Create Interactive Tour

Linux Analysis Report
xd.x86.elf

Overview

General Information

Sample name:	xd.x86.elf
Analysis ID:	1655033
MD5:	5e4a544bfb8cfb31f89e915eb339ded5
SHA1:	690a965ee7207bcf2b5454e1241e7a0c056da634
SHA256:	f947f7b2f43f39a5ba5b7053c12d4e3b8f9315ef17d26af7c9b0f449391fc4e8
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	88
Range:	0 - 100

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sample deletes itself

Sample is packed with UPX

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Deletes log files

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Reads CPU information from /sys indicative of miner or evasive malware

Sample contains only a LOAD segment without any section mappings

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1655033
Start date and time:	2025-04-02 21:57:30 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	xd.x86.elf
Detection:	MAL
Classification:	mal88.spre.troj.evad.linELF@0/16@0/0

Warnings

Connection to analysis system has been lost, crash info: Unknown

Process Tree

system is lnxubuntu20

xd.x86.elf (PID: 5428, Parent: 5355, MD5: 5e4a544bfb8cfb31f89e915eb339ded5) Arguments: /tmp/xd.x86.elf

xd.x86.elf New Fork (PID: 5429, Parent: 5428)

xd.x86.elf New Fork (PID: 5430, Parent: 5428)

xd.x86.elf New Fork (PID: 5431, Parent: 5428)

xd.x86.elf New Fork (PID: 5432, Parent: 5431)

xd.x86.elf New Fork (PID: 5433, Parent: 5431)

xd.x86.elf New Fork (PID: 5434, Parent: 5431)

systemd New Fork (PID: 5448, Parent: 1)

journalctl (PID: 5448, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var

systemd New Fork (PID: 5463, Parent: 1)

systemd New Fork (PID: 5465, Parent: 1)

systemd New Fork (PID: 5466, Parent: 1)

systemd New Fork (PID: 5467, Parent: 1)

systemd New Fork (PID: 5468, Parent: 1)

systemd New Fork (PID: 5505, Parent: 1)

systemd New Fork (PID: 5523, Parent: 1)

systemd New Fork (PID: 5524, Parent: 1)

systemd New Fork (PID: 5525, Parent: 1)

systemd New Fork (PID: 5526, Parent: 1)

systemd New Fork (PID: 5527, Parent: 1)

systemd New Fork (PID: 5528, Parent: 1)

systemd New Fork (PID: 5529, Parent: 2935)

pulseaudio (PID: 5529, Parent: 2935, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 5530, Parent: 1)

gdm3 New Fork (PID: 5531, Parent: 1400)

Default (PID: 5531, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5532, Parent: 1400)

Default (PID: 5532, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5533, Parent: 1400)

Default (PID: 5533, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 5534, Parent: 1)

systemd New Fork (PID: 5536, Parent: 1)

systemd New Fork (PID: 5538, Parent: 1)

gpu-manager (PID: 5538, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5539, Parent: 5538)

sh (PID: 5539, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5540, Parent: 5539)

grep (PID: 5540, Parent: 5539, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 5541, Parent: 5538)

sh (PID: 5541, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 5542, Parent: 5541)

grep (PID: 5542, Parent: 5541, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 5543, Parent: 5538)

sh (PID: 5543, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5544, Parent: 5543)

grep (PID: 5544, Parent: 5543, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 5545, Parent: 5538)

sh (PID: 5545, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 5546, Parent: 5545)

grep (PID: 5546, Parent: 5545, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 5547, Parent: 5538)

sh (PID: 5547, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5548, Parent: 5547)

grep (PID: 5548, Parent: 5547, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 5549, Parent: 5538)

sh (PID: 5549, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 5550, Parent: 5549)

grep (PID: 5550, Parent: 5549, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 5551, Parent: 5538)

sh (PID: 5551, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5552, Parent: 5551)

grep (PID: 5552, Parent: 5551, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 5553, Parent: 5538)

sh (PID: 5553, Parent: 5538, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 5554, Parent: 5553)

grep (PID: 5554, Parent: 5553, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

systemd (deleted) New Fork (PID: 5555, Parent: 1)

generate-config (PID: 5555, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 5556, Parent: 5555)

pkill (PID: 5556, Parent: 5555, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd (deleted) New Fork (PID: 5557, Parent: 1)

gdm-wait-for-drm (PID: 5557, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm

gvfsd-fuse New Fork (PID: 5558, Parent: 3122)

fusermount (PID: 5558, Parent: 3122, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd (deleted) New Fork (PID: 5562, Parent: 1)

gdm3 (PID: 5562, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3

systemd (deleted) New Fork (PID: 5565, Parent: 1)

systemd (deleted) New Fork (PID: 5576, Parent: 1)

systemd (deleted) New Fork (PID: 5577, Parent: 1)

systemd (deleted) New Fork (PID: 5578, Parent: 1)

systemd (deleted) New Fork (PID: 5588, Parent: 1)

systemd (deleted) New Fork (PID: 5589, Parent: 1)

gpu-manager (PID: 5589, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5590, Parent: 5589)

gpu-manager New Fork (PID: 5591, Parent: 5589)

gpu-manager New Fork (PID: 5592, Parent: 5589)

gpu-manager New Fork (PID: 5593, Parent: 5589)

gpu-manager New Fork (PID: 5594, Parent: 5589)

gpu-manager New Fork (PID: 5595, Parent: 5589)

gpu-manager New Fork (PID: 5596, Parent: 5589)

gpu-manager New Fork (PID: 5597, Parent: 5589)

systemd (deleted) New Fork (PID: 5598, Parent: 1)

systemd (deleted) New Fork (PID: 5599, Parent: 1)

gpu-manager (PID: 5599, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5600, Parent: 5599)

gpu-manager New Fork (PID: 5601, Parent: 5599)

gpu-manager New Fork (PID: 5602, Parent: 5599)

gpu-manager New Fork (PID: 5603, Parent: 5599)

gpu-manager New Fork (PID: 5604, Parent: 5599)

gpu-manager New Fork (PID: 5605, Parent: 5599)

gpu-manager New Fork (PID: 5606, Parent: 5599)

gpu-manager New Fork (PID: 5607, Parent: 5599)

systemd (deleted) New Fork (PID: 5608, Parent: 1)

systemd (deleted) New Fork (PID: 5609, Parent: 1)

gpu-manager (PID: 5609, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5610, Parent: 5609)

gpu-manager New Fork (PID: 5611, Parent: 5609)

gpu-manager New Fork (PID: 5612, Parent: 5609)

gpu-manager New Fork (PID: 5613, Parent: 5609)

gpu-manager New Fork (PID: 5614, Parent: 5609)

gpu-manager New Fork (PID: 5615, Parent: 5609)

gpu-manager New Fork (PID: 5616, Parent: 5609)

gpu-manager New Fork (PID: 5617, Parent: 5609)

systemd (deleted) New Fork (PID: 5618, Parent: 1)

systemd (deleted) New Fork (PID: 5619, Parent: 1)

gpu-manager (PID: 5619, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5620, Parent: 5619)

gpu-manager New Fork (PID: 5621, Parent: 5619)

gpu-manager New Fork (PID: 5622, Parent: 5619)

gpu-manager New Fork (PID: 5623, Parent: 5619)

gpu-manager New Fork (PID: 5624, Parent: 5619)

gpu-manager New Fork (PID: 5625, Parent: 5619)

gpu-manager New Fork (PID: 5626, Parent: 5619)

gpu-manager New Fork (PID: 5627, Parent: 5619)

systemd (deleted) New Fork (PID: 5628, Parent: 1)

systemd (deleted) New Fork (PID: 5629, Parent: 1)

gpu-manager (PID: 5629, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5630, Parent: 5629)

gpu-manager New Fork (PID: 5631, Parent: 5629)

gpu-manager New Fork (PID: 5632, Parent: 5629)

gpu-manager New Fork (PID: 5633, Parent: 5629)

gpu-manager New Fork (PID: 5634, Parent: 5629)

gpu-manager New Fork (PID: 5635, Parent: 5629)

gpu-manager New Fork (PID: 5636, Parent: 5629)

gpu-manager New Fork (PID: 5637, Parent: 5629)

systemd (deleted) New Fork (PID: 5638, Parent: 1)

systemd (deleted) New Fork (PID: 5639, Parent: 1)

