Edit tour

Linux Analysis Report
arm.elf

Overview

General Information

Sample name:arm.elf
Analysis ID:1649563
MD5:fb66aa5b88ab1098a22937a90a016bd7
SHA1:ade86d9546925d783742c7ea874b0775f5d93861
SHA256:1a6802bea6ffdc55432fc3d7908e79ac74163868d3e6d027e33b27d723b4febc
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100

Signatures

Connects to many ports of the same IP (likely port scanning)
Uses STUN server to do NAT traversial
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1649563
Start date and time:2025-03-26 22:37:20 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 42s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm.elf
Detection:MAL
Classification:mal48.troj.linELF@0/2@3/0
Command:/tmp/arm.elf
PID:6234
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
For God so loved the world
Standard Error:
  • system is lnxubuntu20
  • arm.elf (PID: 6234, Parent: 6153, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm.elf
    • arm.elf New Fork (PID: 6236, Parent: 6234)
  • dash New Fork (PID: 6308, Parent: 4342)
  • rm (PID: 6308, Parent: 4342, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.qnKpI3LBNa /tmp/tmp.4FCWtZk34b /tmp/tmp.LXBcVbX781
  • dash New Fork (PID: 6309, Parent: 4342)
  • rm (PID: 6309, Parent: 4342, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.qnKpI3LBNa /tmp/tmp.4FCWtZk34b /tmp/tmp.LXBcVbX781
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Networking

