
Mar 20, 2025 14:31:41.763338089 CET	49990	3702	192.168.2.14	77.232.39.139
Mar 20, 2025 14:31:42.124582052 CET	3702	49990	77.232.39.139	192.168.2.14
Mar 20, 2025 14:31:42.124639988 CET	3702	49990	77.232.39.139	192.168.2.14
Mar 20, 2025 14:31:42.127219915 CET	49990	3702	192.168.2.14	77.232.39.139
Mar 20, 2025 14:31:52.139555931 CET	49990	3702	192.168.2.14	77.232.39.139
Mar 20, 2025 14:31:52.499387026 CET	3702	49990	77.232.39.139	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2025 14:30:05.991980076 CET	39990	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:30:06.294140100 CET	53	39990	8.8.8.8	192.168.2.14
Mar 20, 2025 14:30:06.295289993 CET	38586	53	192.168.2.14	1.1.1.1
Mar 20, 2025 14:30:06.394404888 CET	53	38586	1.1.1.1	192.168.2.14
Mar 20, 2025 14:30:06.395714998 CET	48426	53	192.168.2.14	208.67.222.222
Mar 20, 2025 14:30:06.485230923 CET	53	48426	208.67.222.222	192.168.2.14
Mar 20, 2025 14:30:06.486653090 CET	45145	53	192.168.2.14	208.67.220.220
Mar 20, 2025 14:30:06.576608896 CET	53	45145	208.67.220.220	192.168.2.14
Mar 20, 2025 14:30:06.578054905 CET	44116	53	192.168.2.14	9.9.9.9
Mar 20, 2025 14:30:06.782290936 CET	53	44116	9.9.9.9	192.168.2.14
Mar 20, 2025 14:30:06.783813000 CET	34497	53	192.168.2.14	4.2.2.1
Mar 20, 2025 14:30:06.882684946 CET	53	34497	4.2.2.1	192.168.2.14
Mar 20, 2025 14:30:06.885407925 CET	43699	53	192.168.2.14	180.76.76.76
Mar 20, 2025 14:30:07.209490061 CET	53	43699	180.76.76.76	192.168.2.14
Mar 20, 2025 14:30:07.212341070 CET	51900	53	192.168.2.14	185.85.15.34
Mar 20, 2025 14:30:14.218774080 CET	41064	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:30:14.545636892 CET	53	41064	8.8.8.8	192.168.2.14
Mar 20, 2025 14:30:14.546933889 CET	52700	53	192.168.2.14	1.1.1.1
Mar 20, 2025 14:30:14.767036915 CET	53	52700	1.1.1.1	192.168.2.14
Mar 20, 2025 14:30:14.769542933 CET	40948	53	192.168.2.14	208.67.222.222
Mar 20, 2025 14:30:14.860826969 CET	53	40948	208.67.222.222	192.168.2.14
Mar 20, 2025 14:30:14.863845110 CET	57420	53	192.168.2.14	208.67.220.220
Mar 20, 2025 14:30:15.113246918 CET	53	57420	208.67.220.220	192.168.2.14
Mar 20, 2025 14:30:15.116410017 CET	40513	53	192.168.2.14	9.9.9.9
Mar 20, 2025 14:30:15.206378937 CET	53	40513	9.9.9.9	192.168.2.14
Mar 20, 2025 14:30:15.211456060 CET	46350	53	192.168.2.14	4.2.2.1
Mar 20, 2025 14:30:15.312968969 CET	53	46350	4.2.2.1	192.168.2.14
Mar 20, 2025 14:30:15.314614058 CET	35092	53	192.168.2.14	180.76.76.76
Mar 20, 2025 14:30:15.627402067 CET	53	35092	180.76.76.76	192.168.2.14
Mar 20, 2025 14:30:15.629503965 CET	42488	53	192.168.2.14	185.85.15.34
Mar 20, 2025 14:30:22.634172916 CET	45560	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:30:22.734057903 CET	53	45560	8.8.8.8	192.168.2.14
Mar 20, 2025 14:30:45.826188087 CET	58602	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:30:50.832423925 CET	41647	53	192.168.2.14	1.1.1.1
Mar 20, 2025 14:30:51.052565098 CET	53	41647	1.1.1.1	192.168.2.14
Mar 20, 2025 14:30:51.055131912 CET	33395	53	192.168.2.14	208.67.222.222
Mar 20, 2025 14:30:51.145772934 CET	53	33395	208.67.222.222	192.168.2.14
Mar 20, 2025 14:30:51.147444010 CET	34932	53	192.168.2.14	208.67.220.220
Mar 20, 2025 14:30:51.246968985 CET	53	34932	208.67.220.220	192.168.2.14
Mar 20, 2025 14:30:51.248191118 CET	59720	53	192.168.2.14	9.9.9.9
Mar 20, 2025 14:30:51.341468096 CET	53	59720	9.9.9.9	192.168.2.14
Mar 20, 2025 14:30:51.343605995 CET	47888	53	192.168.2.14	4.2.2.1
Mar 20, 2025 14:30:51.442070961 CET	53	47888	4.2.2.1	192.168.2.14
Mar 20, 2025 14:30:51.443763971 CET	37375	53	192.168.2.14	180.76.76.76
Mar 20, 2025 14:30:51.755029917 CET	53	37375	180.76.76.76	192.168.2.14
Mar 20, 2025 14:30:51.757016897 CET	37304	53	192.168.2.14	185.85.15.34
Mar 20, 2025 14:30:58.765857935 CET	51129	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:30:59.221244097 CET	53	51129	8.8.8.8	192.168.2.14
Mar 20, 2025 14:30:59.222873926 CET	38666	53	192.168.2.14	1.1.1.1
Mar 20, 2025 14:30:59.450062037 CET	53	38666	1.1.1.1	192.168.2.14
Mar 20, 2025 14:30:59.451637030 CET	33017	53	192.168.2.14	208.67.222.222
Mar 20, 2025 14:30:59.544755936 CET	53	33017	208.67.222.222	192.168.2.14
Mar 20, 2025 14:30:59.545944929 CET	51891	53	192.168.2.14	208.67.220.220
Mar 20, 2025 14:30:59.640028000 CET	53	51891	208.67.220.220	192.168.2.14
Mar 20, 2025 14:30:59.641694069 CET	56833	53	192.168.2.14	9.9.9.9
Mar 20, 2025 14:30:59.734848022 CET	53	56833	9.9.9.9	192.168.2.14
Mar 20, 2025 14:30:59.735898972 CET	42400	53	192.168.2.14	4.2.2.1
Mar 20, 2025 14:30:59.833987951 CET	53	42400	4.2.2.1	192.168.2.14
Mar 20, 2025 14:30:59.835158110 CET	55687	53	192.168.2.14	180.76.76.76
Mar 20, 2025 14:31:00.141978979 CET	53	55687	180.76.76.76	192.168.2.14
Mar 20, 2025 14:31:00.143347025 CET	40603	53	192.168.2.14	185.85.15.34
Mar 20, 2025 14:31:07.150867939 CET	40561	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:31:07.258775949 CET	53	40561	8.8.8.8	192.168.2.14
