Edit tour

Linux Analysis Report
bash.elf

Overview

General Information

Sample name:	bash.elf
Analysis ID:	1645511
MD5:	9ca1dfb0f1ca103a1a1c29b723122a45
SHA1:	884048157bb83d5b92c2db7e50b7e58a7164fa73
SHA256:	55bcda268f02a70867fb60848a78b4525d0cb20d862fc1e646a34819a66cf581
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt

Score:	84
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Gafgyt

Opens /proc/net/* files useful for finding connected devices and routers

Detected TCP or UDP traffic on non-standard ports

Sample and/or dropped files contains symbols with suspicious names

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1645511
Start date and time:	2025-03-21 21:06:18 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	bash.elf
Detection:	MAL
Classification:	mal84.spre.troj.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/bash.elf
PID:	6217
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	MAC: 00:50:56:98:91:2C
Standard Error:

Process Tree

system is lnxubuntu20

bash.elf (PID: 6217, Parent: 6138, MD5: 9ca1dfb0f1ca103a1a1c29b723122a45) Arguments: /tmp/bash.elf

bash.elf New Fork (PID: 6218, Parent: 6217)

bash.elf New Fork (PID: 6219, Parent: 6218)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
bash.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
bash.elf	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0x61c:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
bash.elf	Linux_Trojan_Gafgyt_a10161ce	unknown	unknown	0x4ec7:$a: 45 B0 8B 45 BC 48 63 D0 48 89 D0 48 C1 E0 02 48 8D 14 10 48 8B
bash.elf	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x7b08:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
bash.elf	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x543:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
bash.elf	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x82f7:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
bash.elf	Linux_Trojan_Gafgyt_e0673a90	unknown	unknown	0x12a9:$a: 45 E8 0F B6 00 84 C0 74 17 48 8B 75 E8 48 FF C6 48 8B 7D F0 48
bash.elf	Linux_Trojan_Gafgyt_821173df	unknown	unknown	0x147e:$a: D0 48 FF C8 48 03 45 F8 48 FF C8 C6 00 00 48 8B 45 F8 48 C7 C1 FF FF
bash.elf	Linux_Trojan_Gafgyt_a0a4de11	unknown	unknown	0x4600:$a: 42 0D 83 C8 10 88 42 0D 48 8B 55 D8 0F B6 42 0D 83 C8 08 88
bash.elf	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x6bce:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x6d80:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
bash.elf	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0x1726:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x17ee:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1a34:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
bash.elf	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x9d7e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
bash.elf	Linux_Trojan_Gafgyt_656bf077	unknown	unknown	0x126b:$a: 74 28 48 8B 45 E8 0F B6 00 84 C0 74 14 48 8B 75 E8 48 FF C6 48 8B
bash.elf	Linux_Trojan_Gafgyt_148b91a2	unknown	unknown	0x1cd6:$a: C6 45 DB FC EB 04 C6 45 DB FE 0F B6 45 DB 88 45 FF 48 8D 75 FF 8B
bash.elf	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x7eb7:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
bash.elf	Linux_Trojan_Gafgyt_dd0d6173	unknown	unknown	0x26b1:$a: 55 F8 8B 45 F0 89 42 0C 48 8B 55 F8 8B 45 F4 89 42 10 C9 C3 55 48
bash.elf	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x46b:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
bash.elf	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x113e:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
bash.elf	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x8182:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
bash.elf	Linux_Trojan_Gafgyt_32eb0c81	unknown	unknown	0x4b8:$a: D4 48 FF 45 F0 48 8B 45 F0 0F B6 00 84 C0 75 DB EB 12 48 8B
bash.elf	Linux_Trojan_Gafgyt_fb14e81f	unknown	unknown	0xb1d4:$a: 4E 45 52 00 53 43 41 4E 4E 45 52 20 4F 4E 20 7C 20 4F 46 46 00
Click to see the 16 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0x61c:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_a10161ce	unknown	unknown	0x4ec7:$a: 45 B0 8B 45 BC 48 63 D0 48 89 D0 48 C1 E0 02 48 8D 14 10 48 8B
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x7b08:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x543:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x82f7:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_e0673a90	unknown	unknown	0x12a9:$a: 45 E8 0F B6 00 84 C0 74 17 48 8B 75 E8 48 FF C6 48 8B 7D F0 48
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_821173df	unknown	unknown	0x147e:$a: D0 48 FF C8 48 03 45 F8 48 FF C8 C6 00 00 48 8B 45 F8 48 C7 C1 FF FF
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_a0a4de11	unknown	unknown	0x4600:$a: 42 0D 83 C8 10 88 42 0D 48 8B 55 D8 0F B6 42 0D 83 C8 08 88
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x6bce:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x6d80:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0x1726:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x17ee:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1a34:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x9d7e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_656bf077	unknown	unknown	0x126b:$a: 74 28 48 8B 45 E8 0F B6 00 84 C0 74 14 48 8B 75 E8 48 FF C6 48 8B
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_148b91a2	unknown	unknown	0x1cd6:$a: C6 45 DB FC EB 04 C6 45 DB FE 0F B6 45 DB 88 45 FF 48 8D 75 FF 8B
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x7eb7:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_dd0d6173	unknown	unknown	0x26b1:$a: 55 F8 8B 45 F0 89 42 0C 48 8B 55 F8 8B 45 F4 89 42 10 C9 C3 55 48
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x46b:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x113e:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x8182:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_32eb0c81	unknown	unknown	0x4b8:$a: D4 48 FF 45 F0 48 8B 45 F0 0F B6 00 84 C0 75 DB EB 12 48 8B
6217.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_fb14e81f	unknown	unknown	0xb1d4:$a: 4E 45 52 00 53 43 41 4E 4E 45 52 20 4F 4E 20 7C 20 4F 46 46 00
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_a6a2adb9	unknown	unknown	0x61c:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_a10161ce	unknown	unknown	0x4ec7:$a: 45 B0 8B 45 BC 48 63 D0 48 89 D0 48 C1 E0 02 48 8D 14 10 48 8B
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0x7b08:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_f3d83a74	unknown	unknown	0x543:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0x82f7:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_e0673a90	unknown	unknown	0x12a9:$a: 45 E8 0F B6 00 84 C0 74 17 48 8B 75 E8 48 FF C6 48 8B 7D F0 48
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_821173df	unknown	unknown	0x147e:$a: D0 48 FF C8 48 03 45 F8 48 FF C8 C6 00 00 48 8B 45 F8 48 C7 C1 FF FF
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_a0a4de11	unknown	unknown	0x4600:$a: 42 0D 83 C8 10 88 42 0D 48 8B 55 D8 0F B6 42 0D 83 C8 08 88
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x6bce:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x6d80:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_09c3070e	unknown	unknown	0x1726:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x17ee:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83 0x1a34:$a: 48 C1 E8 06 48 89 C6 48 8B 94 C5 50 FF FF FF 8B 8D 2C FF FF FF 83
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x9d7e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_656bf077	unknown	unknown	0x126b:$a: 74 28 48 8B 45 E8 0F B6 00 84 C0 74 14 48 8B 75 E8 48 FF C6 48 8B
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_148b91a2	unknown	unknown	0x1cd6:$a: C6 45 DB FC EB 04 C6 45 DB FE 0F B6 45 DB 88 45 FF 48 8D 75 FF 8B
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0x7eb7:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_dd0d6173	unknown	unknown	0x26b1:$a: 55 F8 8B 45 F0 89 42 0C 48 8B 55 F8 8B 45 F4 89 42 10 C9 C3 55 48
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_779e142f	unknown	unknown	0x46b:$a: EC 8B 45 E8 83 E0 02 85 C0 74 07 C7 45 D8 30 00 00 00 8B 45 E8 83
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_cf84c9f2	unknown	unknown	0x113e:$a: 55 48 89 E5 48 83 EC 30 48 89 7D E8 89 75 E4 89 55 E0 C7 45 F8 01 00
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0x8182:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_32eb0c81	unknown	unknown	0x4b8:$a: D4 48 FF 45 F0 48 8B 45 F0 0F B6 00 84 C0 75 DB EB 12 48 8B
6218.1.0000000000400000.000000000040c000.r-x.sdmp	Linux_Trojan_Gafgyt_fb14e81f	unknown	unknown	0xb1d4:$a: 4E 45 52 00 53 43 41 4E 4E 45 52 20 4F 4E 20 7C 20 4F 46 46 00
Click to see the 35 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Spreading
• Networking
• System Summary
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: bash.elf