plymouth (PID: 5639, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit

systemd (deleted) New Fork (PID: 5641, Parent: 2935)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
5432.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
5432.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfe8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdffc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe010:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe024:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe038:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe04c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe060:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe074:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xde94:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xad82:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xcc5a:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb7ac:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xad52:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5432.1.0000000008048000.0000000008058000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xdb80:$x1: POST /cdn-cgi/ 0xe867:$s1: LCOGQGPTGP
5434.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
5434.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfe8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdffc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe010:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe024:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe038:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe04c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe060:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe074:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xde94:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xad82:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xcc5a:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb7ac:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xad52:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5434.1.0000000008048000.0000000008058000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xdb80:$x1: POST /cdn-cgi/ 0xe867:$s1: LCOGQGPTGP
5431.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
5431.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfe8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdffc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe010:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe024:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe038:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe04c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe060:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe074:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xde94:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xad82:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xcc5a:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb7ac:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xad52:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5431.1.0000000008048000.0000000008058000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xdb80:$x1: POST /cdn-cgi/ 0xe867:$s1: LCOGQGPTGP
5430.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
5430.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfe8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdffc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe010:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe024:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe038:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe04c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe060:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe074:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xde94:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xad82:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xcc5a:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb7ac:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xad52:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5430.1.0000000008048000.0000000008058000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xdb80:$x1: POST /cdn-cgi/ 0xe867:$s1: LCOGQGPTGP
5433.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
5433.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfe8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdffc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe010:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe024:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe038:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe04c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe060:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe074:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xde94:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xad82:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xcc5a:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb7ac:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xad52:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5433.1.0000000008048000.0000000008058000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xdb80:$x1: POST /cdn-cgi/ 0xe867:$s1: LCOGQGPTGP
5428.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
5428.1.0000000008048000.0000000008058000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xdee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdf98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdfe8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdffc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe010:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe024:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe038:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe04c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe060:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe074:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xde94:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_fa3ad9d0	unknown	unknown	0x46a:$a: CB 08 C1 CB 10 66 C1 CB 08 31 C9 8A 4F 14 D3 E8 01 D8 66 C1
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4f30:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_93fc3657	unknown	unknown	0x4f5:$a: 00 00 00 89 44 24 60 89 D1 31 C0 8B 7C 24 28 FC F3 AB 89 D1 8B 7C
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_804f8e7c	unknown	unknown	0x39b:$a: 31 ED 81 E1 FF 00 00 00 89 4C 24 58 89 EA C6 46 04 00 C1 FA 1F
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_99d78950	unknown	unknown	0xfc1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x10a1:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1176:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x1421:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00 0x18a3:$a: 10 89 C3 80 BC 04 83 00 00 00 20 0F 94 C0 8D B4 24 83 00 00 00 25 FF 00
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_a68e498c	unknown	unknown	0x2b3:$a: 10 39 D0 7E 25 8B 4C 24 38 01 D1 8A 11 8D 42 9F 3C 19 77 05 8D
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xad82:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x22b2:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xcc5a:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xb7ac:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xad52:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5428.1.0000000008048000.0000000008058000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0xdb80:$x1: POST /cdn-cgi/ 0xe867:$s1: LCOGQGPTGP
Process Memory Space: xd.x86.elf PID: 5428	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5428	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5428	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x145b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x146f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1483:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1497:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x150f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1523:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1537:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x154b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x155f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1573:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1587:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x159b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 5428	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x140e:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 5430	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5430	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5430	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x862:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x876:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x88a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x89e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x902:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x916:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x93e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x952:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x966:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x97a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x98e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 5430	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x815:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 5431	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5431	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5431	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xbec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xca0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 5431	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xb9f:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 5432	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5432	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5432	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1503:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1517:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x153f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1553:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1567:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15a3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15df:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15f3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1607:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x161b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x162f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1643:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1657:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x166b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x167f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1693:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 5432	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x14b6:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 5433	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5433	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5433	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x862:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x876:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x88a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x89e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x902:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x916:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x93e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x952:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x966:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x97a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x98e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 5433	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x815:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: xd.x86.elf PID: 5434	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5434	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: xd.x86.elf PID: 5434	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xc36:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc4a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc72:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc86:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc9a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcc2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcd6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcea:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcfe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd12:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd26:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd3a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd4e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd62:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd76:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd8a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd9e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdc6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: xd.x86.elf PID: 5434	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xbe9:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Click to see the 115 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Bitcoin Miner
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: xd.x86.elf

ReversingLabs: Detection: 50%

Source: /usr/bin/pulseaudio (PID: 5529)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.13:52640 -> 213.209.129.92:7887

Source: unknown	TCP traffic detected without corresponding DNS query: 213.209.129.92
Source: unknown	TCP traffic detected without corresponding DNS query: 85.13.167.129
Source: unknown	TCP traffic detected without corresponding DNS query: 89.70.172.129
Source: unknown	TCP traffic detected without corresponding DNS query: 186.104.136.97
Source: unknown	TCP traffic detected without corresponding DNS query: 183.86.70.147
Source: unknown	TCP traffic detected without corresponding DNS query: 195.239.104.238
Source: unknown	TCP traffic detected without corresponding DNS query: 171.81.85.175
Source: unknown	TCP traffic detected without corresponding DNS query: 78.252.172.4
Source: unknown	TCP traffic detected without corresponding DNS query: 42.150.109.49
Source: unknown	TCP traffic detected without corresponding DNS query: 153.139.76.158
Source: unknown	TCP traffic detected without corresponding DNS query: 39.98.190.239
Source: unknown	TCP traffic detected without corresponding DNS query: 81.114.130.249
Source: unknown	TCP traffic detected without corresponding DNS query: 179.235.130.92
Source: unknown	TCP traffic detected without corresponding DNS query: 81.63.252.112
Source: unknown	TCP traffic detected without corresponding DNS query: 115.215.194.210
Source: unknown	TCP traffic detected without corresponding DNS query: 84.124.80.210
Source: unknown	TCP traffic detected without corresponding DNS query: 108.183.236.177
Source: unknown	TCP traffic detected without corresponding DNS query: 14.206.54.147
Source: unknown	TCP traffic detected without corresponding DNS query: 41.40.78.56
Source: unknown	TCP traffic detected without corresponding DNS query: 111.113.79.50
Source: unknown	TCP traffic detected without corresponding DNS query: 144.18.120.20
Source: unknown	TCP traffic detected without corresponding DNS query: 67.30.93.151
Source: unknown	TCP traffic detected without corresponding DNS query: 12.208.73.139
Source: unknown	TCP traffic detected without corresponding DNS query: 241.21.253.186
Source: unknown	TCP traffic detected without corresponding DNS query: 122.117.222.135
Source: unknown	TCP traffic detected without corresponding DNS query: 91.90.73.28
Source: unknown	TCP traffic detected without corresponding DNS query: 86.104.115.172
Source: unknown	TCP traffic detected without corresponding DNS query: 160.195.215.223
Source: unknown	TCP traffic detected without corresponding DNS query: 86.123.155.72
Source: unknown	TCP traffic detected without corresponding DNS query: 216.40.200.22
Source: unknown	TCP traffic detected without corresponding DNS query: 46.9.184.211
Source: unknown	TCP traffic detected without corresponding DNS query: 182.116.16.62
Source: unknown	TCP traffic detected without corresponding DNS query: 27.22.152.239
Source: unknown	TCP traffic detected without corresponding DNS query: 221.108.187.132
Source: unknown	TCP traffic detected without corresponding DNS query: 251.205.142.226
Source: unknown	TCP traffic detected without corresponding DNS query: 148.213.231.57
Source: unknown	TCP traffic detected without corresponding DNS query: 223.167.19.106
Source: unknown	TCP traffic detected without corresponding DNS query: 111.251.20.81
Source: unknown	TCP traffic detected without corresponding DNS query: 83.9.84.237
Source: unknown	TCP traffic detected without corresponding DNS query: 107.128.57.24
Source: unknown	TCP traffic detected without corresponding DNS query: 222.150.36.28
Source: unknown	TCP traffic detected without corresponding DNS query: 92.16.80.111
Source: unknown	TCP traffic detected without corresponding DNS query: 102.72.134.183
Source: unknown	TCP traffic detected without corresponding DNS query: 119.179.159.86
Source: unknown	TCP traffic detected without corresponding DNS query: 191.213.218.212
Source: unknown	TCP traffic detected without corresponding DNS query: 124.195.104.178
Source: unknown	TCP traffic detected without corresponding DNS query: 86.225.14.152
Source: unknown	TCP traffic detected without corresponding DNS query: 136.129.242.17
Source: unknown	TCP traffic detected without corresponding DNS query: 69.253.3.225
Source: unknown	TCP traffic detected without corresponding DNS query: 202.103.60.182