Mar 20, 2025 14:31:30.374223948 CET	55224	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:31:30.926284075 CET	53	55224	8.8.8.8	192.168.2.14
Mar 20, 2025 14:31:30.929408073 CET	53428	53	192.168.2.14	1.1.1.1
Mar 20, 2025 14:31:31.030071974 CET	53	53428	1.1.1.1	192.168.2.14
Mar 20, 2025 14:31:31.032212019 CET	42958	53	192.168.2.14	208.67.222.222
Mar 20, 2025 14:31:31.125411034 CET	53	42958	208.67.222.222	192.168.2.14
Mar 20, 2025 14:31:31.126662970 CET	44325	53	192.168.2.14	208.67.220.220
Mar 20, 2025 14:31:31.379075050 CET	53	44325	208.67.220.220	192.168.2.14
Mar 20, 2025 14:31:31.380935907 CET	44765	53	192.168.2.14	9.9.9.9
Mar 20, 2025 14:31:31.480669975 CET	53	44765	9.9.9.9	192.168.2.14
Mar 20, 2025 14:31:31.483064890 CET	33136	53	192.168.2.14	4.2.2.1
Mar 20, 2025 14:31:31.590440989 CET	53	33136	4.2.2.1	192.168.2.14
Mar 20, 2025 14:31:31.592737913 CET	36998	53	192.168.2.14	180.76.76.76
Mar 20, 2025 14:31:31.918414116 CET	53	36998	180.76.76.76	192.168.2.14
Mar 20, 2025 14:31:31.920718908 CET	43393	53	192.168.2.14	185.85.15.34
Mar 20, 2025 14:31:38.929517984 CET	40976	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:31:39.042507887 CET	53	40976	8.8.8.8	192.168.2.14
Mar 20, 2025 14:32:02.152843952 CET	46583	53	192.168.2.14	8.8.8.8
Mar 20, 2025 14:32:02.448436022 CET	53	46583	8.8.8.8	192.168.2.14
Mar 20, 2025 14:32:02.450203896 CET	56485	53	192.168.2.14	1.1.1.1
Mar 20, 2025 14:32:02.551348925 CET	53	56485	1.1.1.1	192.168.2.14
Mar 20, 2025 14:32:02.552769899 CET	40819	53	192.168.2.14	208.67.222.222
Mar 20, 2025 14:32:02.642083883 CET	53	40819	208.67.222.222	192.168.2.14
Mar 20, 2025 14:32:02.643956900 CET	51468	53	192.168.2.14	208.67.220.220
Mar 20, 2025 14:32:02.733520985 CET	53	51468	208.67.220.220	192.168.2.14
Mar 20, 2025 14:32:02.735186100 CET	41827	53	192.168.2.14	9.9.9.9
Mar 20, 2025 14:32:03.021111965 CET	53	41827	9.9.9.9	192.168.2.14
Mar 20, 2025 14:32:03.022718906 CET	51865	53	192.168.2.14	4.2.2.1
Mar 20, 2025 14:32:03.117844105 CET	53	51865	4.2.2.1	192.168.2.14
Mar 20, 2025 14:32:03.119354963 CET	59941	53	192.168.2.14	180.76.76.76
Mar 20, 2025 14:32:03.426381111 CET	53	59941	180.76.76.76	192.168.2.14
Mar 20, 2025 14:32:03.427808046 CET	39063	53	192.168.2.14	185.85.15.34
Mar 20, 2025 14:32:10.434952021 CET	60095	53	192.168.2.14	8.8.8.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 20, 2025 14:30:05.991980076 CET	192.168.2.14	8.8.8.8	0x1b79	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.295289993 CET	192.168.2.14	1.1.1.1	0x1b79	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.395714998 CET	192.168.2.14	208.67.222.222	0x1b79	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.486653090 CET	192.168.2.14	208.67.220.220	0x1b79	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.578054905 CET	192.168.2.14	9.9.9.9	0x1b79	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.783813000 CET	192.168.2.14	4.2.2.1	0x1b79	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.885407925 CET	192.168.2.14	180.76.76.76	0x1b79	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:07.212341070 CET	192.168.2.14	185.85.15.34	0x1b79	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:14.218774080 CET	192.168.2.14	8.8.8.8	0xd658	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:14.546933889 CET	192.168.2.14	1.1.1.1	0xd658	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:14.769542933 CET	192.168.2.14	208.67.222.222	0xd658	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:14.863845110 CET	192.168.2.14	208.67.220.220	0xd658	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:15.116410017 CET	192.168.2.14	9.9.9.9	0xd658	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:15.211456060 CET	192.168.2.14	4.2.2.1	0xd658	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:15.314614058 CET	192.168.2.14	180.76.76.76	0xd658	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:15.629503965 CET	192.168.2.14	185.85.15.34	0xd658	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.634172916 CET	192.168.2.14	8.8.8.8	0xcd71	Standard query (0)	horse.ipcamlover.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:45.826188087 CET	192.168.2.14	8.8.8.8	0x19f0	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:50.832423925 CET	192.168.2.14	1.1.1.1	0x8770	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.055131912 CET	192.168.2.14	208.67.222.222	0x8770	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.147444010 CET	192.168.2.14	208.67.220.220	0x8770	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.248191118 CET	192.168.2.14	9.9.9.9	0x8770	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.343605995 CET	192.168.2.14	4.2.2.1	0x8770	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.443763971 CET	192.168.2.14	180.76.76.76	0x8770	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.757016897 CET	192.168.2.14	185.85.15.34	