Avira: detected

Found malware configuration

Source: bash.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "93.115.172.234:6667"}

Multi AV Scanner detection for submitted file

Source: bash.elf	Virustotal: Detection: 59%			Perma Link
Source: bash.elf	ReversingLabs: Detection: 58%

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/bash.elf (PID: 6217)

Opens: /proc/net/route

Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.23:57290 -> 93.115.172.234:6667

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234
Source: unknown	TCP traffic detected without corresponding DNS query: 93.115.172.234

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_e0673a90 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_821173df Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_656bf077 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 Author: unknown
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_821173df Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 Author: unknown
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_821173df Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 Author: unknown
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown

Source: bash.elf	ELF static info symbol of initial sample: passwords
Source: bash.elf	ELF static info symbol of initial sample: usernames

Source: Initial sample

String containing 'busybox' found: /bin/busybox;echo -e '\147\141\171\146\147\164'

Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_e0673a90 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6834f65d54bbfb926f986fe2dd72cd30bf9804ed65fcc71c2c848e72350f386a, id = e0673a90-165e-4347-a965-e8d14fdf684b, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_821173df reference_sample = de7d1aff222c7d474e1a42b2368885ef16317e8da1ca3a63009bf06376026163, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c311789e1370227f7be1d87da0c370a905b7f5b4c55cdee0f0474060cc0fc5e4, id = 821173df-6835-41e1-a662-a432abf23431, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_656bf077 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ea8ed60190198d5887bb7093975d648a9fd78234827d648a8258008c965b1c1, id = 656bf077-ca0c-4d28-9daa-eb6baafaf467, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 7c50ed29e2dd75a6a85afc43f8452794cb787ecd2061f4bf415d7038c14c523f, id = 32eb0c81-25af-4670-ab77-07ea7ce1874a, last_modified = 2021-09-16
Source: bash.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6834f65d54bbfb926f986fe2dd72cd30bf9804ed65fcc71c2c848e72350f386a, id = e0673a90-165e-4347-a965-e8d14fdf684b, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_821173df reference_sample = de7d1aff222c7d474e1a42b2368885ef16317e8da1ca3a63009bf06376026163, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c311789e1370227f7be1d87da0c370a905b7f5b4c55cdee0f0474060cc0fc5e4, id = 821173df-6835-41e1-a662-a432abf23431, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ea8ed60190198d5887bb7093975d648a9fd78234827d648a8258008c965b1c1, id = 656bf077-ca0c-4d28-9daa-eb6baafaf467, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 7c50ed29e2dd75a6a85afc43f8452794cb787ecd2061f4bf415d7038c14c523f, id = 32eb0c81-25af-4670-ab77-07ea7ce1874a, last_modified = 2021-09-16
Source: 6217.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a10161ce os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 77e89011a67a539954358118d41ad3dabde0e69bac2bbb2b2da18eaad427d935, id = a10161ce-62e0-4f60-9de7-bd8caf8618be, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_e0673a90 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6834f65d54bbfb926f986fe2dd72cd30bf9804ed65fcc71c2c848e72350f386a, id = e0673a90-165e-4347-a965-e8d14fdf684b, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_821173df reference_sample = de7d1aff222c7d474e1a42b2368885ef16317e8da1ca3a63009bf06376026163, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c311789e1370227f7be1d87da0c370a905b7f5b4c55cdee0f0474060cc0fc5e4, id = 821173df-6835-41e1-a662-a432abf23431, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_656bf077 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ea8ed60190198d5887bb7093975d648a9fd78234827d648a8258008c965b1c1, id = 656bf077-ca0c-4d28-9daa-eb6baafaf467, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_148b91a2 reference_sample = d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 0f75090ed840f4601df4e43a2f49f2b32585213f3d86d19fb255d79c21086ba3, id = 148b91a2-ed51-4c2d-9d15-6a48d9ea3e0a, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_32eb0c81 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 7c50ed29e2dd75a6a85afc43f8452794cb787ecd2061f4bf415d7038c14c523f, id = 32eb0c81-25af-4670-ab77-07ea7ce1874a, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.000000000040c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26