Source: xd.x86.elf

String found in binary or memory: http://upx.sf.net

System Summary

Malicious sample detected (through community Yara rule)

Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: Process Memory Space: xd.x86.elf PID: 5428, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5428, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5430, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5430, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5431, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5431, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5433, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5433, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.x86.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 727, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 778, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 783, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 790, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 795, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 2970, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 3069, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 3132, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5272, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5413, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5414, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5529, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5562, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5431)	SIGKILL sent: pid: -5431, result: unknown	Jump to behavior

Source: LOAD without section mappings

Program segment: 0xc01000

Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 727, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 778, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 783, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 790, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 795, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 2970, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 3069, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 3132, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5272, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5413, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5414, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5529, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	SIGKILL sent: pid: 5562, result: successful	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5431)	SIGKILL sent: pid: -5431, result: unknown	Jump to behavior

Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_93fc3657 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d01a9e85a01fad913ca048b60bda1e5a2762f534e5308132c1d3098ac3f561ee, id = 93fc3657-fd21-4e93-a728-c084fc0a6a4a, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_804f8e7c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 1080d8502848d532a0b38861437485d98a41d945acaf3cb676a7a2a2f6793ac6, id = 804f8e7c-4786-42bc-92e4-c68c24ca530e, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_99d78950 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3008edc4e7a099b64139a77d15ec0e2c3c1b55fc23ab156304571c4d14bc654c, id = 99d78950-ea23-4166-a85a-7a029209f5b1, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_a68e498c reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 951c9dfcba531e5112c872395f6c144c4bc8b71c666d2c7d9d8574a23c163883, id = a68e498c-0768-4321-ab65-42dd6ef85323, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: Process Memory Space: xd.x86.elf PID: 5428, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5428, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5430, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5430, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5431, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5431, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5433, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5433, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.x86.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: classification engine

Classification label: mal88.spre.troj.evad.linELF@0/16@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /bin/fusermount (PID: 5558)

File: /proc/5558/mounts

Jump to behavior

Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/230/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/230/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/110/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/110/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/231/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/231/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/111/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/111/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/232/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/232/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/112/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/112/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/233/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/233/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/113/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/113/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/234/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/234/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/114/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/114/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/235/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/235/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/115/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/115/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/236/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/236/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/116/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/116/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/237/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/237/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/117/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/117/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/238/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/238/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/118/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/118/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/239/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/239/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/119/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/119/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/10/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/10/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/11/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/11/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/5272/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/5272/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/12/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/12/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/13/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/13/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/14/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/14/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/15/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/15/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/16/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/16/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/17/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/17/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/18/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/18/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/19/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/19/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/240/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/240/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/3095/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/3095/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/120/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/120/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/241/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/241/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/121/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/121/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/242/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/242/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/1/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/1/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/122/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/122/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/243/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/243/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/2/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/2/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/123/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/123/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/244/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/244/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/3/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/3/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/124/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/124/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/245/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/245/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/125/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/125/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/4/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/4/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/246/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/246/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/126/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/126/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/5/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/5/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/247/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/247/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/127/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	File opened: /proc/127/cmdline	Jump to behavior

Source: /usr/bin/gpu-manager (PID: 5539)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5541)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5543)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5545)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5547)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5549)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5551)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5553)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior

Source: /bin/sh (PID: 5540)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5542)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5544)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5546)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5548)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5550)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5552)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5554)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior

Source: /usr/share/gdm/generate-config (PID: 5556)

Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Jump to behavior

Source: /usr/sbin/gdm3 (PID: 5562)	File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)			Jump to behavior
Source: /usr/sbin/gdm3 (PID: 5562)	File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)			Jump to behavior

Source: /usr/bin/gpu-manager (PID: 5538)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 5589)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 5599)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 5609)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 5619)	Log file created: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 5629)	Log file created: /var/log/gpu-manager.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/xd.x86.elf (PID: 5429)	File: /usr/lib/systemd/systemd	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	File: /usr/lib/systemd/systemd (deleted)	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	File: /usr/bin/pulseaudio	Jump to behavior
Source: /tmp/xd.x86.elf (PID: 5429)	File: /usr/sbin/gdm3	Jump to behavior

Source: xd.x86.elf

Submission file: segment LOAD with 7.8804 entropy (max. 8.0)

Source: /usr/bin/gpu-manager (PID: 5538)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5589)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5599)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5609)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5619)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5629)	Truncated file: /var/log/gpu-manager.log	Jump to behavior

Source: /usr/bin/pulseaudio (PID: 5529)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior

Source: /usr/bin/pulseaudio (PID: 5529)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5538)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5589)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5599)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5609)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5619)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5629)	Queries kernel information via 'uname':	Jump to behavior