0x8770	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:58.765857935 CET	192.168.2.14	8.8.8.8	0x4b2c	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.222873926 CET	192.168.2.14	1.1.1.1	0x4b2c	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.451637030 CET	192.168.2.14	208.67.222.222	0x4b2c	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.545944929 CET	192.168.2.14	208.67.220.220	0x4b2c	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.641694069 CET	192.168.2.14	9.9.9.9	0x4b2c	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.735898972 CET	192.168.2.14	4.2.2.1	0x4b2c	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.835158110 CET	192.168.2.14	180.76.76.76	0x4b2c	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:00.143347025 CET	192.168.2.14	185.85.15.34	0x4b2c	Standard query (0)	dog.xlabsecurity.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.150867939 CET	192.168.2.14	8.8.8.8	0x5cae	Standard query (0)	fish.dvrhelpers.su	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:30.374223948 CET	192.168.2.14	8.8.8.8	0xfb4	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:30.929408073 CET	192.168.2.14	1.1.1.1	0xfb4	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.032212019 CET	192.168.2.14	208.67.222.222	0xfb4	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.126662970 CET	192.168.2.14	208.67.220.220	0xfb4	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.380935907 CET	192.168.2.14	9.9.9.9	0xfb4	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.483064890 CET	192.168.2.14	4.2.2.1	0xfb4	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.592737913 CET	192.168.2.14	180.76.76.76	0xfb4	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.920718908 CET	192.168.2.14	185.85.15.34	0xfb4	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:38.929517984 CET	192.168.2.14	8.8.8.8	0xf86f	Standard query (0)	fish.dvrhelpers.su	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.152843952 CET	192.168.2.14	8.8.8.8	0xf3b5	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.450203896 CET	192.168.2.14	1.1.1.1	0xf3b5	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.552769899 CET	192.168.2.14	208.67.222.222	0xf3b5	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.643956900 CET	192.168.2.14	208.67.220.220	0xf3b5	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.735186100 CET	192.168.2.14	9.9.9.9	0xf3b5	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:03.022718906 CET	192.168.2.14	4.2.2.1	0xf3b5	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:03.119354963 CET	192.168.2.14	180.76.76.76	0xf3b5	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:03.427808046 CET	192.168.2.14	185.85.15.34	0xf3b5	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:10.434952021 CET	192.168.2.14	8.8.8.8	0x7421	Standard query (0)	kitty.xlabresearch.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 20, 2025 14:30:06.294140100 CET	8.8.8.8	192.168.2.14	0x1b79	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.394404888 CET	1.1.1.1	192.168.2.14	0x1b79	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.485230923 CET	208.67.222.222	192.168.2.14	0x1b79	No error (0)	dog.xlabsecurity.ru		146.112.61.108	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.576608896 CET	208.67.220.220	192.168.2.14	0x1b79	No error (0)	dog.xlabsecurity.ru		146.112.61.108	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.782290936 CET	9.9.9.9	192.168.2.14	0x1b79	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:06.882684946 CET	4.2.2.1	192.168.2.14	0x1b79	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:07.209490061 CET	180.76.76.76	192.168.2.14	0x1b79	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:14.545636892 CET	8.8.8.8	192.168.2.14	0xd658	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:14.767036915 CET	1.1.1.1	192.168.2.14	0xd658	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:14.860826969 CET	208.67.222.222	192.168.2.14	0xd658	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:15.113246918 CET	208.67.220.220	192.168.2.14	0xd658	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:15.206378937 CET	9.9.9.9	192.168.2.14	0xd658	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:15.312968969 CET	4.2.2.1	192.168.2.14	0xd658	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:15.627402067 CET	180.76.76.76	192.168.2.14	0xd658	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		77.232.36.152	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		91.142.78.22	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		77.232.36.191	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		77.232.39.221	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		91.142.77.79	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		77.232.41.24	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		185.173.37.56	