Source: classification engine

Classification label: mal84.spre.troj.linELF@0/0@0/0

Source: bash.elf	ELF static info symbol of initial sample: libc/string/x86_64/memcpy.S
Source: bash.elf	ELF static info symbol of initial sample: libc/string/x86_64/mempcpy.S
Source: bash.elf	ELF static info symbol of initial sample: libc/string/x86_64/memset.S
Source: bash.elf	ELF static info symbol of initial sample: libc/string/x86_64/strchr.S
Source: bash.elf	ELF static info symbol of initial sample: libc/string/x86_64/strcpy.S
Source: bash.elf	ELF static info symbol of initial sample: libc/string/x86_64/strlen.S
Source: bash.elf	ELF static info symbol of initial sample: libc/string/x86_64/strpbrk.S
Source: bash.elf	ELF static info symbol of initial sample: libc/string/x86_64/strspn.S
Source: bash.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crt1.S
Source: bash.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crti.S
Source: bash.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crtn.S
Source: bash.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/vfork.S

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: bash.elf, type: SAMPLE

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: bash.elf, type: SAMPLE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Masquerading	OS Credential Dumping	1 Remote System Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

Threatname: Gafgyt

{
  "C2 url": "93.115.172.234:6667"
}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
bash.elf	59%	Virustotal		Browse
bash.elf	58%	ReversingLabs	Linux.Trojan.Gafgyt
bash.elf	100%	Avira	LINUX/Gafgyt.vka