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5430, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5431, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5433, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5434, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: 5432.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5434.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5431.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5430.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5433.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5428.1.0000000008048000.0000000008058000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5430, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5431, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5433, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xd.x86.elf PID: 5434, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 File and Directory Permissions Modification	1 OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Indicator Removal	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
xd.x86.elf	50%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	xd.x86.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
202.194.183.234	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
180.107.85.14	unknown	China	137702	CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince	false
194.144.35.124	unknown	Iceland	12969	VODAFONE_ICELANDIS	false
121.207.177.20	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
104.51.44.186	unknown	United States	7018	ATT-INTERNET4US	false
167.172.161.217	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
221.108.187.132	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
136.40.50.174	unknown	United States	16591	GOOGLE-FIBERUS	false
188.79.77.158	unknown	Spain	12479	UNI2-ASES	false
73.36.31.149	unknown	United States	7922	COMCAST-7922US	false
190.227.110.243	unknown	Argentina	7303	TelecomArgentinaSAAR	false
86.123.155.72	unknown	Romania	8708	RCS-RDS73-75DrStaicoviciRO	false
211.121.50.37	unknown	Japan	4725	ODNSoftBankMobileCorpJP	false
27.22.152.239	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
244.166.4.179	unknown	Reserved	unknown	unknown	false
153.139.76.158	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
5.93.73.80	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
103.128.111.11	unknown	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
44.51.140.17	unknown	United States	7377	UCSDUS	false
179.183.28.132	unknown	Brazil	18881	TELEFONICABRASILSABR	false
111.251.20.81	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
86.104.115.172	unknown	Spain	12479	UNI2-ASES	false
91.90.73.28	unknown	Poland	31242	TKPSA-ASPL	false
105.55.37.154	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
57.95.196.170	unknown	Belgium	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
108.183.236.177	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
116.223.15.238	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
123.0.15.105	unknown	Korea Republic of	38293	MFA-AS-TH-APMinistryofForeignAffairsTH	false
176.26.220.1	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
89.70.172.129	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
75.160.84.222	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
43.225.174.162	unknown	China	131324	M9TCL-AS-AP92CloudTechnologyCoLimitedHK	false
86.225.14.152	unknown	France	3215	FranceTelecom-OrangeFR	false
178.153.138.169	unknown	Qatar	42298	GCC-MPLS-PEERINGGCCMPLSpeeringQA	false
210.190.2.42	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
72.115.230.249	unknown	United States	22394	CELLCOUS	false
247.72.118.64	unknown	Reserved	unknown	unknown	false
144.18.120.20	unknown	United States	58541	CHINATELECOM-SHANDONG-QINGDAO-IDCQingdao266000CN	false
121.86.160.59	unknown	Japan	17511	OPTAGEOPTAGEIncJP	false
194.174.31.68	unknown	Germany	702	UUNETUS	false
91.219.220.177	unknown	Ukraine	15461	SOLVERNET-ASUA	false
195.239.104.238	unknown	Russian Federation	34838	ALFAINS-ASRU	false
212.190.178.165	unknown	Belgium	702	UUNETUS	false
81.63.252.112	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
186.104.136.97	unknown	Chile	7418	TELEFONICACHILESACL	false
60.2.25.108	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
216.219.7.209	unknown	United States	7029	WINDSTREAMUS	false
221.152.125.162	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
211.10.147.248	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
223.107.131.111	unknown	China	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
176.19.215.170	unknown	Saudi Arabia	35819	MOBILY-ASEtihadEtisalatCompanyMobilySA	false
191.213.218.212	unknown	Brazil	7738	TelemarNorteLesteSABR	false
183.86.70.147	unknown	Japan	10010	TOKAITOKAICommunicationsCorporationJP	false
117.247.118.62	unknown	India	9829	BSNL-NIBNationalInternetBackboneIN	false
111.113.79.50	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
67.30.93.151	unknown	United States	202818	LEVEL3COMMUNICATIONSFR	false
119.82.186.231	unknown	Japan	17698	CCNET-NETCOMMUNITYNETWORKCENTERINCORPORATEDJP	false
105.70.49.48	unknown	Morocco	36884	MAROCCONNECTMA	false
251.205.142.226	unknown	Reserved	unknown	unknown	false
148.213.231.57	unknown	Mexico	15236	UniversidaddeColimaMX	false
115.215.194.210	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
201.3.138.35	unknown	Brazil	8167	BrasilTelecomSA-FilialDistritoFederalBR	false
110.12.224.31	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
48.127.0.71	unknown	United States	2686	ATGS-MMD-ASUS	false
177.171.179.220	unknown	Brazil	26599	TELEFONICABRASILSABR	false
102.72.134.183	unknown	Morocco	6713	IAM-ASMA	false
89.0.153.87	unknown	Germany	8422	NETCOLOGNEDE	false
202.59.122.165	unknown	Japan	23624	CHUKAIChukaiTelevisionCoLtdJP	false
14.10.211.6	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
91.45.199.45	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
169.249.41.253	unknown	United States	47024	THE-METROHEALTH-SYSTEMUS	false
39.98.190.239	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
119.179.159.86	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
213.209.129.92	unknown	Germany	42821	RAPIDNET-DEHaunstetterStr19DE	false
179.235.130.92	unknown	Brazil	28573	CLAROSABR	false
192.79.227.255	unknown	United States	46446	CALTELCOMUS	false
41.40.78.56	unknown	Egypt	8452	TE-ASTE-ASEG	false
186.30.171.190	unknown	Colombia	19429	ETB-ColombiaCO	false
204.93.35.73	unknown	United States	3257	GTT-BACKBONEGTTDE	false
96.119.102.215	unknown	United States	7922	COMCAST-7922US	false
84.124.80.210	unknown	Spain	6739	ONO-ASCableuropa-ONOES	false
12.208.73.139	unknown	United States	7018	ATT-INTERNET4US	false
107.128.57.24	unknown	United States	7018	ATT-INTERNET4US	false
154.51.115.244	unknown	United States	174	COGENT-174US	false
196.143.25.76	unknown	Egypt	36935	Vodafone-EG	false
116.69.199.224	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
79.72.252.216	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
153.144.231.29	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
42.150.109.49	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
222.150.36.28	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
185.151.30.42	unknown	United Kingdom	48254	TWENTYIGB	false
98.81.87.240	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
171.81.85.175	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
136.129.242.17	unknown	United States	60311	ONEFMCH	false
160.195.215.223	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
95.22.242.11	unknown	Spain	12479	UNI2-ASES	false
149.5.33.181	unknown	United States	60110	MODELTELECOMIE	false
35.201.156.2	unknown	United States	15169	GOOGLEUS	false
223.167.19.106	unknown	China	17621	CNCGROUP-SHChinaUnicomShanghainetworkCN	false
83.230.100.246	unknown	Poland	8508	SILWEB-AS-EDUSILWEBAutonomousSystem-AcademicPL	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	xd.sh4.elf	Get hash	malicious	Mirai	Browse	211.68.251.108
	xd.mips.elf	Get hash	malicious	Mirai	Browse	211.84.222.218
	xd.arm7.elf	Get hash	malicious	Mirai	Browse	111.115.14.201
	i486.elf	Get hash	malicious	Unknown	Browse	59.65.22.154
	x86_64.elf	Get hash	malicious	Unknown	Browse	202.204.85.24
	rep.ppc.elf	Get hash	malicious	Mirai	Browse	59.72.61.169
	arm5.elf	Get hash	malicious	Unknown	Browse	101.76.89.61
	arm7.elf	Get hash	malicious	Mirai	Browse	222.17.160.168
	mpsl.elf	Get hash	malicious	Unknown	Browse	222.24.201.156
	x86.elf	Get hash	malicious	Unknown	Browse	58.204.38.34
VODAFONE_ICELANDIS	mpsl.elf	Get hash	malicious	Gafgyt, Okiru	Browse	5.23.67.195
	ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	194.144.176.87
	resgod.sh4.elf	Get hash	malicious	Mirai	Browse	194.144.71.97
	resgod.arm.elf	Get hash	malicious	Mirai	Browse	46.239.208.9
	root.elf	Get hash	malicious	Unknown	Browse	217.9.140.3
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	88.149.62.158
	cbr.arm7.elf	Get hash	malicious	Mirai	Browse	88.149.62.170
	cbr.arm7.elf	Get hash	malicious	Mirai	Browse	88.149.62.127
	cbr.ppc.elf	Get hash	malicious	Mirai	Browse	46.239.208.7
	splarm7.elf	Get hash	malicious	Unknown	Browse	89.160.229.47
CHINANET-BACKBONENo31Jin-rongStreetCN	xd.powerpc-440fp.elf	Get hash	malicious	Mirai	Browse	36.22.80.62
	xd.sh4.elf	Get hash	malicious	Mirai	Browse	171.47.160.33
	xd.x86_64.elf	Get hash	malicious	Mirai	Browse	116.22.120.195
	http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133	Get hash	malicious	HTMLPhisher	Browse	63.140.39.9
	utorrent_installer.exe	Get hash	malicious	Unknown	Browse	221.225.226.18
	utorrent_installer.exe	Get hash	malicious	Unknown	Browse	106.63.26.28
	https://www.notion.so/1c85839ca3918049b295de37b1c532aa	Get hash	malicious	HTMLPhisher	Browse	63.140.39.93
	xd.mips.elf	Get hash	malicious	Mirai	Browse	121.8.97.224
	xd.powerpc-440fp.elf	Get hash	malicious	Mirai	Browse	175.12.84.189
	xd.arm.elf	Get hash	malicious	Mirai	Browse	60.168.8.188
CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince	xd.x86.elf	Get hash	malicious	Mirai	Browse	180.120.16.11
	.i.elf	Get hash	malicious	Mirai	Browse	180.97.50.214
	k03ldc.mips.elf	Get hash	malicious	Unknown	Browse	180.117.156.31
	bejv86.elf	Get hash	malicious	Mirai	Browse	180.107.174.200
	efjepc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	180.120.186.159
	eehah4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	180.106.77.100
	resgod.m68k.elf	Get hash	malicious	Mirai	Browse	180.126.125.130
	weje64.elf	Get hash	malicious	Gafgyt, Mirai	Browse	180.120.28.46
	rrrdsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	180.117.156.31
	m68k.elf	Get hash	malicious	Gafgyt, Okiru	Browse	180.119.244.10

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.9219280948873623
Encrypted:	false
SSDEEP:	3:5bkPn:pkP
MD5:	FF001A15CE15CF062A3704CEA2991B5F
SHA1:	B06F6855F376C3245B82212AC73ADED55DFE5DEF
SHA-256:	C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
SHA-512:	65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	auto_null.

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	18
Entropy (8bit):	3.4613201402110088
Encrypted:	false
SSDEEP:	3:5bkrIZsXvn:pkckv
MD5:	28FE6435F34B3367707BB1C5D5F6B430
SHA1:	EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
SHA-256:	721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
SHA-512:	6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	auto_null.monitor.

/run/gdm3.pid

Download File

Process:	/usr/sbin/gdm3
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:FT/:p/
MD5:	EEFD9FA8D870763F1CADD1D0A6A32960
SHA1:	7EA75B1C9743687984F47C4D3E26DDCD8340D268
SHA-256:	82C8B3DB1E50C101ACAB6B6A2AD60E0E675266368B0F358375042A32EA625612
SHA-512:	4C50F290FAB2B0DEC068F9A9D684293E0D359F7A97D129709F7EEC1E0538755339D0C71B9847BDB6CD9695A5D53A13A5E5E2C4E3416EABBC46721A321F77298C
Malicious:	false
Reputation:	low
Preview:	5562.