barindex
Source: global trafficTCP traffic: 104.245.241.64 ports 29486,2,4,6,8,9
Source: global trafficTCP traffic: 216.73.156.19 ports 50749,0,4,5,7,9
Source: unknownDNS query: name: stun.l.google.com
Source: global trafficTCP traffic: 192.168.2.23:37540 -> 104.245.241.64:29486
Source: global trafficTCP traffic: 192.168.2.23:52790 -> 156.244.14.93:50464
Source: global trafficTCP traffic: 192.168.2.23:34256 -> 216.73.156.19:50749
Source: global trafficUDP traffic: 192.168.2.23:52731 -> 74.125.250.129:19302
Source: /tmp/arm.elf (PID: 6236)Socket: 127.0.0.1:22448Jump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.64
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.64
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.64
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.64
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.64
Source: unknownTCP traffic detected without corresponding DNS query: 104.245.241.64
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 156.244.14.93
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: unknownTCP traffic detected without corresponding DNS query: 216.73.156.19
Source: global trafficDNS traffic detected: DNS query: stun.l.google.com
Source: arm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpString found in binary or memory: http://17365637265742070617373776F7264206D656D6F721/t/wget.sh
Source: arm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpString found in binary or memory: https://motd.ubuntu.com
Source: arm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpString found in binary or memory: https://motd.ubuntu.comhe
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39252
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39252 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.troj.linELF@0/2@3/0
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1582/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/3088/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/230/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/110/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/231/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/111/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/232/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1579/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/112/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/233/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1699/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/113/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/234/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1335/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1698/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/114/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/235/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1334/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1576/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/2302/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/115/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/236/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/116/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/237/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/117/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/118/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/910/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/119/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/912/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/2307/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/918/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/15/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/16/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/17/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/18/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1594/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/120/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/121/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1349/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1/mapsJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/122/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/243/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/123/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/124/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/3/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/4/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/125/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/126/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1344/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1465/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1586/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/127/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/6/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/248/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/128/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/249/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1463/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/9/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/801/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/20/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/21/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1900/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/22/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/23/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/24/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/25/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/26/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/27/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/28/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/29/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/491/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/250/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/130/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/251/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/252/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/132/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/253/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/254/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/255/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/256/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1599/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/257/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1477/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/379/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/258/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1476/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/259/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/30/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/2208/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/35/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1809/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/1494/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/260/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/261/cmdlineJump to behavior
Source: /tmp/arm.elf (PID: 6234)File opened: /proc/141/cmdlineJump to behavior
Source: /usr/bin/dash (PID: 6308)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.qnKpI3LBNa /tmp/tmp.4FCWtZk34b /tmp/tmp.LXBcVbX781Jump to behavior
Source: /usr/bin/dash (PID: 6309)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.qnKpI3LBNa /tmp/tmp.4FCWtZk34b /tmp/tmp.LXBcVbX781Jump to behavior
Source: /tmp/arm.elf (PID: 6234)Queries kernel information via 'uname': Jump to behavior
