Linux
Analysis Report
morte.arm7.elf
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Signatures
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1648697 |
Start date and time: | 2025-03-26 04:43:18 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | morte.arm7.elf |
Detection: | MAL |
Classification: | mal56.spre.evad.linELF@0/0@0/0 |
Command: | /tmp/morte.arm7.elf |
PID: | 5435 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- morte.arm7.elf New Fork (PID: 5437, Parent: 5435)
- morte.arm7.elf New Fork (PID: 5439, Parent: 5437)
- morte.arm7.elf New Fork (PID: 5441, Parent: 5437)
- xfce4-panel New Fork (PID: 5453, Parent: 3147)
- xfce4-panel New Fork (PID: 5454, Parent: 3147)
- xfce4-panel New Fork (PID: 5455, Parent: 3147)
- xfce4-panel New Fork (PID: 5456, Parent: 3147)
- wrapper-2.0 New Fork (PID: 5477, Parent: 5456)
- xfce4-panel New Fork (PID: 5457, Parent: 3147)
- xfce4-panel New Fork (PID: 5458, Parent: 3147)
- dbus-daemon New Fork (PID: 5476, Parent: 5475)
- systemd New Fork (PID: 5507, Parent: 2935)
- cleanup
- • AV Detection
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Program segment: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Hidden Files and Directories | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Obfuscated Files or Information | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Linux.Backdoor.Mirai |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.65.142.252 | unknown | Germany | 8649 | WEBTRAFFICDE | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.65.142.252 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Gafgyt, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Okiru | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
WEBTRAFFICDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc | Browse |
|
File type: | |
Entropy (8bit): | 7.971725680975516 |
TrID: |
|
File name: | morte.arm7.elf |
File size: | 43'820 bytes |
MD5: | 994408ba1a2fa4a8a81771f3d701b467 |
SHA1: | 9ebb0e77e1a773a9ccb914a527133148bd45ba1f |
SHA256: | cb5ee82128b699063579f43eb181d7eaf6233b59be8959b935d10960cb3e8fc8 |
SHA512: | f22dd9392e231cd861a3a01bcc39931245b864ee80d9322cb4c6a9d65ad662bf00328d4ab8506df440ab847c1c7278f8493be3c42342ef7868975d09c3e10ad4 |
SSDEEP: | 768:YFWoLJaLqMug//spQMcgeogMqe0+gk1OK9q3UELYi0I48hQfCkh08Jb9q:WRba/8QF+gQgLYRIOqkN99q |
TLSH: | AB13F1C686B78440DE789D74DB1A4E8F9E1652E8678A3A2F0309750C65C72A173FE24F |
File Content Preview: | .ELF..............(.........4...........4. ...(......................q...q..............$3..$3..$3..................Q.td...............................OUPX!........,...,.......i..........?.E.h;....#..$...o...k.......*).......X...$.'.?{.<..a..(.P.wI.U$.|.W |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0x7195 | 0x7195 | 7.9471 | 0x5 | R E | 0x8000 | ||
LOAD | 0x3324 | 0x23324 | 0x23324 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2025 04:44:09.388370991 CET | 44572 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:09.590059042 CET | 7575 | 44572 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:10.592782974 CET | 44574 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:10.798367023 CET | 7575 | 44574 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:20.806284904 CET | 44576 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:21.012145042 CET | 7575 | 44576 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:24.019773960 CET | 44578 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:24.224746943 CET | 7575 | 44578 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:28.272495031 CET | 44580 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:28.476064920 CET | 7575 | 44580 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:30.646821022 CET | 44582 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:30.847969055 CET | 7575 | 44582 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:32.849632978 CET | 44584 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:33.051645041 CET | 7575 | 44584 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:38.053802013 CET | 44586 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:38.255449057 CET | 7575 | 44586 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:44.258380890 CET | 44588 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:44.464215994 CET | 7575 | 44588 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:52.466723919 CET | 44590 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:52.672396898 CET | 7575 | 44590 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:53.675594091 CET | 44592 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:44:53.878565073 CET | 7575 | 44592 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:44:59.881148100 CET | 44594 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:00.085277081 CET | 7575 | 44594 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:06.088160992 CET | 44596 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:06.291079998 CET | 7575 | 44596 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:10.294904947 CET | 44598 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:10.496927977 CET | 7575 | 44598 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:19.500272989 CET | 44600 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:19.705609083 CET | 7575 | 44600 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:20.708900928 CET | 44602 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:20.911535025 CET | 7575 | 44602 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:21.915139914 CET | 44604 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:22.116425037 CET | 7575 | 44604 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:27.119961023 CET | 44606 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:27.321080923 CET | 7575 | 44606 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:36.322835922 CET | 44608 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:36.528420925 CET | 7575 | 44608 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:38.530915022 CET | 44610 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:38.733067036 CET | 7575 | 44610 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:46.735383987 CET | 44612 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:46.936723948 CET | 7575 | 44612 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:49.939800978 CET | 44614 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:50.140978098 CET | 7575 | 44614 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:45:56.144740105 CET | 44616 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:45:56.346096992 CET | 7575 | 44616 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:46:02.357273102 CET | 44618 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:46:02.558229923 CET | 7575 | 44618 | 176.65.142.252 | 192.168.2.13 |
Mar 26, 2025 04:46:07.560962915 CET | 44620 | 7575 | 192.168.2.13 | 176.65.142.252 |
Mar 26, 2025 04:46:07.762806892 CET | 7575 | 44620 | 176.65.142.252 | 192.168.2.13 |
System Behavior
Start time (UTC): | 03:44:08 |
Start date (UTC): | 26/03/2025 |
Path: | /tmp/morte.arm7.elf |
Arguments: | /tmp/morte.arm7.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 03:44:08 |
Start date (UTC): | 26/03/2025 |
Path: | /tmp/morte.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 03:44:08 |
Start date (UTC): | 26/03/2025 |
Path: | /tmp/morte.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 03:44:08 |
Start date (UTC): | 26/03/2025 |
Path: | /tmp/morte.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 03:44:22 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | - |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 03:44:22 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/sbin/xfpm-power-backlight-helper |
Arguments: | /usr/sbin/xfpm-power-backlight-helper --get-max-brightness |
File size: | 14656 bytes |
MD5 hash: | 3d221ad23f28ca3259f599b1664e2427 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 03:44:14 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 03:44:21 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/bin/dbus-daemon |
Arguments: | - |
File size: | 249032 bytes |
MD5 hash: | 3089d47e3f3ab84cd81c48fd406d7a8c |
Start time (UTC): | 03:44:21 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
File size: | 112880 bytes |
MD5 hash: | 4c7a0d6d258bb970905b19b84abcd8e9 |
Start time (UTC): | 03:44:26 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 03:44:26 |
Start date (UTC): | 26/03/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd |
File size: | 112872 bytes |
MD5 hash: | eee956f1b227c1d5031f9c61223255d1 |