Edit tour

Linux Analysis Report
mips.nn.elf

Overview

General Information

Sample name:	mips.nn.elf
Analysis ID:	1654578
MD5:	c73a365be78dfe06bc37973eae34652d
SHA1:	c8e5597e6b3cc57acbd171dbb75d218256bca388
SHA256:	76a178a2f246f1445e07d110aed40f59353cb2a6ce493b4612c64de19c48f01e
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	64
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes the "rm" command used to delete files or directories

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1654578
Start date and time:	2025-04-02 12:48:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	mips.nn.elf
Detection:	MAL
Classification:	mal64.troj.linELF@0/2@0/0

Runtime Messages

Command:	/tmp/mips.nn.elf
PID:	6209
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	The Gorilla Botnet Cats Came After You!
Standard Error:

Process Tree

system is lnxubuntu20

mips.nn.elf (PID: 6209, Parent: 6124, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.nn.elf

mips.nn.elf New Fork (PID: 6231, Parent: 6209)

mips.nn.elf New Fork (PID: 6233, Parent: 6231)

udisksd New Fork (PID: 6219, Parent: 799)

dumpe2fs (PID: 6219, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

udisksd New Fork (PID: 6254, Parent: 799)

dumpe2fs (PID: 6254, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

udisksd New Fork (PID: 6274, Parent: 799)

dumpe2fs (PID: 6274, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

dash New Fork (PID: 6358, Parent: 4337)

rm (PID: 6358, Parent: 4337, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.v3QLYp7cRs /tmp/tmp.3eHzlqOkwL /tmp/tmp.XGQcq6bZ5h

dash New Fork (PID: 6359, Parent: 4337)

rm (PID: 6359, Parent: 4337, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.v3QLYp7cRs /tmp/tmp.3eHzlqOkwL /tmp/tmp.XGQcq6bZ5h

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
mips.nn.elf	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
6209.1.00007fbf80400000.00007fbf80420000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Persistence and Installation Behavior
• Malware Analysis System Evasion
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: mips.nn.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: mips.nn.elf	Virustotal: Detection: 34%			Perma Link
Source: mips.nn.elf	ReversingLabs: Detection: 55%

Source: global traffic

TCP traffic: 192.168.2.23:58492 -> 176.65.134.15:38242

Source: /tmp/mips.nn.elf (PID: 6209)

Socket: 127.0.0.1:38242

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.15

Source: unknown	Network traffic detected: HTTP traffic on port 39244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39244
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/mips.nn.elf (PID: 6233)

SIGKILL sent: pid: 6358, result: no such process

Jump to behavior

Source: classification engine

Classification label: mal64.troj.linELF@0/2@0/0

Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6274/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6254/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6311/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6310/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6035/cmdline	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6313/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6312/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/799/cmdline	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6325/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6308/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6307/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6309/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6320/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6322/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6321/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6324/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6323/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6315/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6314/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6317/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6316/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6319/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 6233)	File opened: /proc/6318/status	Jump to behavior

Source: /usr/bin/dash (PID: 6358)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.v3QLYp7cRs /tmp/tmp.3eHzlqOkwL /tmp/tmp.XGQcq6bZ5h			Jump to behavior
Source: /usr/bin/dash (PID: 6359)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.v3QLYp7cRs /tmp/tmp.3eHzlqOkwL /tmp/tmp.XGQcq6bZ5h			Jump to behavior

Source: /tmp/mips.nn.elf (PID: 6209)

Queries kernel information via 'uname':

Jump to behavior

Source: mips.nn.elf, 6209.1.00007ffcb211a000.00007ffcb213b000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/mips.nn.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.nn.elf
Source: mips.nn.elf, 6209.1.000055dbf84ed000.000055dbf8594000.rw-.sdmp	Binary or memory string: !/usr/bin/vmtoolsd!/proc/4489/exe1/usr/lib/policykit-1/polkitd
Source: mips.nn.elf, 6209.1.000055dbf84ed000.000055dbf8594000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: mips.nn.elf, 6209.1.000055dbf84ed000.000055dbf8594000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: mips.nn.elf, 6209.1.00007ffcb211a000.00007ffcb213b000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.fSfkyJ
Source: mips.nn.elf, 6209.1.000055dbf84ed000.000055dbf8594000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: mips.nn.elf, 6209.1.00007ffcb211a000.00007ffcb213b000.rw-.sdmp	Binary or memory string: %s/qemu-op
Source: mips.nn.elf, 6209.1.00007ffcb211a000.00007ffcb213b000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: mips.nn.elf, 6209.1.00007ffcb211a000.00007ffcb213b000.rw-.sdmp	Binary or memory string: U/tmp/qemu-open.fSfkyJ\
Source: mips.nn.elf, 6209.1.00007ffcb211a000.00007ffcb213b000.rw-.sdmp	Binary or memory string: MPDIR%s/qemu-op