Source: arm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpBinary or memory string: vmwarem
Source: arm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpBinary or memory string: vmware
Source: arm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpBinary or memory string: qemu-arm
Source: arm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpBinary or memory string: qemu-arm)Zm6vnZ5U4mf8vApyWcDwXR44ZAkzslsN)0
Source: arm.elf, 6234.1.00007ffc72ae2000.00007ffc72b03000.rw-.sdmpBinary or memory string: /tmp/qemu-open.O9x0WA
Source: arm.elf, 6234.1.00007ffc72ae2000.00007ffc72b03000.rw-.sdmpBinary or memory string: V/tmp/qemu-open.O9x0WA:e
Source: arm.elf, 6234.1.00005608a835e000.00005608a84ce000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: arm.elf, 6234.1.00005608a835e000.00005608a84ce000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm
Source: arm.elf, 6234.1.00007ffc72ae2000.00007ffc72b03000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: arm.elf, 6234.1.00007ffc72ae2000.00007ffc72b03000.rw-.sdmpBinary or memory string: hx86_64/usr/bin/qemu-arm/tmp/arm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm.elf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
File Deletion
1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol
Traffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1649563 Sample: arm.elf Startdate: 26/03/2025 Architecture: LINUX Score: 48 15 stun.l.google.com 2->15 17 216.73.156.19, 34256, 50749 WINDSTREAMUS United States 2->17 19 7 other IPs or domains 2->19 21 Connects to many ports of the same IP (likely port scanning) 2->21 7 arm.elf 2->7         started        9 dash rm 2->9         started        11 dash rm 2->11         started        signatures3 23 Uses STUN server to do NAT traversial 15->23 process4 process5 13 arm.elf 7->13         started       
SourceDetectionScannerLabelLink
arm.elf11%ReversingLabsLinux.Trojan.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
stun.l.google.com
74.125.250.129
truefalse
    high
    NameSourceMaliciousAntivirus DetectionReputation
    https://motd.ubuntu.comarm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpfalse
      high
      https://motd.ubuntu.comhearm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpfalse
        high
        http://17365637265742070617373776F7264206D656D6F721/t/wget.sharm.elf, 6234.1.00007fea50032000.00007fea5003b000.rw-.sdmpfalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          34.249.145.219
          unknownUnited States
          16509AMAZON-02USfalse
          104.245.241.64
          unknownUnited States
          8100ASN-QUADRANET-GLOBALUStrue
          216.73.156.19
          unknownUnited States
          7029WINDSTREAMUStrue
          156.244.14.93
          unknownSeychelles
          132839POWERLINE-AS-APPOWERLINEDATACENTERHKfalse
          109.202.202.202
          unknownSwitzerland
          13030INIT7CHfalse
          74.125.250.129
          stun.l.google.comUnited States
          15169GOOGLEUSfalse
          91.189.91.43
          unknownUnited Kingdom
          41231CANONICAL-ASGBfalse
          91.189.91.42
          unknownUnited Kingdom
          41231CANONICAL-ASGBfalse
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          34.249.145.219na.elfGet hashmaliciousPrometeiBrowse
            efefa7.elfGet hashmaliciousMiraiBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                na.elfGet hashmaliciousPrometeiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    na.elfGet hashmaliciousPrometeiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        na.elfGet hashmaliciousPrometeiBrowse
                          na.elfGet hashmaliciousPrometeiBrowse
                            a-r.m-5.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                              104.245.241.64arm5.elfGet hashmaliciousUnknownBrowse
                                mips.elfGet hashmaliciousUnknownBrowse
                                  mips.elfGet hashmaliciousUnknownBrowse
                                    arm5.elfGet hashmaliciousUnknownBrowse
                                      216.73.156.19kmips.elfGet hashmaliciousUnknownBrowse
                                        mips.elfGet hashmaliciousUnknownBrowse
                                          156.244.14.93kmips.elfGet hashmaliciousUnknownBrowse
                                            mpsl.elfGet hashmaliciousUnknownBrowse
                                              mpsl.elfGet hashmaliciousUnknownBrowse
                                                aarch64.elfGet hashmaliciousUnknownBrowse
                                                  sh4.elfGet hashmaliciousUnknownBrowse
                                                    nimips.elfGet hashmaliciousUnknownBrowse
                                                      arm6.elfGet hashmaliciousUnknownBrowse
                                                        109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                                        • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                                        No context
                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        POWERLINE-AS-APPOWERLINEDATACENTERHKUuhANT$345432.exeGet hashmaliciousFormBookBrowse
                                                        • 202.165.121.125
                                                        boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 156.251.7.178
                                                        boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                        • 156.242.206.58
                                                        boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 156.251.3.5
                                                        boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 156.242.206.57
                                                        aarch64.elfGet hashmaliciousUnknownBrowse
                                                        • 156.244.45.113
                                                        boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                        • 156.251.7.175
                                                        boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                        • 156.242.206.23
                                                        boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 156.244.234.131
                                                        kmips.elfGet hashmaliciousUnknownBrowse
                                                        • 156.244.44.239
                                                        WINDSTREAMUSg4za.x86Get hashmaliciousUnknownBrowse
                                                        • 155.212.88.182
                                                        frosty.sh4.elfGet hashmaliciousUnknownBrowse
                                                        • 65.23.29.97
                                                        arm7.elfGet hashmaliciousOkiruBrowse
                                                        • 173.185.229.87
                                                        SecuriteInfo.com.Win64.MalwareX-gen.18746.5044.dllGet hashmaliciousUnknownBrowse
                                                        • 64.52.80.252
                                                        kmips.elfGet hashmaliciousUnknownBrowse
                                                        • 216.73.156.19
                                                        g4za.mips.elfGet hashmaliciousMiraiBrowse
                                                        • 66.19.208.111