/run/user/1000/pulse/pid

Download File

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:FXen:te
MD5:	C3B062C4CE43315FB56C09EB0C36B417
SHA1:	23F3B33C68CA83D84807855B5E495B795991D17F
SHA-256:	92E1BE522E4EFA4080467DB6CEEC86607C505D27B768BABCBE6642464ABDE92B
SHA-512:	7224A0E99D3F0EF7A199E4D3516CCB441921E4B2E9EA346E49173797CBA96CBA5DF7399C5E144F605C84CF5BD9829E6D3C0B610F26F804AD98248BE29EA72B50
Malicious:	false
Reputation:	low
Preview:	5529.

/var/lib/ubuntu-drivers-common/last_gfx_boot

Download File

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	25
Entropy (8bit):	2.7550849518197795
Encrypted:	false
SSDEEP:	3:JoT/V9fDVbn:M/V3n
MD5:	078760523943E160756979906B85FB5E
SHA1:	0962643266F4C5537F7D125046F28F21D6DD0C89
SHA-256:	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
SHA-512:	DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	15ad:0405;0000:00:0f:0;1.

/var/log/gpu-manager.log

Download File

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	1371
Entropy (8bit):	4.8296848499188485
Encrypted:	false
SSDEEP:	24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555cJz:wPXXXe6vejpeC2HUR5WkpPpcvAdow95O
MD5:	3AF77E630DA00B3BE24F4E8AA5D78B13
SHA1:	BCF2D99E002F6DE2413A183227B011CFBEF5673D
SHA-256:	EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
SHA-512:	8524B1E8A761F962B32F396812099B9B0B2DCF3C9FCA8605424753CFCFF4DC67EDC5EE1D8C91B9C0ED7FAE6BB1E752898B8D514B7C421D1839D6FEDA609C593C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):	7.877922223931819
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	xd.x86.elf
File size:	29'424 bytes
MD5:	5e4a544bfb8cfb31f89e915eb339ded5
SHA1:	690a965ee7207bcf2b5454e1241e7a0c056da634
SHA256:	f947f7b2f43f39a5ba5b7053c12d4e3b8f9315ef17d26af7c9b0f449391fc4e8
SHA512:	3300cb3e76a476ccb719f046b59be748cba0b593f8b6e15ff405d33986705679a432611a79fb38370bbf0f961e35390ad9eff357ea494b1863a26cf6946d609b
SSDEEP:	768:hy3rBuMzojLeqmVr3MZ7IZHkWL97Wo7WmARajY:hcXELd3Zcdke9ymb8
TLSH:	4CD2E13575CE0C4A9E011332B4569FEB79A1D470CE9AD4901EA5CC05C96E33A2C3AEAD
File Content Preview:	.ELF.....................y..4...........4. ...(......................q...q.............. ... ... ...................Q.td..............................-!UPX!0...................Y.......w....ELF.......d....g..4!.34. (.....[..;;.F.`....'.....f......\ ..>..b.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - Linux
ABI Version:	0
Entry Point Address:	0xc079d8
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0xc01000	0xc01000	0x71fc	0x71fc	7.8804	0x5	R E	0x1000
LOAD	0xf20	0x8058f20	0x8058f20	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 153
• 7887 undefined
• 23 (Telnet)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2025 21:58:22.580220938 CEST	52640	7887	192.168.2.13	213.209.129.92
Apr 2, 2025 21:58:22.580375910 CEST	44581	23	192.168.2.13	85.13.167.129
Apr 2, 2025 21:58:22.580375910 CEST	44581	23	192.168.2.13	89.70.172.129
Apr 2, 2025 21:58:22.580383062 CEST	44581	23	192.168.2.13	186.104.136.97
Apr 2, 2025 21:58:22.580410957 CEST	44581	23	192.168.2.13	183.86.70.147
Apr 2, 2025 21:58:22.580410957 CEST	44581	23	192.168.2.13	195.239.104.238
Apr 2, 2025 21:58:22.580414057 CEST	44581	23	192.168.2.13	171.81.85.175
Apr 2, 2025 21:58:22.580445051 CEST	44581	23	192.168.2.13	78.252.172.4
Apr 2, 2025 21:58:22.580446959 CEST	44581	23	192.168.2.13	42.150.109.49
Apr 2, 2025 21:58:22.580446959 CEST	44581	23	192.168.2.13	153.139.76.158
Apr 2, 2025 21:58:22.580450058 CEST	44581	23	192.168.2.13	39.98.190.239
Apr 2, 2025 21:58:22.580468893 CEST	44581	23	192.168.2.13	81.114.130.249
Apr 2, 2025 21:58:22.580477953 CEST	44581	23	192.168.2.13	179.235.130.92
Apr 2, 2025 21:58:22.580480099 CEST	44581	23	192.168.2.13	81.63.252.112
Apr 2, 2025 21:58:22.580481052 CEST	44581	23	192.168.2.13	115.215.194.210
Apr 2, 2025 21:58:22.580487967 CEST	44581	23	192.168.2.13	84.124.80.210
Apr 2, 2025 21:58:22.580492973 CEST	44581	23	192.168.2.13	108.183.236.177
Apr 2, 2025 21:58:22.580492973 CEST	44581	23	192.168.2.13	14.206.54.147
Apr 2, 2025 21:58:22.580493927 CEST	44581	23	192.168.2.13	41.40.78.56
Apr 2, 2025 21:58:22.580513954 CEST	44581	23	192.168.2.13	111.113.79.50
Apr 2, 2025 21:58:22.580518007 CEST	44581	23	192.168.2.13	144.18.120.20
Apr 2, 2025 21:58:22.580523968 CEST	44581	23	192.168.2.13	67.30.93.151
Apr 2, 2025 21:58:22.580533028 CEST	44581	23	192.168.2.13	12.208.73.139
Apr 2, 2025 21:58:22.580549955 CEST	44581	23	192.168.2.13	241.21.253.186
Apr 2, 2025 21:58:22.580565929 CEST	44581	23	192.168.2.13	122.117.222.135
Apr 2, 2025 21:58:22.580566883 CEST	44581	23	192.168.2.13	91.90.73.28
Apr 2, 2025 21:58:22.580564022 CEST	44581	23	192.168.2.13	86.104.115.172
Apr 2, 2025 21:58:22.580564022 CEST	44581	23	192.168.2.13	160.195.215.223
Apr 2, 2025 21:58:22.580564022 CEST	44581	23	192.168.2.13	86.123.155.72
Apr 2, 2025 21:58:22.580564022 CEST	44581	23	192.168.2.13	216.40.200.22
Apr 2, 2025 21:58:22.580574989 CEST	44581	23	192.168.2.13	46.9.184.211
Apr 2, 2025 21:58:22.580599070 CEST	44581	23	192.168.2.13	182.116.16.62
Apr 2, 2025 21:58:22.580614090 CEST	44581	23	192.168.2.13	27.22.152.239
Apr 2, 2025 21:58:22.580615997 CEST	44581	23	192.168.2.13	221.108.187.132
Apr 2, 2025 21:58:22.580619097 CEST	44581	23	192.168.2.13	251.205.142.226
Apr 2, 2025 21:58:22.580631971 CEST	44581	23	192.168.2.13	148.213.231.57
Apr 2, 2025 21:58:22.580631971 CEST	44581	23	192.168.2.13	223.167.19.106
Apr 2, 2025 21:58:22.580631971 CEST	44581	23	192.168.2.13	111.251.20.81
Apr 2, 2025 21:58:22.580636024 CEST	44581	23	192.168.2.13	83.9.84.237
Apr 2, 2025 21:58:22.580648899 CEST	44581	23	192.168.2.13	107.128.57.24
Apr 2, 2025 21:58:22.580651045 CEST	44581	23	192.168.2.13	222.150.36.28
Apr 2, 2025 21:58:22.580651045 CEST	44581	23	192.168.2.13	92.16.80.111
Apr 2, 2025 21:58:22.580653906 CEST	44581	23	192.168.2.13	102.72.134.183
Apr 2, 2025 21:58:22.580672026 CEST	44581	23	192.168.2.13	110.12.224.31
Apr 2, 2025 21:58:22.580691099 CEST	44581	23	192.168.2.13	119.179.159.86
Apr 2, 2025 21:58:22.580692053 CEST	44581	23	192.168.2.13	191.213.218.212
Apr 2, 2025 21:58:22.580692053 CEST	44581	23	192.168.2.13	124.195.104.178
Apr 2, 2025 21:58:22.580697060 CEST	44581	23	192.168.2.13	86.225.14.152
Apr 2, 2025 21:58:22.580724001 CEST	44581	23	192.168.2.13	136.129.242.17
Apr 2, 2025 21:58:22.580734968 CEST	44581	23	192.168.2.13	69.253.3.225
Apr 2, 2025 21:58:22.580740929 CEST	44581	23	192.168.2.13	202.103.60.182
Apr 2, 2025 21:58:22.580741882 CEST	44581	23	192.168.2.13	186.30.171.190
Apr 2, 2025 21:58:22.580741882 CEST	44581	23	192.168.2.13	54.20.183.32
Apr 2, 2025 21:58:22.580748081 CEST	44581	23	192.168.2.13	216.219.7.209
Apr 2, 2025 21:58:22.580748081 CEST	44581	23	192.168.2.13	32.2.254.31
Apr 2, 2025 21:58:22.580755949 CEST	44581	23	192.168.2.13	253.105.217.222
Apr 2, 2025 21:58:22.580765009 CEST	44581	23	192.168.2.13	43.121.0.33
Apr 2, 2025 21:58:22.580765963 CEST	44581	23	192.168.2.13	216.230.195.187
Apr 2, 2025 21:58:22.580782890 CEST	44581	23	192.168.2.13	60.2.25.108