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: mips.nn.elf, type: SAMPLE
Source: Yara match	File source: 6209.1.00007fbf80400000.00007fbf80420000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: mips.nn.elf, type: SAMPLE
Source: Yara match	File source: 6209.1.00007fbf80400000.00007fbf80420000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
mips.nn.elf	35%	Virustotal		Browse
mips.nn.elf	56%	ReversingLabs	Linux.Backdoor.Mirai
mips.nn.elf	100%	Avira	LINUX/GM.Mirai.ZM

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.249.145.219	unknown	United States	16509	AMAZON-02US	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
176.65.134.15	unknown	Germany	56325	DIOGELO-ASGB	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
34.249.145.219	na.elf	Get hash	malicious	Prometei	Browse
	arm6.nn.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	drea4.elf	Get hash	malicious	Unknown	Browse
	825.elf	Get hash	malicious	Unknown	Browse
	IdpLihor52.elf	Get hash	malicious	Unknown	Browse
	Space.mips.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
176.65.134.15	arm5.nn.elf	Get hash	malicious	Mirai	Browse
	sparc.nn.elf	Get hash	malicious	Mirai	Browse
	mips.nn.elf	Get hash	malicious	Mirai	Browse
	arm5.nn.elf	Get hash	malicious	Mirai	Browse
	arm.nn.elf	Get hash	malicious	Mirai	Browse
	arm7.nn.elf	Get hash	malicious	Mirai	Browse
	sh4.nn.elf	Get hash	malicious	Mirai	Browse
	powerpc.nn.elf	Get hash	malicious	Mirai	Browse
	mipsel.nn.elf	Get hash	malicious	Mirai	Browse
	x86_32.nn.elf	Get hash	malicious	Mirai	Browse
91.189.91.43	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	arm6.nn.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	arc.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	arm6.nn.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	ppc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
DIOGELO-ASGB	1743589926c659c1a4578e4d44e9da59d9af359b09204378dcd90a6c0d8fa9188a951bb0e2722.dat-decoded.exe	Get hash	malicious	Remcos	Browse	176.65.134.41
	paste.ee_d_ktyPclYy.js	Get hash	malicious	Remcos	Browse	176.65.134.41
	PR3001789.js	Get hash	malicious	Remcos	Browse	176.65.134.41
	killua.x86_64.elf	Get hash	malicious	Unknown	Browse	176.65.134.43
	arm5.nn.elf	Get hash	malicious	Mirai	Browse	176.65.134.15
	1743362826ccceca1466d46143044cb8d624b4839206fb65ac2eea5a81b59a8e2977ae7bc5620.dat-decoded.exe	Get hash	malicious	XWorm	Browse	176.65.134.56
	1743362767b39ce9ae90af463b2090fcece5c4349a42c3942cf272d75d62dd81aabd676faf123.dat-decoded.exe	Get hash	malicious	XWorm	Browse	176.65.134.56
	SZf8I0IvEg.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	176.65.134.105
	Z9dgTYzz4x.exe	Get hash	malicious	RHADAMANTHYS	Browse	176.65.134.153
	killua.x86.elf	Get hash	malicious	Unknown	Browse	176.65.134.43
INIT7CH	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	arm6.nn.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	arc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	ppc.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
AMAZON-02US	na.elf	Get hash	malicious	Prometei	Browse	54.171.230.55
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	http://www.grafix.buzz	Get hash	malicious	Unknown	Browse	3.11.92.157
	arm6.nn.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fclick.pstmrk.it%2525252F3%2525252Fohdlrdw8.softindusolutions.in%2525252FUsrr%2525252FDGO8AQ%2525252FAQ%2525252F8df5f3e5-890c-4781-9572-8b2c336424af%2525252F2%2525252FfqFre5K5lI%25252FUsrr%25252FDmO8AQ%25252FAQ%25252F251db6df-d3df-44bb-a660-21d30bcf5a42%25252F2%25252FEn_kh56HAv%252FUsrr%252FEGO8AQ%252FAQ%252F81acf56d-0365-47cb-aa65-bb61a6799bd7%252F2%252Fjggqn4VRzQ%2FUsrr%2FEWO8AQ%2FAQ%2F55ed24d0-bd3d-4666-96ff-3d8e7e5fba7c%2F2%2Fv-PfME3c3P/Usrr/EmO8AQ/AQ/21ff5261-8959-46ca-a062-d9bdef8858ef/2/GCkEEKTUYC#Z2VyYWxkaW5lLmNvYWtsZXlAaXR2LmNvbQ==	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	3.146.16.147
	https://url8500-gls-mcdxyrhvwqogmuz7axpxpdfi-2.webflow.io/	Get hash	malicious	Unknown	Browse	13.33.251.183
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	34.249.145.219
	ppc.elf	Get hash	malicious	Unknown	Browse	34.249.145.219