                                                        g4za.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 207.94.133.229
                                                        g4za.spc.elfGet hashmaliciousMiraiBrowse
                                                        • 206.252.166.188
                                                        g4za.x86.elfGet hashmaliciousUnknownBrowse
                                                        • 68.143.234.232
                                                        g4za.ppc.elfGet hashmaliciousMiraiBrowse
                                                        • 66.217.147.19
                                                        AMAZON-02UShttp://thepdfonestart.comGet hashmaliciousUnknownBrowse
                                                        • 108.138.106.121
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 34.249.145.219
                                                        jfeeps.elfGet hashmaliciousUnknownBrowse
                                                        • 34.243.160.129
                                                        efefa7.elfGet hashmaliciousMiraiBrowse
                                                        • 54.171.230.55
                                                        efjepc.elfGet hashmaliciousUnknownBrowse
                                                        • 54.217.10.153
                                                        Resume_PaulBrew.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                        • 108.139.29.30
                                                        efefa7.elfGet hashmaliciousMiraiBrowse
                                                        • 34.249.145.219
                                                        https://www.bing.com/ck/a?!&&p=5406480d02accf17624086c56a94c55f6a16b7aaf8708ca0aac470ec492dfdddJmltdHM9MTc0Mjk0NzIwMA&ptn=3&ver=2&hsh=4&fclid=19c568d0-da5e-6cab-0452-7d78db436d5e&u=a1aHR0cHM6Ly90ZWNub2xvZ2lhYWx0b2xhc2NvbmRlcy5jb20ubXgvbmV3LXByb2R1Y3Rz&ntb=1Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                        • 3.168.73.27
                                                        arm6.elfGet hashmaliciousUnknownBrowse
                                                        • 34.254.182.186
                                                        phishing.emlGet hashmaliciousUnknownBrowse
                                                        • 54.200.22.172
                                                        ASN-QUADRANET-GLOBALUSphish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                        • 185.174.100.20
                                                        #Ud83d#Udd0aAudio_Msg Junklessfoods.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 185.174.100.76
                                                        #Ud83d#Udd0aAudio_Msg Junklessfoods.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 185.174.100.76
                                                        kmips.elfGet hashmaliciousUnknownBrowse
                                                        • 104.245.241.61
                                                        arm5.elfGet hashmaliciousUnknownBrowse
                                                        • 104.245.241.64
                                                        #Ud83d#Udd0aAudio_Msg Overlakehospital.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 185.174.100.76
                                                        #Ud83d#Udd0aAudio_Msg Umanitoba.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 185.174.100.76
                                                        Play_VM-Now(apply)VWAV.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 185.174.100.76
                                                        auuu.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 185.174.100.76
                                                        arm7.elfGet hashmaliciousUnknownBrowse
                                                        • 104.245.241.61
                                                        No context
                                                        No context
                                                        Process:/tmp/arm.elf
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):13
                                                        Entropy (8bit):3.3927474104487847
                                                        Encrypted:false
                                                        SSDEEP:3:Tg7G:Tgy
                                                        MD5:060C950602AE5DFAF583473721C0D328
                                                        SHA1:91D13B439729088DC17F1E0519970D82C56F2B07
                                                        SHA-256:F8D4586FDF6230A2D5F431EF44BABDF37F6D7CEDBB3560702B0DC8493DD44EE3
                                                        SHA-512:000D50E0A5736B0AB3B1BF61F55911914808FA197365B10F61F24096E2959ADAC2C3FF0D9ED226AD99934093F9FDD1C7035A22EEB5091DF75402A0A26E7A84AC
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:/tmp/arm.elf.
                                                        Process:/tmp/arm.elf
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):13
                                                        Entropy (8bit):3.3927474104487847
                                                        Encrypted:false
                                                        SSDEEP:3:Tg7G:Tgy
                                                        MD5:060C950602AE5DFAF583473721C0D328
                                                        SHA1:91D13B439729088DC17F1E0519970D82C56F2B07
                                                        SHA-256:F8D4586FDF6230A2D5F431EF44BABDF37F6D7CEDBB3560702B0DC8493DD44EE3
                                                        SHA-512:000D50E0A5736B0AB3B1BF61F55911914808FA197365B10F61F24096E2959ADAC2C3FF0D9ED226AD99934093F9FDD1C7035A22EEB5091DF75402A0A26E7A84AC
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:/tmp/arm.elf.
                                                        File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                                        Entropy (8bit):6.106031259021826
                                                        TrID:
                                                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                        File name:arm.elf
                                                        File size:75'404 bytes
                                                        MD5:fb66aa5b88ab1098a22937a90a016bd7
                                                        SHA1:ade86d9546925d783742c7ea874b0775f5d93861
                                                        SHA256:1a6802bea6ffdc55432fc3d7908e79ac74163868d3e6d027e33b27d723b4febc
                                                        SHA512:3b40f5e1e273d4ff3af13fc82765c8ef78b6ede8ce9c653056580e19ba9b0db3b7c55ba3902493e12aec21566ffd7bb2580216c3a07da6708332d02e459457c1
                                                        SSDEEP:1536:d9TQVRGWL4rpdJ4uCa1o2NOsSjmDaHvW0vZodTCaFG4I3pPgE7v7:dR+RGWL4rpdJZhNtSjCaHv7BGTxFGd3d
                                                        TLSH:A9730745BC418A07C6D116BBFF1F82893726639CE2EE7203DA259F21378F56A0E7B151
                                                        File Content Preview:.ELF...a..........(.........4....$......4. ...(......................!...!...............!...!...!.......g..........Q.td..................................-...L."...eB..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                                        ELF header