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
93.115.172.234:6667	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
93.115.172.234	unknown	Romania	39531	ALTER-NET-ASZorilorNr11SfGheorgheRO	true
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
93.115.172.234	cron.elf	Get hash	malicious	Gafgyt	Browse
	apache2.elf	Get hash	malicious	Gafgyt	Browse
	openssh.elf	Get hash	malicious	Gafgyt	Browse
	pftp.elf	Get hash	malicious	Gafgyt	Browse
	sh.elf	Get hash	malicious	Gafgyt	Browse
	sshd.elf	Get hash	malicious	Gafgyt	Browse
	ftp.elf	Get hash	malicious	Gafgyt	Browse
	tftp.elf	Get hash	malicious	Gafgyt	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	cron.elf	Get hash	malicious	Gafgyt	Browse
	sh.elf	Get hash	malicious	Gafgyt	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	sshd.elf	Get hash	malicious	Unknown	Browse
	jwyt4py98x.m68k.elf	Get hash	malicious	Mirai	Browse
	jwyt4py98x.arm7.elf	Get hash	malicious	Mirai	Browse
	jwyt4py98x.mips.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
91.189.91.42	cron.elf	Get hash	malicious	Gafgyt	Browse
	sh.elf	Get hash	malicious	Gafgyt	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	sshd.elf	Get hash	malicious	Unknown	Browse
	jwyt4py98x.m68k.elf	Get hash	malicious	Mirai	Browse
	jwyt4py98x.arm7.elf	Get hash	malicious	Mirai	Browse
	jwyt4py98x.mips.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	wget.elf	Get hash	malicious	Gafgyt	Browse	185.125.190.26
	cron.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	sh.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	jwyt4py98x.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	x.rar.elf	Get hash	malicious	Xmrig	Browse	185.125.190.26
	jwyt4py98x.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	jwyt4py98x.mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
CANONICAL-ASGB	wget.elf	Get hash	malicious	Gafgyt	Browse	185.125.190.26
	cron.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	sh.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	jwyt4py98x.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	x.rar.elf	Get hash	malicious	Xmrig	Browse	185.125.190.26
	jwyt4py98x.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	jwyt4py98x.mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
ALTER-NET-ASZorilorNr11SfGheorgheRO	wget.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	cron.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	apache2.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	openssh.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	pftp.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	sh.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	sshd.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	ftp.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	tftp.elf	Get hash	malicious	Gafgyt	Browse	93.115.172.234
	Ravateb.pdf.exe	Get hash	malicious	Unknown	Browse	89.46.233.239
INIT7CH	cron.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	sh.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	sshd.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	jwyt4py98x.m68k.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	jwyt4py98x.arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	jwyt4py98x.mips.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.685585650805999
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	bash.elf
File size:	72'787 bytes
MD5:	9ca1dfb0f1ca103a1a1c29b723122a45
SHA1:	884048157bb83d5b92c2db7e50b7e58a7164fa73
SHA256:	55bcda268f02a70867fb60848a78b4525d0cb20d862fc1e646a34819a66cf581
SHA512:	623eea6bcc700770d3fa91fbfaa09da2303abc9300521aa251c9b4618e557366d80bee75f24281046b34279de1b345632a71a78fcc51dc1f5a82db8a2b0810e3
SSDEEP:	1536:xEu1gghuHYty2ivGM9gMA3J1pOwhkyFUZA242tIukEiI:T1go54Pm/3J1pnDFh2Z+a
TLSH:	DC63E82F5252D1FEC09717B526DF9961AC23BC3A0726A1097392BE7D3F359C88D4A342
File Content Preview:	.ELF..............>.......@.....@...................@.8...@.......................@.......@...............................................P.......P.....P........n..............Q.td....................................................H...._....J...H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	52432
Section Header Size:	64
Number of Section Headers:	15
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	0	0	1
.text	PROGBITS	0x400100	0x100	0xa378	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x40a478	0xa478	0xe	0x0	0x6	AX	0	0	1
.rodata	PROGBITS	0x40a4a0	0xa4a0	0x1a22	0x0	0x2	A	0	0	32
.eh_frame	PROGBITS	0x40bec4	0xbec4	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x50c000	0xc000	0x10	0x0	0x3	WA	0	0	8
.dtors	PROGBITS	0x50c010	0xc010	0x10	0x0	0x3	WA	0	0	8
.jcr	PROGBITS	0x50c020	0xc020	0x8	0x0	0x3	WA	0	0	8
.data	PROGBITS	0x50c040	0xc040	0x510	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x50c560	0xc550	0x68a8	0x0	0x3	WA	0	0	32
.comment	PROGBITS	0x0	0xc550	0x71a	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0xcc6a	0x66	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0xd090	0x32e8	0x18	0x0		14	177	8
.strtab	STRTAB	0x0	0x10378	0x18db	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xbec8	0xbec8	5.9090	0x5	R E	0x100000	.init .text .fini .rodata .eh_frame
LOAD	0xc000	0x50c000	0x50c000	0x550	0x6e08	2.2051	0x6	RW	0x100000	.ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000e8	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x400100	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x40a478	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x40a4a0	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x40bec4	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x50c000	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x50c010	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x50c020	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x50c040	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x50c560	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
Q	.symtab	0x50c5e0	16384	OBJECT	<unknown>	DEFAULT	10
StartTheLelz	.symtab	0x4026f3	6074	FUNC	<unknown>	DEFAULT	2
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x50c008	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x50c000	0	OBJECT	<unknown>	DEFAULT	6
__C_ctype_b	.symtab	0x50c138	8	OBJECT	<unknown>	DEFAULT	9
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x40b3a0	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x50c148	8	OBJECT	<unknown>	DEFAULT	9
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x40b6a0	768	OBJECT	<unknown>	DEFAULT	4
__DTOR_END__	.symtab	0x50c018	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x50c010	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x40bec4	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x40bec4	0	OBJECT	<unknown>	DEFAULT	5
__GI___C_ctype_b	.symtab	0x50c138	8	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_b_data	.symtab	0x40b3a0	768	OBJECT	<unknown>	HIDDEN	4
__GI___C_ctype_toupper	.symtab	0x50c148	8	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_toupper_data	.symtab	0x40b6a0	768	OBJECT	<unknown>	HIDDEN	4
__GI___ctype_b	.symtab	0x50c140	8	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_toupper	.symtab	0x50c150	8	OBJECT	<unknown>	HIDDEN	9
__GI___errno_location	.symtab	0x40700c	6	FUNC	<unknown>	HIDDEN	2
__GI___fputc_unlocked	.symtab	0x4071c4	192	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x406bc8	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_lseek	.symtab	0x40a410	45	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x406e08	106	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x409468	70	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x4094e7	67	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x406c2c	42	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x40897c	276	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x408e60	18	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x40a074	43	FUNC	<unknown>	HIDDEN	2
__GI_chdir	.symtab	0x406c58	38	FUNC	<unknown>	HIDDEN	2
__GI_clock_getres	.symtab	0x40985c	41	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x406c80	41	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x4079f8	43	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x406cac	44	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x51267c	4	OBJECT	<unknown>	HIDDEN	10
__GI_execl	.symtab	0x409048	287	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x409888	38	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x408fec	92	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x406bc8	100	FUNC	<unknown>	HIDDEN	2
__GI_fcntl64	.symtab	0x406bc8	100	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x406cd8	38	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x407284	56	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x40a0a0	5	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x40a0a8	218	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x4072bc	134	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x406d00	35	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x4098b0	38	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x4098d8	38	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x409900	38	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x409928	19	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x406d24	38	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x406d4c	40	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x407a24	41	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x40993c	38	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x512680	4	OBJECT	<unknown>	HIDDEN	10
__GI_inet_addr	.symtab	0x4079dc	28	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x409fbc	137	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa	.symtab	0x4079d1	10	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa_r	.symtab	0x407984	77	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x408da7	185	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x406d74	104	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x4078dc	25	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x406ddc	44	FUNC	<unknown>	HIDDEN	2
__GI_lseek	.symtab	0x40a410	45	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x40a408	5	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x409d7c	240	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x407350	102	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x409d20	90	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x409e6c	237	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x4073c0	210	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x40982c	48	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x409964	38	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x40998c	38	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x406e08	106	FUNC	<unknown>	HIDDEN	2
__GI_pipe	.symtab	0x406e80	38	FUNC	<unknown>	HIDDEN	2
__GI_putc_unlocked	.symtab	0x4071c4	192	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x40a048	18	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x408a9c	72	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x408ca4	90	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x40a348	190	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x406ea8	39	