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/etc/motd

Download File

Process:	/tmp/mips.nn.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	53
Entropy (8bit):	3.871459242626451
Encrypted:	false
SSDEEP:	3:yGKtARxFQFrgBJ4BJ+3e:dQ0EcHG2e
MD5:	2BD9B4BE30579E633FC0191AA93DF486
SHA1:	7D63A9BD9662E86666B27C1B50DB8E7370C624FF
SHA-256:	64DC39F3004DC93C9FC4F1467B4807F2D8E3EB0BFA96B15C19CD8E7D6FA77A1D
SHA-512:	AE6DD7B39191354CF43CF65E517460D7D4C61B8F5C08E33E6CA3C451DC7CAB4DE89F33934C89396B80F1AADE0A4E2571BD5AE8B76EF80B737D4588703D2814D5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	gorilla botnet is on the device ur not a cat go away.

/tmp/qemu-open.fSfkyJ (deleted)

Download File

Process:	/tmp/mips.nn.elf
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	17
Entropy (8bit):	3.4992275471326932
Encrypted:	false
SSDEEP:	3:TgaLOln:TgAKn
MD5:	3B2A108EB9BDAC564681D1D50B5B8E8F
SHA1:	E744F918D99769B49D0C6E8CBEDD4A1590CBBD1E
SHA-256:	B89FE9B42F66509FF52B529092B42F8D759FB8E03059E8CC4039940A45287D87
SHA-512:	52A5D2AB05D38B4EEE703B8344837CA7B890D6C8CC32C7AAEE8F128EBBE5F45A92A72A54E8A14B4DB61E9E7E002CED615B52E7503F50FB46AD8738921B1C98A5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	/tmp/mips.nn.elf.

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.609053145958687
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	mips.nn.elf
File size:	133'344 bytes
MD5:	c73a365be78dfe06bc37973eae34652d
SHA1:	c8e5597e6b3cc57acbd171dbb75d218256bca388
SHA256:	76a178a2f246f1445e07d110aed40f59353cb2a6ce493b4612c64de19c48f01e
SHA512:	273b81c351d6ef0f48d80e50f5b733808c897ed106a9187be1946f1d71d2bc03f752328c21039c0e399a87cedb09e192b0ae33d4bd60063cc9b8f1f271abe4d7
SSDEEP:	3072:CcvEeZdZh4BY1r9MTePI2XKG+UjvkyHMPSG2K:CcvEeZfh4BY1r98ePJjDzLLTK
TLSH:	8ED3C61E6E218F6DF369833847B78E21A39833D626D1D685D2BCD5115F6038E241FFA8
File Content Preview:	.ELF.....................@.`...4.........4. ...(.............@...@...........................E...E.....h..s.........dt.Q............................<...'.~,...!'.......................<...'.~....!... ....'9... ......................<...'.}....!........'9.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	132784
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0x1da00	0x0	0x6	AX	16
.fini	PROGBITS	0x41db20	0x1db20	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x41db80	0x1db80	0x1d60	0x0	0x2	A	16
.ctors	PROGBITS	0x45f8e4	0x1f8e4	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x45f8ec	0x1f8ec	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x45f8f8	0x1f8f8	0x5c	0x0	0x3	WA	4
.data	PROGBITS	0x45f960	0x1f960	0x568	0x0	0x3	WA	16
.got	PROGBITS	0x45fed0	0x1fed0	0x77c	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x46064c	0x2064c	0x28	0x0	0x10000003	WAp	4
.bss	NOBITS	0x460680	0x2064c	0x6578	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0xe6a	0x2064c	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x2064c	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1f8e0	0x1f8e0	5.6212	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x1f8e4	0x45f8e4	0x45f8e4	0xd68	0x7314	4.3405	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 37
• 38242 undefined
• 443 (HTTPS)
• 80 (HTTP)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2025 12:49:15.092370987 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 2, 2025 12:49:16.342505932 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:16.575383902 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:16.576282978 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:16.576282978 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:16.809379101 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:16.809581995 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:16.809627056 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:16.902884007 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:17.137465954 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:17.137814045 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:17.137814045 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:17.415425062 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:17.415618896 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:17.647828102 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:20.467564106 CEST	42836	443	192.168.2.23	91.189.91.43
Apr 2, 2025 12:49:22.003329992 CEST	42516	80	192.168.2.23	109.202.202.202
Apr 2, 2025 12:49:26.379924059 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:26.380012989 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:31.960396051 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:31.960484982 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:35.313502073 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 2, 2025 12:49:41.968652010 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:42.202923059 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:42.202939987 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:42.203048944 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:42.623691082 CEST	39244	443	192.168.2.23	34.249.145.219
Apr 2, 2025 12:49:42.623729944 CEST	443	39244	34.249.145.219	192.168.2.23
Apr 2, 2025 12:49:42.623804092 CEST	39244	443	192.168.2.23	34.249.145.219
Apr 2, 2025 12:49:42.624083042 CEST	39244	443	192.168.2.23	34.249.145.219
Apr 2, 2025 12:49:42.624098063 CEST	443	39244	34.249.145.219	192.168.2.23
Apr 2, 2025 12:49:42.774665117 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:42.774738073 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:43.337240934 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:43.337327003 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:47.339325905 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:49:47.339432001 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:49:47.599787951 CEST	42836	443	192.168.2.23	91.189.91.43
Apr 2, 2025 12:49:51.695202112 CEST	42516	80	192.168.2.23	109.202.202.202
Apr 2, 2025 12:50:02.816494942 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:50:02.816597939 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:50:16.267990112 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 2, 2025 12:50:18.056265116 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:50:18.056382895 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:50:28.667531967 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:50:28.667696953 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:50:35.773736954 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:50:35.773946047 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:50:37.102200031 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:50:37.102333069 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:50:37.148482084 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:50:37.148610115 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:50:37.231652975 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:50:37.231771946 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:50:42.616103888 CEST	39244	443	192.168.2.23	34.249.145.219
Apr 2, 2025 12:50:42.660279036 CEST	443	39244	34.249.145.219	192.168.2.23
Apr 2, 2025 12:50:57.238246918 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:50:57.503139019 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:50:57.503351927 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:51:06.356627941 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:51:06.356767893 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:51:15.593750000 CEST	38242	58492	176.65.134.15	192.168.2.23
Apr 2, 2025 12:51:15.593993902 CEST	58492	38242	192.168.2.23	176.65.134.15
Apr 2, 2025 12:51:19.411746025 CEST	443	39244	34.249.145.219	192.168.2.23