                                                        Class:ELF32
                                                        Data:2's complement, little endian
                                                        Version:1 (current)
                                                        Machine:ARM
                                                        Version Number:0x1
                                                        Type:EXEC (Executable file)
                                                        OS/ABI:ARM - ABI
                                                        ABI Version:0
                                                        Entry Point Address:0x8190
                                                        Flags:0x202
                                                        ELF Header Size:52
                                                        Program Header Offset:52
                                                        Program Header Size:32
                                                        Number of Program Headers:3
                                                        Section Header Offset:75004
                                                        Section Header Size:40
                                                        Number of Section Headers:10
                                                        Header String Table Index:9
                                                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                        NULL0x00x00x00x00x0000
                                                        .initPROGBITS0x80940x940x180x00x6AX004
                                                        .textPROGBITS0x80b00xb00x109cc0x00x6AX0016
                                                        .finiPROGBITS0x18a7c0x10a7c0x140x00x6AX004
                                                        .rodataPROGBITS0x18a900x10a900x17380x00x2A004
                                                        .ctorsPROGBITS0x221cc0x121cc0x80x00x3WA004
                                                        .dtorsPROGBITS0x221d40x121d40x80x00x3WA004
                                                        .dataPROGBITS0x221e00x121e00x2dc0x00x3WA004
                                                        .bssNOBITS0x224bc0x124bc0x64a00x00x3WA004
                                                        .shstrtabSTRTAB0x00x124bc0x3e0x00x0001
                                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                        LOAD0x00x80000x80000x121c80x121c86.12640x5R E0x8000.init .text .fini .rodata
                                                        LOAD0x121cc0x221cc0x221cc0x2f00x67903.76360x6RW 0x8000.ctors .dtors .data .bss
                                                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                        Download Network PCAP: filteredfull