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x407a84	11	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0x407a90	45	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x4099b4	74	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x406ed0	44	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x407ac0	11	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x407acc	48	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x406efc	38	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x407afc	53	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x408bfc	168	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x40971d	247	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x407b64	35	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x407b88	20	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x407b9c	168	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x406f24	85	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x409168	415	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x407b34	47	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x408cfe	169	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x4074a0	417	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x407650	213	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x407730	225	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x40a230	140	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x40a2c0	135	FUNC	<unknown>	HIDDEN	2
__GI_strstr	.symtab	0x407814	187	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x4078d0	10	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x409f5c	94	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x408e74	10	FUNC	<unknown>	HIDDEN	2
__GI_strtoll	.symtab	0x408e74	10	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x409308	351	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x4078f8	110	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x406f7c	39	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x406fec	30	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x406bb0	21	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x409a00	47	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x406fa4	7	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x406fac	42	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x50c020	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x50c020	0	OBJECT	<unknown>	DEFAULT	8
__app_fini	.symtab	0x512668	8	OBJECT	<unknown>	HIDDEN	10
__atexit_lock	.symtab	0x50c520	40	OBJECT	<unknown>	DEFAULT	9
__bsd_signal	.symtab	0x407b9c	168	FUNC	<unknown>	HIDDEN	2
__bss_start	.symtab	0x50c550	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x4094b2	53	FUNC	<unknown>	DEFAULT	2
__ctype_b	.symtab	0x50c140	8	OBJECT	<unknown>	DEFAULT	9
__ctype_toupper	.symtab	0x50c150	8	OBJECT	<unknown>	DEFAULT	9
__curbrk	.symtab	0x512688	8	OBJECT	<unknown>	HIDDEN	10
__data_start	.symtab	0x50c050	0	NOTYPE	<unknown>	DEFAULT	9
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__do_global_ctors_aux	.symtab	0x40a440	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x400100	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x50c040	0	OBJECT	<unknown>	HIDDEN	9
__environ	.symtab	0x512658	8	OBJECT	<unknown>	DEFAULT	10
__errno_location	.symtab	0x40700c	6	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x512648	8	OBJECT	<unknown>	HIDDEN	10
__fini_array_end	.symtab	0x50c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x50c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fputc_unlocked	.symtab	0x4071c4	192	FUNC	<unknown>	DEFAULT	2
__getpagesize	.symtab	0x409928	19	FUNC	<unknown>	DEFAULT	2
__h_errno_location	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__init_array_end	.symtab	0x50c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x50c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__libc_close	.symtab	0x406c80	41	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x4079f8	43	FUNC	<unknown>	DEFAULT	2
__libc_creat	.symtab	0x406e72	14	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x406bc8	100	FUNC	<unknown>	DEFAULT	2
__libc_fcntl64	.symtab	0x406bc8	100	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x406cd8	38	FUNC	<unknown>	DEFAULT	2
__libc_getpid	.symtab	0x406d24	38	FUNC	<unknown>	DEFAULT	2
__libc_lseek	.symtab	0x40a410	45	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x40a408	5	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x40998c	38	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x406e08	106	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x406ea8	39	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x407a84	11	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0x407a90	45	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x406ed0	44	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x407ac0	11	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x407acc	48	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x40971d	247	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x512650	8	OBJECT	<unknown>	DEFAULT	10
__libc_waitpid	.symtab	0x406fa4	7	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x406fac	42	FUNC	<unknown>	DEFAULT	2
__malloc_consolidate	.symtab	0x408601	410	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x407ca0	96	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x50c3a0	40	OBJECT	<unknown>	DEFAULT	9
__malloc_state	.symtab	0x512720	1752	OBJECT	<unknown>	DEFAULT	10
__malloc_trim	.symtab	0x408568	153	FUNC	<unknown>	DEFAULT	2
__pagesize	.symtab	0x512660	8	OBJECT	<unknown>	DEFAULT	10
__preinit_array_end	.symtab	0x50c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x50c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x4094ae	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x4094ae	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x4094ae	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x4094ae	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x4094ae	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_void	.symtab	0x4094b1	1	FUNC	<unknown>	DEFAULT	2
__raise	.symtab	0x40a048	18	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__restore_rt	.symtab	0x409714	0	NOTYPE	<unknown>	DEFAULT	2
__rtld_fini	.symtab	0x512670	8	OBJECT	<unknown>	HIDDEN	10
__sigaddset	.symtab	0x407c64	28	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x407c80	30	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x407c44	32	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x50c178	8	OBJECT	<unknown>	DEFAULT	9
__stdio_WRITE	.symtab	0x409a30	147	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x40a184	133	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x409ac4	259	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x407103	15	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.4280	.symtab	0x40b9a0	40	OBJECT	<unknown>	DEFAULT	4
__stdio_seek	.symtab	0x40a20c	31	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x409bc8	148	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x40719c	39	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x50c180	8	OBJECT	<unknown>	DEFAULT	9
__syscall_error	.symtab	0x409814	22	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x409468	70	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x4094e7	67	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x40952a	489	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x50c548	8	OBJECT	<unknown>	HIDDEN	9
__vfork	.symtab	0x406bb0	21	FUNC	<unknown>	HIDDEN	2
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x40a05c	23	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x512df8	8	OBJECT	<unknown>	DEFAULT	10
_dl_phnum	.symtab	0x512e00	8	OBJECT	<unknown>	DEFAULT	10
_edata	.symtab	0x50c550	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x512e08	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x51267c	4	OBJECT	<unknown>	DEFAULT	10
_exit	.symtab	0x406c2c	42	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x40a478	5	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x510620	8192	OBJECT	<unknown>	DEFAULT	10
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x512680	4	OBJECT	<unknown>	DEFAULT	10
_init	.symtab	0x4000e8	5	FUNC	<unknown>	DEFAULT	1
_pthread_cleanup_pop_restore	.symtab	0x4094b1	1	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x4094b1	1	FUNC	<unknown>	DEFAULT	2
_sigintr	.symtab	0x5126a0	128	OBJECT	<unknown>	HIDDEN	10
_start	.symtab	0x400194	42	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_init	.symtab	0x407098	107	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x50c188	8	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_add_lock	.symtab	0x50c1a0	40	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_del_count	.symtab	0x510604	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_del_lock	.symtab	0x50c1e0	40	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_use_count	.symtab	0x510600	4	OBJECT	<unknown>	DEFAULT	10
_stdio_streams	.symtab	0x50c220	384	OBJECT	<unknown>	DEFAULT	9
_stdio_term	.symtab	0x407112	135	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x50c208	4	OBJECT	<unknown>	DEFAULT	9
_stdlib_strto_l	.symtab	0x408e80	362	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x409c5c	187	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x40897c	276	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
atoi	.symtab	0x408e60	18	FUNC	<unknown>	DEFAULT	2
atoi.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x512640	4	OBJECT	<unknown>	DEFAULT	10
been_there_done_that.3160	.symtab	0x512678	4	OBJECT	<unknown>	DEFAULT	10
brk	.symtab	0x40a074	43	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x407b9c	168	FUNC	<unknown>	DEFAULT	2
buf.2989	.symtab	0x512630	16	OBJECT	<unknown>	DEFAULT	10
c	.symtab	0x50c130	4	OBJECT	<unknown>	DEFAULT	9
chdir	.symtab	0x406c58	38	FUNC	<unknown>	DEFAULT	2
chdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
client.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_getres	.symtab	0x40985c	41	FUNC	<unknown>	DEFAULT	2
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x406c80	41	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
commServer	.symtab	0x50c060	8	OBJECT	<unknown>	DEFAULT	9
completed.2761	.symtab	0x50c560	1	OBJECT	<unknown>	DEFAULT	10
connect	.symtab	0x4079f8	43	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x401900	572	FUNC	<unknown>	DEFAULT	2
creat	.symtab	0x406e72	14	FUNC	<unknown>	DEFAULT	2
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x4024fa	115	FUNC	<unknown>	DEFAULT	2
currentServer	.symtab	0x50c068	4	OBJECT	<unknown>	DEFAULT	9
data_start	.symtab	0x50c050	0	NOTYPE	<unknown>	DEFAULT	9
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x406cac	44	FUNC	<unknown>	DEFAULT	2
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x512658	8	OBJECT	<unknown>	DEFAULT	10
errno	.symtab	0x51267c	4	OBJECT	<unknown>	DEFAULT	10
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execl	.symtab	0x409048	287	FUNC	<unknown>	DEFAULT	2
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x409888	38	FUNC	<unknown>	DEFAULT	2
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x408fec	92	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x406bc8	100	FUNC	<unknown>	DEFAULT	2
fcntl64	.symtab	0x406bc8	100	FUNC	<unknown>	DEFAULT	2