System Behavior

Analysis Process: mips.nn.elf PID: 6209, Parent PID: 6124

General

Start time (UTC):	10:49:14
Start date (UTC):	02/04/2025
Path:	/tmp/mips.nn.elf
Arguments:	/tmp/mips.nn.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Symbolic Link Created

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: mips.nn.elf PID: 6231, Parent PID: 6209

General

Start time (UTC):	10:49:15
Start date (UTC):	02/04/2025
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Forked

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: mips.nn.elf PID: 6233, Parent PID: 6231

General

Start time (UTC):	10:49:15
Start date (UTC):	02/04/2025
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Signal Sent

Prctl Requested

Thread Sleep

Chronological Activities

Analysis Process: udisksd PID: 6219, Parent PID: 799

General

Start time (UTC):	10:49:15
Start date (UTC):	02/04/2025
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: dumpe2fs PID: 6219, Parent PID: 799

General

Start time (UTC):	10:49:15
Start date (UTC):	02/04/2025
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: udisksd PID: 6254, Parent PID: 799

General

Start time (UTC):	10:49:15
Start date (UTC):	02/04/2025
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: dumpe2fs PID: 6254, Parent PID: 799

General

Start time (UTC):	10:49:15
Start date (UTC):	02/04/2025
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: udisksd PID: 6274, Parent PID: 799

General

Start time (UTC):	10:49:15
Start date (UTC):	02/04/2025
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: dumpe2fs PID: 6274, Parent PID: 799

General

Start time (UTC):	10:49:15
Start date (UTC):	02/04/2025
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: dash PID: 6358, Parent PID: 4337

General

Start time (UTC):	10:50:41
Start date (UTC):	02/04/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6358, Parent PID: 4337

General

Start time (UTC):	10:50:41
Start date (UTC):	02/04/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.v3QLYp7cRs /tmp/tmp.3eHzlqOkwL /tmp/tmp.XGQcq6bZ5h
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

File Deleted

File Read

Chronological Activities

Analysis Process: dash PID: 6359, Parent PID: 4337

General

Start time (UTC):	10:50:41
Start date (UTC):	02/04/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 6359, Parent PID: 4337

General

Start time (UTC):	10:50:41
Start date (UTC):	02/04/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.v3QLYp7cRs /tmp/tmp.3eHzlqOkwL /tmp/tmp.XGQcq6bZ5h
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report mips.nn.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/motd

/tmp/qemu-open.fSfkyJ (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: mips.nn.elf PID: 6209, Parent PID: 6124

General

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Symbolic Link Created

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: mips.nn.elf PID: 6231, Parent PID: 6209

Linux Analysis Report
mips.nn.elf