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		77.232.39.139	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		77.232.42.137	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:22.734057903 CET	8.8.8.8	192.168.2.14	0xcd71	No error (0)	horse.ipcamlover.ru		91.142.77.13	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.052565098 CET	1.1.1.1	192.168.2.14	0x8770	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.145772934 CET	208.67.222.222	192.168.2.14	0x8770	No error (0)	dog.xlabsecurity.ru		146.112.61.108	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.246968985 CET	208.67.220.220	192.168.2.14	0x8770	No error (0)	dog.xlabsecurity.ru		146.112.61.108	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.341468096 CET	9.9.9.9	192.168.2.14	0x8770	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.442070961 CET	4.2.2.1	192.168.2.14	0x8770	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:51.755029917 CET	180.76.76.76	192.168.2.14	0x8770	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.221244097 CET	8.8.8.8	192.168.2.14	0x4b2c	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.450062037 CET	1.1.1.1	192.168.2.14	0x4b2c	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.544755936 CET	208.67.222.222	192.168.2.14	0x4b2c	No error (0)	dog.xlabsecurity.ru		146.112.61.108	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.640028000 CET	208.67.220.220	192.168.2.14	0x4b2c	No error (0)	dog.xlabsecurity.ru		146.112.61.108	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.734848022 CET	9.9.9.9	192.168.2.14	0x4b2c	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:30:59.833987951 CET	4.2.2.1	192.168.2.14	0x4b2c	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:00.141978979 CET	180.76.76.76	192.168.2.14	0x4b2c	Name error (3)	dog.xlabsecurity.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		91.142.77.79	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		77.232.39.139	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		185.173.37.56	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		77.232.39.221	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		77.232.41.24	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		91.142.78.22	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		77.232.36.191	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		91.142.77.13	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		77.232.42.137	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:07.258775949 CET	8.8.8.8	192.168.2.14	0x5cae	No error (0)	fish.dvrhelpers.su		77.232.36.152	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:30.926284075 CET	8.8.8.8	192.168.2.14	0xfb4	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.030071974 CET	1.1.1.1	192.168.2.14	0xfb4	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.125411034 CET	208.67.222.222	192.168.2.14	0xfb4	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.379075050 CET	208.67.220.220	192.168.2.14	0xfb4	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.480669975 CET	9.9.9.9	192.168.2.14	0xfb4	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.590440989 CET	4.2.2.1	192.168.2.14	0xfb4	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:31.918414116 CET	180.76.76.76	192.168.2.14	0xfb4	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		77.232.39.139	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		77.232.41.24	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		185.173.37.56	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		77.232.42.137	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		91.142.78.22	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		77.232.36.191	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		77.232.36.152	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		91.142.77.13	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		77.232.39.221	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:31:39.042507887 CET	8.8.8.8	192.168.2.14	0xf86f	No error (0)	fish.dvrhelpers.su		91.142.77.79	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.448436022 CET	8.8.8.8	192.168.2.14	0xf3b5	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.551348925 CET	1.1.1.1	192.168.2.14	0xf3b5	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.642083883 CET	208.67.222.222	192.168.2.14	0xf3b5	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:02.733520985 CET	208.67.220.220	192.168.2.14	0xf3b5	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:03.021111965 CET	9.9.9.9	192.168.2.14	0xf3b5	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:03.117844105 CET	4.2.2.1	192.168.2.14	0xf3b5	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 20, 2025 14:32:03.426381111 CET	180.76.76.76	192.168.2.14	0xf3b5	Name error (3)	kitty.xlabresearch.ru	none	none	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: hiss.mips.elf PID: 5487, Parent PID: 5412