Apr 2, 2025 21:58:22.580785990 CEST	44581	23	192.168.2.13	19.35.130.97
Apr 2, 2025 21:58:22.580786943 CEST	44581	23	192.168.2.13	136.40.50.174
Apr 2, 2025 21:58:22.580786943 CEST	44581	23	192.168.2.13	218.193.156.102
Apr 2, 2025 21:58:22.580790997 CEST	44581	23	192.168.2.13	44.51.140.17
Apr 2, 2025 21:58:22.580786943 CEST	44581	23	192.168.2.13	149.5.33.181
Apr 2, 2025 21:58:22.580790997 CEST	44581	23	192.168.2.13	121.86.160.59
Apr 2, 2025 21:58:22.580786943 CEST	44581	23	192.168.2.13	133.255.251.150
Apr 2, 2025 21:58:22.580786943 CEST	44581	23	192.168.2.13	190.227.110.243
Apr 2, 2025 21:58:22.580800056 CEST	44581	23	192.168.2.13	200.215.7.26
Apr 2, 2025 21:58:22.580813885 CEST	44581	23	192.168.2.13	167.172.161.217
Apr 2, 2025 21:58:22.580815077 CEST	44581	23	192.168.2.13	152.76.199.131
Apr 2, 2025 21:58:22.580815077 CEST	44581	23	192.168.2.13	116.223.15.238
Apr 2, 2025 21:58:22.580826044 CEST	44581	23	192.168.2.13	201.3.138.35
Apr 2, 2025 21:58:22.580840111 CEST	44581	23	192.168.2.13	189.103.119.117
Apr 2, 2025 21:58:22.580842972 CEST	44581	23	192.168.2.13	153.144.231.29
Apr 2, 2025 21:58:22.580847979 CEST	44581	23	192.168.2.13	178.153.138.169
Apr 2, 2025 21:58:22.580867052 CEST	44581	23	192.168.2.13	189.35.178.228
Apr 2, 2025 21:58:22.580868006 CEST	44581	23	192.168.2.13	204.93.35.73
Apr 2, 2025 21:58:22.580878019 CEST	44581	23	192.168.2.13	105.55.37.154
Apr 2, 2025 21:58:22.580888033 CEST	44581	23	192.168.2.13	247.72.118.64
Apr 2, 2025 21:58:22.580903053 CEST	44581	23	192.168.2.13	221.152.125.162
Apr 2, 2025 21:58:22.580910921 CEST	44581	23	192.168.2.13	43.225.174.162
Apr 2, 2025 21:58:22.580912113 CEST	44581	23	192.168.2.13	14.10.211.6
Apr 2, 2025 21:58:22.580918074 CEST	44581	23	192.168.2.13	77.52.7.233
Apr 2, 2025 21:58:22.580921888 CEST	44581	23	192.168.2.13	177.171.179.220
Apr 2, 2025 21:58:22.580943108 CEST	44581	23	192.168.2.13	179.72.24.214
Apr 2, 2025 21:58:22.580952883 CEST	44581	23	192.168.2.13	202.194.183.234
Apr 2, 2025 21:58:22.580970049 CEST	44581	23	192.168.2.13	103.128.111.11
Apr 2, 2025 21:58:22.580979109 CEST	44581	23	192.168.2.13	181.220.142.205
Apr 2, 2025 21:58:22.580981970 CEST	44581	23	192.168.2.13	245.115.10.149
Apr 2, 2025 21:58:22.580981970 CEST	44581	23	192.168.2.13	176.19.215.170
Apr 2, 2025 21:58:22.580988884 CEST	44581	23	192.168.2.13	83.230.100.246
Apr 2, 2025 21:58:22.580996037 CEST	44581	23	192.168.2.13	185.151.30.42
Apr 2, 2025 21:58:22.581006050 CEST	44581	23	192.168.2.13	220.79.81.63
Apr 2, 2025 21:58:22.581007004 CEST	44581	23	192.168.2.13	180.107.85.14
Apr 2, 2025 21:58:22.581023932 CEST	44581	23	192.168.2.13	223.113.221.177
Apr 2, 2025 21:58:22.581031084 CEST	44581	23	192.168.2.13	210.190.2.42
Apr 2, 2025 21:58:22.581032991 CEST	44581	23	192.168.2.13	133.21.90.225
Apr 2, 2025 21:58:22.581037998 CEST	44581	23	192.168.2.13	88.215.166.128
Apr 2, 2025 21:58:22.581039906 CEST	44581	23	192.168.2.13	117.247.118.62
Apr 2, 2025 21:58:22.581048965 CEST	44581	23	192.168.2.13	96.119.102.215
Apr 2, 2025 21:58:22.581048965 CEST	44581	23	192.168.2.13	79.72.252.216
Apr 2, 2025 21:58:22.581073046 CEST	44581	23	192.168.2.13	192.79.227.255
Apr 2, 2025 21:58:22.581074953 CEST	44581	23	192.168.2.13	89.0.153.87
Apr 2, 2025 21:58:22.581084967 CEST	44581	23	192.168.2.13	116.69.199.224
Apr 2, 2025 21:58:22.581098080 CEST	44581	23	192.168.2.13	91.45.199.45
Apr 2, 2025 21:58:22.581099033 CEST	44581	23	192.168.2.13	244.166.4.179
Apr 2, 2025 21:58:22.581131935 CEST	44581	23	192.168.2.13	57.242.52.6
Apr 2, 2025 21:58:22.581134081 CEST	44581	23	192.168.2.13	211.10.147.248
Apr 2, 2025 21:58:22.581134081 CEST	44581	23	192.168.2.13	5.254.224.24
Apr 2, 2025 21:58:22.581152916 CEST	44581	23	192.168.2.13	72.115.230.249
Apr 2, 2025 21:58:22.581159115 CEST	44581	23	192.168.2.13	196.143.25.76
Apr 2, 2025 21:58:22.581159115 CEST	44581	23	192.168.2.13	48.127.0.71
Apr 2, 2025 21:58:22.581191063 CEST	44581	23	192.168.2.13	5.93.73.80
Apr 2, 2025 21:58:22.581191063 CEST	44581	23	192.168.2.13	191.178.47.40
Apr 2, 2025 21:58:22.581202030 CEST	44581	23	192.168.2.13	105.70.49.48
Apr 2, 2025 21:58:22.581204891 CEST	44581	23	192.168.2.13	154.51.115.244
Apr 2, 2025 21:58:22.581207991 CEST	44581	23	192.168.2.13	179.183.28.132
Apr 2, 2025 21:58:22.581219912 CEST	44581	23	192.168.2.13	75.160.84.222
Apr 2, 2025 21:58:22.581223011 CEST	44581	23	192.168.2.13	194.144.35.124
Apr 2, 2025 21:58:22.581223011 CEST	44581	23	192.168.2.13	181.76.16.187
Apr 2, 2025 21:58:22.581223965 CEST	44581	23	192.168.2.13	162.35.213.193
Apr 2, 2025 21:58:22.581228971 CEST	44581	23	192.168.2.13	199.82.159.188
Apr 2, 2025 21:58:22.581245899 CEST	44581	23	192.168.2.13	123.0.15.105
Apr 2, 2025 21:58:22.581264973 CEST	44581	23	192.168.2.13	95.22.242.11
Apr 2, 2025 21:58:22.581269979 CEST	44581	23	192.168.2.13	184.156.190.224
Apr 2, 2025 21:58:22.581279039 CEST	44581	23	192.168.2.13	202.59.122.165
Apr 2, 2025 21:58:22.581279039 CEST	44581	23	192.168.2.13	35.201.156.2
Apr 2, 2025 21:58:22.581281900 CEST	44581	23	192.168.2.13	98.81.87.240
Apr 2, 2025 21:58:22.581293106 CEST	44581	23	192.168.2.13	27.89.154.214
Apr 2, 2025 21:58:22.581295013 CEST	44581	23	192.168.2.13	14.44.21.40
Apr 2, 2025 21:58:22.581295967 CEST	44581	23	192.168.2.13	194.174.31.68
Apr 2, 2025 21:58:22.581309080 CEST	44581	23	192.168.2.13	104.51.44.186
Apr 2, 2025 21:58:22.581331015 CEST	44581	23	192.168.2.13	212.190.178.165
Apr 2, 2025 21:58:22.581331015 CEST	44581	23	192.168.2.13	141.183.75.23
Apr 2, 2025 21:58:22.581340075 CEST	44581	23	192.168.2.13	57.95.196.170
Apr 2, 2025 21:58:22.581345081 CEST	44581	23	192.168.2.13	223.107.131.111
Apr 2, 2025 21:58:22.581345081 CEST	44581	23	192.168.2.13	169.249.41.253
Apr 2, 2025 21:58:22.581358910 CEST	44581	23	192.168.2.13	34.189.80.94
Apr 2, 2025 21:58:22.581368923 CEST	44581	23	192.168.2.13	188.79.77.158
Apr 2, 2025 21:58:22.581377029 CEST	44581	23	192.168.2.13	204.17.52.61
Apr 2, 2025 21:58:22.581401110 CEST	44581	23	192.168.2.13	91.219.220.177
Apr 2, 2025 21:58:22.581404924 CEST	44581	23	192.168.2.13	121.207.177.20
Apr 2, 2025 21:58:22.581409931 CEST	44581	23	192.168.2.13	110.231.172.19
Apr 2, 2025 21:58:22.581409931 CEST	44581	23	192.168.2.13	86.76.65.80
Apr 2, 2025 21:58:22.581414938 CEST	44581	23	192.168.2.13	211.121.50.37
Apr 2, 2025 21:58:22.581440926 CEST	44581	23	192.168.2.13	73.36.31.149
Apr 2, 2025 21:58:22.581438065 CEST	44581	23	192.168.2.13	203.255.135.137
Apr 2, 2025 21:58:22.581455946 CEST	44581	23	192.168.2.13	119.82.186.231
Apr 2, 2025 21:58:22.581461906 CEST	44581	23	192.168.2.13	217.173.76.201
Apr 2, 2025 21:58:22.581464052 CEST	44581	23	192.168.2.13	176.26.220.1
Apr 2, 2025 21:58:22.581464052 CEST	44581	23	192.168.2.13	116.100.249.47
Apr 2, 2025 21:58:22.803731918 CEST	7887	52640	213.209.129.92	192.168.2.13
Apr 2, 2025 21:58:22.803807020 CEST	52640	7887	192.168.2.13	213.209.129.92
Apr 2, 2025 21:58:22.817377090 CEST	52640	7887	192.168.2.13	213.209.129.92
Apr 2, 2025 21:58:23.043484926 CEST	7887	52640	213.209.129.92	192.168.2.13
Apr 2, 2025 21:58:23.043551922 CEST	52640	7887	192.168.2.13	213.209.129.92