fdgets	.symtab	0x40113e	128	FUNC	<unknown>	DEFAULT	2
fdopen_pids	.symtab	0x5105e0	8	OBJECT	<unknown>	DEFAULT	10
fdpclose	.symtab	0x400fce	368	FUNC	<unknown>	DEFAULT	2
fdpopen	.symtab	0x400df2	476	FUNC	<unknown>	DEFAULT	2
fork	.symtab	0x406cd8	38	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputc_unlocked	.symtab	0x4071c4	192	FUNC	<unknown>	DEFAULT	2
fputc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x407284	56	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x400150	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x40879b	452	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x40a0a0	5	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x40a0a0	5	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x40a0a8	218	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x4072bc	134	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getBogos	.symtab	0x4013c2	470	FUNC	<unknown>	DEFAULT	2
getBuild	.symtab	0x406411	11	FUNC	<unknown>	DEFAULT	2
getCores	.symtab	0x401598	153	FUNC	<unknown>	DEFAULT	2
getHost	.symtab	0x401346	65	FUNC	<unknown>	DEFAULT	2
getOurIP	.symtab	0x40622d	484	FUNC	<unknown>	DEFAULT	2
getRandomIP	.symtab	0x4024cb	47	FUNC	<unknown>	DEFAULT	2
getRandomPublicIP	.symtab	0x4020c6	1029	FUNC	<unknown>	DEFAULT	2
getdtablesize	.symtab	0x406d00	35	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x4098b0	38	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x4098d8	38	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x409900	38	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x409928	19	FUNC	<unknown>	DEFAULT	2
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x406d24	38	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x406d4c	40	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit64	.symtab	0x406d4c	40	FUNC	<unknown>	DEFAULT	2
getsockname	.symtab	0x407a24	41	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x407a50	50	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x40993c	38	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gotIP	.symtab	0x50c5c4	4	OBJECT	<unknown>	DEFAULT	10
h_errno	.symtab	0x512680	4	OBJECT	<unknown>	DEFAULT	10
hextable	.symtab	0x40a540	2048	OBJECT	<unknown>	DEFAULT	4
htonl	.symtab	0x407970	5	FUNC	<unknown>	DEFAULT	2
htons	.symtab	0x407968	8	FUNC	<unknown>	DEFAULT	2
i.4536	.symtab	0x50c134	4	OBJECT	<unknown>	DEFAULT	9
index	.symtab	0x4074a0	417	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0x4079dc	28	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x409fbc	137	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa	.symtab	0x4079d1	10	FUNC	<unknown>	DEFAULT	2
inet_ntoa.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa_r	.symtab	0x407984	77	FUNC	<unknown>	DEFAULT	2
initConnection	.symtab	0x406103	298	FUNC	<unknown>	DEFAULT	2
init_rand	.symtab	0x4001c0	125	FUNC	<unknown>	DEFAULT	2
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x408b46	110	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x408da7	185	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x406d74	104	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ipState	.symtab	0x50c5d6	5	OBJECT	<unknown>	DEFAULT	10
isatty	.symtab	0x4078dc	25	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isspace	.symtab	0x406fd8	18	FUNC	<unknown>	DEFAULT	2
isspace.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x406ddc	44	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/mempcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strchr.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strlen.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strpbrk.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/x86_64/strspn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/x86_64/vfork.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x401b3c	201	FUNC	<unknown>	DEFAULT	2
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek	.symtab	0x40a410	45	FUNC	<unknown>	DEFAULT	2
lseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x40a408	5	FUNC	<unknown>	DEFAULT	2
macAddress	.symtab	0x50c5d0	6	OBJECT	<unknown>	DEFAULT	10
main	.symtab	0x40641c	1939	FUNC	<unknown>	DEFAULT	2
mainCommSock	.symtab	0x50c5c0	4	OBJECT	<unknown>	DEFAULT	10
makeIPPacket	.symtab	0x40262c	153	FUNC	<unknown>	DEFAULT	2
makeRandomStr	.symtab	0x401631	109	FUNC	<unknown>	DEFAULT	2
malloc	.symtab	0x407d00	2149	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x40895f	28	FUNC	<unknown>	DEFAULT	2
matchPrompt	.symtab	0x401d23	345	FUNC	<unknown>	DEFAULT	2
memchr	.symtab	0x409d7c	240	FUNC	<unknown>	DEFAULT	2
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x407350	102	FUNC	<unknown>	DEFAULT	2
mempcpy	.symtab	0x409d20	90	FUNC	<unknown>	DEFAULT	2
memrchr	.symtab	0x409e6c	237	FUNC	<unknown>	DEFAULT	2
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x4073c0	210	FUNC	<unknown>	DEFAULT	2
mmap	.symtab	0x40982c	48	FUNC	<unknown>	DEFAULT	2
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x409964	38	FUNC	<unknown>	DEFAULT	2
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x50c3e0	40	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x50c420	40	OBJECT	<unknown>	DEFAULT	9
nanosleep	.symtab	0x40998c	38	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
negotiate	.symtab	0x401c05	286	FUNC	<unknown>	DEFAULT	2
next_start.1440	.symtab	0x512620	8	OBJECT	<unknown>	DEFAULT	10
ntohl	.symtab	0x40797d	5	FUNC	<unknown>	DEFAULT	2
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x407975	8	FUNC	<unknown>	DEFAULT	2
numpids	.symtab	0x50c5c8	8	OBJECT	<unknown>	DEFAULT	10
object.2814	.symtab	0x50c580	48	OBJECT	<unknown>	DEFAULT	10
open	.symtab	0x406e08	106	FUNC	<unknown>	DEFAULT	2
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x512690	4	OBJECT	<unknown>	DEFAULT	10
p.2759	.symtab	0x50c048	0	OBJECT	<unknown>	DEFAULT	9
parseHex	.symtab	0x4011be	84	FUNC	<unknown>	DEFAULT	2
passwords	.symtab	0x50c0c0	112	OBJECT	<unknown>	DEFAULT	9
pids	.symtab	0x512698	8	OBJECT	<unknown>	DEFAULT	10
pipe	.symtab	0x406e80	38	FUNC	<unknown>	DEFAULT	2
pipe.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
print	.symtab	0x400627	1085	FUNC	<unknown>	DEFAULT	2
printchar	.symtab	0x4003bd	75	FUNC	<unknown>	DEFAULT	2
printi	.symtab	0x4004e7	320	FUNC	<unknown>	DEFAULT	2
prints	.symtab	0x400408	223	FUNC	<unknown>	DEFAULT	2
processCmd	.symtab	0x4052a4	3679	FUNC	<unknown>	DEFAULT	2
putc_unlocked	.symtab	0x4071c4	192	FUNC	<unknown>	DEFAULT	2
puts	.symtab	0x407014	130	FUNC	<unknown>	DEFAULT	2
puts.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
raise	.symtab	0x40a048	18	FUNC	<unknown>	DEFAULT	2
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x408a90	11	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_cmwc	.symtab	0x40023d	179	FUNC	<unknown>	DEFAULT	2
random	.symtab	0x408a9c	72	FUNC	<unknown>	DEFAULT	2
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x40b9e0	40	OBJECT	<unknown>	DEFAULT	4
random_r	.symtab	0x408ca4	90	FUNC	<unknown>	DEFAULT	2
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x50c4a0	128	OBJECT	<unknown>	DEFAULT	9
rawmemchr	.symtab	0x40a348	190	FUNC	<unknown>	DEFAULT	2
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x406ea8	39	FUNC	<unknown>	DEFAULT	2
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readUntil	.symtab	0x401e7c	586	FUNC	<unknown>	DEFAULT	2
recv	.symtab	0x407a84	11	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x40169e	610	FUNC	<unknown>	DEFAULT	2
recvfrom	.symtab	0x407a90	45	FUNC	<unknown>	DEFAULT	2
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sbrk	.symtab	0x4099b4	74	FUNC	<unknown>	DEFAULT	2
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanPid	.symtab	0x512694	4	OBJECT	<unknown>	DEFAULT	10
sclose	.symtab	0x4026c5	46	FUNC	<unknown>	DEFAULT	2
select	.symtab	0x406ed0	44	FUNC	<unknown>	DEFAULT	2
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x407ac0	11	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendHOLD	.symtab	0x404e01	1187	FUNC	<unknown>	DEFAULT	2
sendJUNK	.symtab	0x4049e3	1054	FUNC	<unknown>	DEFAULT	2
sendTCP	.symtab	0x40438c	1623	FUNC	<unknown>	DEFAULT	2
sendUDP	.symtab	0x403ead	1247	FUNC	<unknown>	DEFAULT	2
sendto	.symtab	0x407acc	48	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsid	.symtab	0x406efc	38	FUNC	<unknown>	DEFAULT	2
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x407afc	53	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x408ae4	98	FUNC	<unknown>	DEFAULT	2
setstate_r	.symtab	0x408bfc	168	FUNC	<unknown>	DEFAULT	2
sigaction	.symtab	0x40971d	247	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x407b64	35	FUNC	<unknown>	DEFAULT	2
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x407b88	20	FUNC	<unknown>	DEFAULT	2
signal	.symtab	0x407b9c	168	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x406f24	85	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x409168	415	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x407b34	47	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sockprintf	.symtab	0x400c2c	454	FUNC	<unknown>	DEFAULT	2
srand	.symtab	0x408bb4	72	FUNC	<unknown>	DEFAULT	2
srandom	.symtab	0x408bb4	72	FUNC	<unknown>	DEFAULT	2
srandom_r	.symtab	0x408cfe	169	FUNC	<unknown>	DEFAULT	2
stderr	.symtab	0x50c170	8	OBJECT	<unknown>	DEFAULT	9
stdin	.symtab	0x50c160	8	OBJECT	<unknown>	DEFAULT	9
stdout	.symtab	0x50c168	8	OBJECT	<unknown>	DEFAULT	9
strchr	.symtab	0x4074a0	417	FUNC	<unknown>	DEFAULT	2
strcpy	.symtab	0x407650	213	FUNC	<unknown>	DEFAULT	2
strlen	.symtab	0x407730	225	FUNC	<unknown>	DEFAULT	2
strpbrk	.symtab	0x40a230	140	FUNC	<unknown>	DEFAULT	2
strspn	.symtab	0x40a2c0	135	FUNC	<unknown>	DEFAULT	2
strstr	.symtab	0x407814	187	FUNC	<unknown>	DEFAULT	2
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoimax	.symtab	0x408e74	10	FUNC	<unknown>	DEFAULT	2
strtok	.symtab	0x4078d0	10	FUNC	<unknown>	DEFAULT	2
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x409f5c	94	FUNC	<unknown>	DEFAULT	2
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x408e74	10	FUNC	<unknown>	DEFAULT	2
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoll	.symtab	0x408e74	10	FUNC	<unknown>	DEFAULT	2
sysconf	.symtab	0x409308	351	FUNC	<unknown>	DEFAULT	2
sysconf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
szprintf	.symtab	0x400b47	229	FUNC	<unknown>	DEFAULT	2
tcgetattr	.symtab	0x4078f8	110	FUNC	<unknown>	DEFAULT	2
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcpcsum	.symtab	0x40256d	191	FUNC	<unknown>	DEFAULT	2
time	.symtab	0x406f7c	39	FUNC	<unknown>	DEFAULT	2
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toupper	.symtab	0x406fec	30	FUNC	<unknown>	DEFAULT	2
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x4002f0	205	FUNC	<unknown>	DEFAULT	2
unsafe_state	.symtab	0x50c460	48	OBJECT	<unknown>	DEFAULT	9
uppercase	.symtab	0x401387	59	FUNC	<unknown>	DEFAULT	2
usernames	.symtab	0x50c080	48	OBJECT	<unknown>	DEFAULT	9
vfork	.symtab	0x406bb0	21	FUNC	<unknown>	DEFAULT	2
wait4	.symtab	0x409a00	47	FUNC	<unknown>	DEFAULT	2
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x406fa4	7	FUNC	<unknown>	DEFAULT	2
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wildString	.symtab	0x401212	308	FUNC	<unknown>	DEFAULT	2
write	.symtab	0x406fac	42	FUNC	<unknown>	DEFAULT	2
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
zprintf	.symtab	0x400a64	227	FUNC	<unknown>	DEFAULT	2