                                                        • Total Packets: 46
                                                        • 50749 undefined
                                                        • 50464 undefined
                                                        • 29486 undefined
                                                        • 19302 undefined
                                                        • 443 (HTTPS)
                                                        • 80 (HTTP)
                                                        • 53 (DNS)
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Mar 26, 2025 22:38:05.852355003 CET43928443192.168.2.2391.189.91.42
                                                        Mar 26, 2025 22:38:07.145896912 CET3754029486192.168.2.23104.245.241.64
                                                        Mar 26, 2025 22:38:07.570957899 CET2948637540104.245.241.64192.168.2.23
                                                        Mar 26, 2025 22:38:07.571271896 CET3754029486192.168.2.23104.245.241.64
                                                        Mar 26, 2025 22:38:07.990308046 CET2948637540104.245.241.64192.168.2.23
                                                        Mar 26, 2025 22:38:07.990516901 CET3754029486192.168.2.23104.245.241.64
                                                        Mar 26, 2025 22:38:08.396588087 CET2948637540104.245.241.64192.168.2.23
                                                        Mar 26, 2025 22:38:08.396815062 CET3754029486192.168.2.23104.245.241.64
                                                        Mar 26, 2025 22:38:08.759948015 CET3754029486192.168.2.23104.245.241.64
                                                        Mar 26, 2025 22:38:09.181461096 CET2948637540104.245.241.64192.168.2.23
                                                        Mar 26, 2025 22:38:09.181525946 CET2948637540104.245.241.64192.168.2.23
                                                        Mar 26, 2025 22:38:09.181713104 CET3754029486192.168.2.23104.245.241.64
                                                        Mar 26, 2025 22:38:09.588908911 CET2948637540104.245.241.64192.168.2.23
                                                        Mar 26, 2025 22:38:10.183949947 CET5279050464192.168.2.23156.244.14.93
                                                        Mar 26, 2025 22:38:10.347495079 CET5046452790156.244.14.93192.168.2.23
                                                        Mar 26, 2025 22:38:10.347641945 CET5279050464192.168.2.23156.244.14.93
                                                        Mar 26, 2025 22:38:10.511554956 CET5046452790156.244.14.93192.168.2.23
                                                        Mar 26, 2025 22:38:10.511775970 CET5279050464192.168.2.23156.244.14.93
                                                        Mar 26, 2025 22:38:10.674611092 CET5046452790156.244.14.93192.168.2.23
                                                        Mar 26, 2025 22:38:10.674752951 CET5279050464192.168.2.23156.244.14.93
                                                        Mar 26, 2025 22:38:11.227849007 CET42836443192.168.2.2391.189.91.43
                                                        Mar 26, 2025 22:38:11.533715010 CET5279050464192.168.2.23156.244.14.93
                                                        Mar 26, 2025 22:38:11.696329117 CET5046452790156.244.14.93192.168.2.23
                                                        Mar 26, 2025 22:38:11.696414948 CET5046452790156.244.14.93192.168.2.23
                                                        Mar 26, 2025 22:38:11.696585894 CET5279050464192.168.2.23156.244.14.93
                                                        Mar 26, 2025 22:38:11.859342098 CET5046452790156.244.14.93192.168.2.23
                                                        Mar 26, 2025 22:38:12.698575020 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:12.763695955 CET4251680192.168.2.23109.202.202.202
                                                        Mar 26, 2025 22:38:12.858344078 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:38:12.858692884 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:13.018747091 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:38:13.019042969 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:13.178849936 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:38:13.179205894 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:14.045015097 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:14.204457045 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:38:26.329567909 CET43928443192.168.2.2391.189.91.42
                                                        Mar 26, 2025 22:38:27.556669950 CET39252443192.168.2.2334.249.145.219
                                                        Mar 26, 2025 22:38:27.556765079 CET4433925234.249.145.219192.168.2.23
                                                        Mar 26, 2025 22:38:27.556864023 CET39252443192.168.2.2334.249.145.219
                                                        Mar 26, 2025 22:38:27.557085037 CET39252443192.168.2.2334.249.145.219
                                                        Mar 26, 2025 22:38:27.557109118 CET4433925234.249.145.219192.168.2.23
                                                        Mar 26, 2025 22:38:29.057816029 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:29.217403889 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:38:29.217578888 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:29.377613068 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:38:31.654083967 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:38:31.654361963 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:38.616005898 CET42836443192.168.2.2391.189.91.43
                                                        Mar 26, 2025 22:38:42.711277008 CET4251680192.168.2.23109.202.202.202
                                                        Mar 26, 2025 22:38:47.220369101 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:47.380496979 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:38:47.380667925 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:38:47.540926933 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:39:04.400202036 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:39:04.559678078 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:39:04.559818029 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:39:04.720386028 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:39:07.283713102 CET43928443192.168.2.2391.189.91.42
                                                        Mar 26, 2025 22:39:23.911768913 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:39:24.071062088 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:39:24.071258068 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:39:24.230546951 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:39:27.548620939 CET39252443192.168.2.2334.249.145.219
                                                        Mar 26, 2025 22:39:27.592269897 CET4433925234.249.145.219192.168.2.23
                                                        Mar 26, 2025 22:39:41.371571064 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:39:41.371943951 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:39:56.385123968 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:39:56.544859886 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:39:56.544965982 CET3425650749192.168.2.23216.73.156.19
                                                        Mar 26, 2025 22:39:56.704279900 CET5074934256216.73.156.19192.168.2.23
                                                        Mar 26, 2025 22:40:11.113354921 CET4433925234.249.145.219192.168.2.23
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Mar 26, 2025 22:38:08.572789907 CET5821353192.168.2.238.8.4.4
                                                        Mar 26, 2025 22:38:08.661252975 CET53582138.8.4.4192.168.2.23
                                                        Mar 26, 2025 22:38:08.661741972 CET5273119302192.168.2.2374.125.250.129
                                                        Mar 26, 2025 22:38:08.758188009 CET193025273174.125.250.129192.168.2.23
                                                        Mar 26, 2025 22:38:11.349538088 CET4701953192.168.2.238.8.4.4
                                                        Mar 26, 2025 22:38:11.438097954 CET53470198.8.4.4192.168.2.23
                                                        Mar 26, 2025 22:38:11.438334942 CET3293519302192.168.2.2374.125.250.129
                                                        Mar 26, 2025 22:38:11.533137083 CET193023293574.125.250.129192.168.2.23
                                                        Mar 26, 2025 22:38:13.860610008 CET5615253192.168.2.238.8.4.4
                                                        Mar 26, 2025 22:38:13.949480057 CET53561528.8.4.4192.168.2.23
                                                        Mar 26, 2025 22:38:13.949634075 CET4429619302192.168.2.2374.125.250.129
                                                        Mar 26, 2025 22:38:14.044620037 CET193024429674.125.250.129192.168.2.23
                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Mar 26, 2025 22:38:08.572789907 CET192.168.2.238.8.4.40xdfa5Standard query (0)stun.l.google.comA (IP address)IN (0x0001)false
                                                        Mar 26, 2025 22:38:11.349538088 CET192.168.2.238.8.4.40x7297Standard query (0)stun.l.google.comA (IP address)IN (0x0001)false
                                                        Mar 26, 2025 22:38:13.860610008 CET192.168.2.238.8.4.40x4f50Standard query (0)stun.l.google.comA (IP address)IN (0x0001)false
                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Mar 26, 2025 22:38:08.661252975 CET8.8.4.4192.168.2.230xdfa5No error (0)stun.l.google.com74.125.250.129A (IP address)IN (0x0001)false
                                                        Mar 26, 2025 22:38:11.438097954 CET8.8.4.4192.168.2.230x7297No error (0)stun.l.google.com74.125.250.129A (IP address)IN (0x0001)false
                                                        Mar 26, 2025 22:38:13.949480057 CET8.8.4.4192.168.2.230x4f50No error (0)stun.l.google.com74.125.250.129A (IP address)IN (0x0001)false

                                                        System Behavior

                                                        Start time (UTC):21:38:06
                                                        Start date (UTC):26/03/2025
                                                        Path:/tmp/arm.elf
                                                        Arguments:-
                                                        File size:4956856 bytes
                                                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                        Start time (UTC):21:39:26
                                                        Start date (UTC):26/03/2025
                                                        Path:/usr/bin/dash
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Start time (UTC):21:39:26
                                                        Start date (UTC):26/03/2025
                                                        Path:/usr/bin/rm
                                                        Arguments:rm -f /tmp/tmp.qnKpI3LBNa /tmp/tmp.4FCWtZk34b /tmp/tmp.LXBcVbX781
                                                        File size:72056 bytes
                                                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                        Start time (UTC):21:39:26
                                                        Start date (UTC):26/03/2025
                                                        Path:/usr/bin/dash
                                                        Arguments:-
                                                        File size:129816 bytes
                                                        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                        Start time (UTC):21:39:26
                                                        Start date (UTC):26/03/2025
                                                        Path:/usr/bin/rm
                                                        Arguments:rm -f /tmp/tmp.qnKpI3LBNa /tmp/tmp.4FCWtZk34b /tmp/tmp.LXBcVbX781
                                                        File size:72056 bytes
                                                        MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b