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 2, 2025 21:58:49.838704109 CEST	192.168.2.13	192.168.2.1	8279	(Port unreachable)	Destination Unreachable
Apr 2, 2025 22:00:09.855436087 CEST	192.168.2.13	192.168.2.1	8279	(Port unreachable)	Destination Unreachable

System Behavior

Analysis Process: xd.x86.elf PID: 5428, Parent PID: 5355

General

Start time (UTC):	19:58:21
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	/tmp/xd.x86.elf
File size:	29424 bytes
MD5 hash:	5e4a544bfb8cfb31f89e915eb339ded5

Process Activities

Process Forked

Chronological Activities

Analysis Process: xd.x86.elf PID: 5429, Parent PID: 5428

General

Start time (UTC):	19:58:21
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	-
File size:	29424 bytes
MD5 hash:	5e4a544bfb8cfb31f89e915eb339ded5

File Activities

File Opened

File Deleted

File Read

Directory Enumerated

Process Activities

Signal Sent

Thread Sleep

Chronological Activities

Analysis Process: xd.x86.elf PID: 5430, Parent PID: 5428

General

Start time (UTC):	19:58:21
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	-
File size:	29424 bytes
MD5 hash:	5e4a544bfb8cfb31f89e915eb339ded5

File Activities

File Opened

Chronological Activities

Analysis Process: xd.x86.elf PID: 5431, Parent PID: 5428

General

Start time (UTC):	19:58:21
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	-
File size:	29424 bytes
MD5 hash:	5e4a544bfb8cfb31f89e915eb339ded5

Process Activities

Process Forked

Signal Sent

Chronological Activities

Analysis Process: xd.x86.elf PID: 5432, Parent PID: 5431

General

Start time (UTC):	19:58:21
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	-
File size:	29424 bytes
MD5 hash:	5e4a544bfb8cfb31f89e915eb339ded5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: xd.x86.elf PID: 5433, Parent PID: 5431

General

Start time (UTC):	19:58:21
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	-
File size:	29424 bytes
MD5 hash:	5e4a544bfb8cfb31f89e915eb339ded5

File Activities

File Opened

Chronological Activities

Analysis Process: xd.x86.elf PID: 5434, Parent PID: 5431

General

Start time (UTC):	19:58:21
Start date (UTC):	02/04/2025
Path:	/tmp/xd.x86.elf
Arguments:	-
File size:	29424 bytes
MD5 hash:	5e4a544bfb8cfb31f89e915eb339ded5

Analysis Process: systemd PID: 5448, Parent PID: 1

General

Start time (UTC):	19:58:32
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: journalctl PID: 5448, Parent PID: 1

General

Start time (UTC):	19:58:32
Start date (UTC):	02/04/2025
Path:	/usr/bin/journalctl
Arguments:	/usr/bin/journalctl --smart-relinquish-var
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

File Activities

File Opened

File Read

Process Activities

Prctl Requested

Chronological Activities

Analysis Process: systemd PID: 5463, Parent PID: 1

General

Start time (UTC):	19:58:32
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5465, Parent PID: 1

General

Start time (UTC):	19:58:32
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5466, Parent PID: 1

General

Start time (UTC):	19:58:32
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5467, Parent PID: 1

General

Start time (UTC):	19:58:33
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5468, Parent PID: 1

General

Start time (UTC):	19:58:33
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5505, Parent PID: 1

General

Start time (UTC):	19:58:45
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5523, Parent PID: 1

General

Start time (UTC):	19:58:45
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5524, Parent PID: 1

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5525, Parent PID: 1

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5526, Parent PID: 1

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5527, Parent PID: 1

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5528, Parent PID: 1

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5529, Parent PID: 2935

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: pulseaudio PID: 5529, Parent PID: 2935

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

File Activities

File Opened

File Truncated

File Read

File Written

Directory Enumerated

Directory Created

Process Activities

Signal Sent

Prctl Requested

System Activities

Query System Information (uname)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5530, Parent PID: 1

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: gdm3 PID: 5531, Parent PID: 1400

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: Default PID: 5531, Parent PID: 1400

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gdm3 PID: 5532, Parent PID: 1400

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: Default PID: 5532, Parent PID: 1400

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gdm3 PID: 5533, Parent PID: 1400

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: Default PID: 5533, Parent PID: 1400

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: systemd PID: 5534, Parent PID: 1

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5536, Parent PID: 1

General

Start time (UTC):	19:58:46
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd PID: 5538, Parent PID: 1