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 50
• 6667 undefined
• 443 (HTTPS)
• 80 (HTTP)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 21, 2025 21:06:59.898962021 CET	43928	443	192.168.2.23	91.189.91.42
Mar 21, 2025 21:07:00.905654907 CET	57290	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:01.079627037 CET	6667	57290	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:05.274060965 CET	42836	443	192.168.2.23	91.189.91.43
Mar 21, 2025 21:07:06.081254959 CET	57292	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:06.252233982 CET	6667	57292	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:06.809834957 CET	42516	80	192.168.2.23	109.202.202.202
Mar 21, 2025 21:07:11.253842115 CET	57294	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:11.424370050 CET	6667	57294	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:16.426245928 CET	57296	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:16.597584963 CET	6667	57296	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:21.399841070 CET	43928	443	192.168.2.23	91.189.91.42
Mar 21, 2025 21:07:21.599821091 CET	57298	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:21.773895979 CET	6667	57298	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:26.775561094 CET	57300	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:26.941294909 CET	6667	57300	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:31.638329983 CET	42836	443	192.168.2.23	91.189.91.43
Mar 21, 2025 21:07:31.943304062 CET	57302	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:32.124069929 CET	6667	57302	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:37.125161886 CET	57304	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:37.297072887 CET	6667	57304	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:37.781438112 CET	42516	80	192.168.2.23	109.202.202.202
Mar 21, 2025 21:07:42.298250914 CET	57306	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:42.466049910 CET	6667	57306	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:47.466948032 CET	57308	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:47.633301973 CET	6667	57308	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:52.634879112 CET	57310	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:52.805409908 CET	6667	57310	93.115.172.234	192.168.2.23
Mar 21, 2025 21:07:57.806721926 CET	57312	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:07:57.973233938 CET	6667	57312	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:02.354006052 CET	43928	443	192.168.2.23	91.189.91.42
Mar 21, 2025 21:08:02.974214077 CET	57314	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:03.148490906 CET	6667	57314	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:08.149646997 CET	57316	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:08.319583893 CET	6667	57316	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:13.320751905 CET	57318	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:13.493052959 CET	6667	57318	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:18.494263887 CET	57320	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:18.664012909 CET	6667	57320	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:23.665425062 CET	57322	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:24.686866045 CET	57322	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:24.861939907 CET	6667	57322	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:29.863775015 CET	57324	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:30.028166056 CET	6667	57324	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:35.029684067 CET	57326	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:35.201349020 CET	6667	57326	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:40.202889919 CET	57328	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:40.373908997 CET	6667	57328	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:45.375958920 CET	57330	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:45.551532030 CET	6667	57330	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:50.553652048 CET	57332	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:50.717361927 CET	6667	57332	93.115.172.234	192.168.2.23
Mar 21, 2025 21:08:55.719857931 CET	57334	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:08:55.892601967 CET	6667	57334	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:00.894301891 CET	57336	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:01.064687014 CET	6667	57336	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:06.066090107 CET	57338	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:06.232095957 CET	6667	57338	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:11.233551025 CET	57340	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:11.401031971 CET	6667	57340	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:16.402344942 CET	57342	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:16.566621065 CET	6667	57342	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:21.568855047 CET	57344	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:21.741092920 CET	6667	57344	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:26.742048025 CET	57346	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:26.913024902 CET	6667	57346	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:31.914165974 CET	57348	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:32.084243059 CET	6667	57348	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:37.085401058 CET	57350	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:37.256757021 CET	6667	57350	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:42.257728100 CET	57352	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:42.433604002 CET	6667	57352	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:47.434632063 CET	57354	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:47.609963894 CET	6667	57354	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:52.611659050 CET	57356	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:52.776000023 CET	6667	57356	93.115.172.234	192.168.2.23
Mar 21, 2025 21:09:57.777582884 CET	57358	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:09:57.950973988 CET	6667	57358	93.115.172.234	192.168.2.23
Mar 21, 2025 21:10:02.952337980 CET	57360	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:10:03.128463984 CET	6667	57360	93.115.172.234	192.168.2.23
Mar 21, 2025 21:10:08.130440950 CET	57362	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:10:08.302966118 CET	6667	57362	93.115.172.234	192.168.2.23
Mar 21, 2025 21:10:13.304579973 CET	57364	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:10:13.477433920 CET	6667	57364	93.115.172.234	192.168.2.23
Mar 21, 2025 21:10:18.479116917 CET	57366	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:10:18.650913954 CET	6667	57366	93.115.172.234	192.168.2.23
Mar 21, 2025 21:10:23.654010057 CET	57368	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:10:23.823858976 CET	6667	57368	93.115.172.234	192.168.2.23
Mar 21, 2025 21:10:28.825867891 CET	57370	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:10:29.000849009 CET	6667	57370	93.115.172.234	192.168.2.23
Mar 21, 2025 21:10:34.002367020 CET	57372	6667	192.168.2.23	93.115.172.234
Mar 21, 2025 21:10:34.177782059 CET	6667	57372	93.115.172.234	192.168.2.23