General

Start time (UTC):	13:30:04
Start date (UTC):	20/03/2025
Path:	/tmp/hiss.mips.elf
Arguments:	/tmp/hiss.mips.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

File Activities

File Opened

File Read

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Chronological Activities

Analysis Process: hiss.mips.elf PID: 5489, Parent PID: 5487

General

Start time (UTC):	13:30:04
Start date (UTC):	20/03/2025
Path:	/tmp/hiss.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Process Activities

Prctl Requested

Thread Sleep

Chronological Activities

Analysis Process: hiss.mips.elf PID: 5490, Parent PID: 5487

General

Start time (UTC):	13:30:04
Start date (UTC):	20/03/2025
Path:	/tmp/hiss.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Prctl Requested

Thread Sleep

Chronological Activities

Analysis Process: hiss.mips.elf PID: 5492, Parent PID: 5487

General

Start time (UTC):	13:30:04
Start date (UTC):	20/03/2025
Path:	/tmp/hiss.mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report hiss.mips.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/qemu-open.jN1s0g (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: hiss.mips.elf PID: 5487, Parent PID: 5412

General

File Activities

File Opened

File Read

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Chronological Activities

Analysis Process: hiss.mips.elf PID: 5489, Parent PID: 5487

General

File Activities

File Opened

Linux Analysis Report
hiss.mips.elf