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5538, Parent PID: 1

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: gpu-manager PID: 5539, Parent PID: 5538

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5539, Parent PID: 5538

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5540, Parent PID: 5539

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: grep PID: 5540, Parent PID: 5539

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gpu-manager PID: 5541, Parent PID: 5538

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5541, Parent PID: 5538

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5542, Parent PID: 5541

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: grep PID: 5542, Parent PID: 5541

General

Start time (UTC):	19:58:47
Start date (UTC):	02/04/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gpu-manager PID: 5543, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5543, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5544, Parent PID: 5543

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: grep PID: 5544, Parent PID: 5543

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gpu-manager PID: 5545, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5545, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5546, Parent PID: 5545

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: grep PID: 5546, Parent PID: 5545

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gpu-manager PID: 5547, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5547, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5548, Parent PID: 5547

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: grep PID: 5548, Parent PID: 5547

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gpu-manager PID: 5549, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5549, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5550, Parent PID: 5549

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: grep PID: 5550, Parent PID: 5549

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gpu-manager PID: 5551, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5551, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5552, Parent PID: 5551

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: grep PID: 5552, Parent PID: 5551

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: gpu-manager PID: 5553, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sh PID: 5553, Parent PID: 5538

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5554, Parent PID: 5553

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: grep PID: 5554, Parent PID: 5553

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: systemd (deleted) PID: 5555, Parent PID: 1

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: generate-config PID: 5555, Parent PID: 1

General

Start time (UTC):	19:58:48
Start date (UTC):	02/04/2025
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: generate-config PID: 5556, Parent PID: 5555

General

Start time (UTC):	19:58:49
Start date (UTC):	02/04/2025
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: pkill PID: 5556, Parent PID: 5555

General

Start time (UTC):	19:58:49
Start date (UTC):	02/04/2025
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

File Activities

File Opened

File Read

Directory Enumerated

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5557, Parent PID: 1

General

Start time (UTC):	19:58:50
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gdm-wait-for-drm PID: 5557, Parent PID: 1

General

Start time (UTC):	19:58:50
Start date (UTC):	02/04/2025
Path:	/usr/lib/gdm3/gdm-wait-for-drm
Arguments:	/usr/lib/gdm3/gdm-wait-for-drm
File size:	14640 bytes
MD5 hash:	82043ba752c6930b4e6aaea2f7747545

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: gvfsd-fuse PID: 5558, Parent PID: 3122

General

Start time (UTC):	19:58:50
Start date (UTC):	02/04/2025
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: fusermount PID: 5558, Parent PID: 3122

General

Start time (UTC):	19:58:50
Start date (UTC):	02/04/2025
Path:	/bin/fusermount
Arguments:	fusermount -u -q -z -- /run/user/1000/gvfs
File size:	39144 bytes
MD5 hash:	576a1b135c82bdcbc97a91acea900566

File Activities

File Opened

File Read

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5562, Parent PID: 1

General

Start time (UTC):	19:59:00
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gdm3 PID: 5562, Parent PID: 1

General

Start time (UTC):	19:59:00
Start date (UTC):	02/04/2025
Path:	/usr/sbin/gdm3
Arguments:	/usr/sbin/gdm3
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

File Activities

File Opened

File Deleted

File Read

File Written

Directory Created

Owner / Group Modified

Permission Modified

Process Activities

Prctl Requested

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5565, Parent PID: 1

General

Start time (UTC):	19:59:00
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5576, Parent PID: 1

General

Start time (UTC):	19:59:00
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5577, Parent PID: 1

General

Start time (UTC):	19:59:00
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5578, Parent PID: 1

General

Start time (UTC):	19:59:00
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5588, Parent PID: 1

General

Start time (UTC):	19:59:00
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5589, Parent PID: 1

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5589, Parent PID: 1

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: gpu-manager PID: 5590, Parent PID: 5589

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5591, Parent PID: 5589

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5592, Parent PID: 5589

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5593, Parent PID: 5589

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5594, Parent PID: 5589

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5595, Parent PID: 5589

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5596, Parent PID: 5589

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5597, Parent PID: 5589

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: systemd (deleted) PID: 5598, Parent PID: 1

General

Start time (UTC):	19:59:18
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5599, Parent PID: 1

General

Start time (UTC):	19:59:19
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5599, Parent PID: 1

General

Start time (UTC):	19:59:19
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: gpu-manager PID: 5600, Parent PID: 5599

General

Start time (UTC):	19:59:19
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5601, Parent PID: 5599

General

Start time (UTC):	19:59:19
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5602, Parent PID: 5599

General

Start time (UTC):	19:59:20
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5603, Parent PID: 5599

General

Start time (UTC):	19:59:20
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5604, Parent PID: 5599

General

Start time (UTC):	19:59:20
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5605, Parent PID: 5599

General

Start time (UTC):	19:59:20
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5606, Parent PID: 5599

General

Start time (UTC):	19:59:20
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5607, Parent PID: 5599

General

Start time (UTC):	19:59:20
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: systemd (deleted) PID: 5608, Parent PID: 1

General

Start time (UTC):	19:59:20
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5609, Parent PID: 1

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5609, Parent PID: 1

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: gpu-manager PID: 5610, Parent PID: 5609

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5611, Parent PID: 5609

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5612, Parent PID: 5609

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5613, Parent PID: 5609

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5614, Parent PID: 5609

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5615, Parent PID: 5609

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5616, Parent PID: 5609

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5617, Parent PID: 5609

General

Start time (UTC):	19:59:21
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: systemd (deleted) PID: 5618, Parent PID: 1

General

Start time (UTC):	19:59:22
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5619, Parent PID: 1

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5619, Parent PID: 1

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: gpu-manager PID: 5620, Parent PID: 5619

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5621, Parent PID: 5619

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5622, Parent PID: 5619

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5623, Parent PID: 5619

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5624, Parent PID: 5619

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5625, Parent PID: 5619

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5626, Parent PID: 5619

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5627, Parent PID: 5619

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: systemd (deleted) PID: 5628, Parent PID: 1

General

Start time (UTC):	19:59:23
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5629, Parent PID: 1

General

Start time (UTC):	19:59:24
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5629, Parent PID: 1

General

Start time (UTC):	19:59:24
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

File Activities

File Opened

File Deleted

File Read

File Written

Directory Enumerated

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: gpu-manager PID: 5630, Parent PID: 5629

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5631, Parent PID: 5629

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5632, Parent PID: 5629

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5633, Parent PID: 5629

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5634, Parent PID: 5629

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5635, Parent PID: 5629

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5636, Parent PID: 5629

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: gpu-manager PID: 5637, Parent PID: 5629

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: systemd (deleted) PID: 5638, Parent PID: 1

General

Start time (UTC):	19:59:25
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

File Activities

File Opened

Process Activities

Process Overlayed (Exec)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5639, Parent PID: 1

General

Start time (UTC):	19:59:26
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: plymouth PID: 5639, Parent PID: 1

General

Start time (UTC):	19:59:26
Start date (UTC):	02/04/2025
Path:	/bin/plymouth
Arguments:	/bin/plymouth quit
File size:	51352 bytes
MD5 hash:	87003efd8dad470042f5e75360a8f49f

File Activities

File Opened

File Read

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: systemd (deleted) PID: 5641, Parent PID: 2935

General

Start time (UTC):	20:00:21
Start date (UTC):	02/04/2025
Path:	/usr/lib/systemd/systemd (deleted)
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary’s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Deletion, File: File Metadata, File: File Modification, Firewall: Firewall Rule Modification, Network Traffic: Network Traffic Content, Process: OS API Execution, Process: Process Creation, Scheduled Job: Scheduled Job Modification, User Account: User Account Authentication, User Account: User Account Deletion, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, Google Workspace, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report xd.x86.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Process Tree

Malware Threat Intel

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

/run/gdm3.pid

/run/user/1000/pulse/pid

/var/lib/ubuntu-drivers-common/last_gfx_boot

/var/log/gpu-manager.log

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

ICMP Packets

System Behavior

Analysis Process: xd.x86.elf PID: 5428, Parent PID: 5355

General

Process Activities

Process Forked

Chronological Activities

Analysis Process: xd.x86.elf PID: 5429, Parent PID: 5428

General

File Activities

File Opened

File Deleted

File Read

Directory Enumerated

Process Activities

Linux Analysis Report
xd.x86.elf