System Behavior

Analysis Process: bash.elf PID: 6217, Parent PID: 6138

General

Start time (UTC):	20:06:59
Start date (UTC):	21/03/2025
Path:	/tmp/bash.elf
Arguments:	/tmp/bash.elf
File size:	72787 bytes
MD5 hash:	9ca1dfb0f1ca103a1a1c29b723122a45

File Activities

File Opened

File Read

Process Activities

Process Forked

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: bash.elf PID: 6218, Parent PID: 6217

General

Start time (UTC):	20:06:59
Start date (UTC):	21/03/2025
Path:	/tmp/bash.elf
Arguments:	-
File size:	72787 bytes
MD5 hash:	9ca1dfb0f1ca103a1a1c29b723122a45

Process Activities

Process Forked

Chronological Activities

Analysis Process: bash.elf PID: 6219, Parent PID: 6218

General

Start time (UTC):	20:06:59
Start date (UTC):	21/03/2025
Path:	/tmp/bash.elf
Arguments:	-
File size:	72787 bytes
MD5 hash:	9ca1dfb0f1ca103a1a1c29b723122a45

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net .
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report bash.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: Gafgyt

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: bash.elf PID: 6217, Parent PID: 6138

General

File Activities

File Opened

File Read

Process Activities

Process Forked

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: bash.elf PID: 6218, Parent PID: 6217

General

Process Activities

Process Forked

Chronological Activities

Analysis Process: bash.elf PID: 6219, Parent PID: 6218

General

Process Activities

Thread Sleep

Network Activities

Linux Analysis Report
bash.elf