Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
xd.spc.elf

Overview

General Information

Sample name:xd.spc.elf
Analysis ID:1655046
MD5:554f3a559235b942292f5de6971f3bbc
SHA1:ff466932340ea33b6b8994a264637c5b5bcdf56e
SHA256:9e39af18dfe5f4fdc43b6a3cabbb48a1b4be92e137a867b132b8af90c774ca10
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:100
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655046
Start date and time:2025-04-02 22:18:27 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 40s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.spc.elf
Detection:MAL
Classification:mal100.spre.troj.evad.linELF@0/0@0/0
  • Connection to analysis system has been lost, crash info: Unknown

Process Tree

  • system is lnxubuntu20
  • xd.spc.elf (PID: 5461, Parent: 5379, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/xd.spc.elf
  • systemd New Fork (PID: 5478, Parent: 1)
  • journalctl (PID: 5478, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5493, Parent: 1)
  • systemd New Fork (PID: 5511, Parent: 1)
  • fusermount (PID: 5517, Parent: 3122, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • Default (PID: 5518, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gpu-manager (PID: 5535, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
xd.spc.elfJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    xd.spc.elfJoeSecurity_Mirai_5Yara detected MiraiJoe Security
      xd.spc.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        xd.spc.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x10a58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10a6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10a80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10a94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10aa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10abc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10ad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10ae4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10af8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10b0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10b20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10b34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10b48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10b5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10b70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10b84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10b98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10bac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10bc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10bd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10be8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        xd.spc.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0x109f0:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        Click to see the 2 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
          5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
            5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
              • 0x10a58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10a6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10a80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10a94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10aa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10abc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10ad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10ae4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10af8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10b0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10b20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10b34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10b48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10b5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10b70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10b84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10b98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10bac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10bc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10bd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0x10be8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
              • 0x109f0:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
              Click to see the 57 entries

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              • AV Detection
              • Networking
              • System Summary
              • Persistence and Installation Behavior
              • Hooking and other Techniques for Hiding and Protection
              • Malware Analysis System Evasion
              • Stealing of Sensitive Information
              • Remote Access Functionality

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: xd.spc.elfAvira: detected
              Source: xd.spc.elfVirustotal: Detection: 62%Perma Link
              Source: xd.spc.elfReversingLabs: Detection: 69%
              Source: global trafficTCP traffic: 192.168.2.13:52640 -> 213.209.129.92:7887
              Source: /tmp/xd.spc.elf (PID: 5463)Socket: 0.0.0.0:23Jump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)Socket: 0.0.0.0:0Jump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)Socket: 0.0.0.0:80Jump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)Socket: 0.0.0.0:81Jump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)Socket: 0.0.0.0:8443Jump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)Socket: 0.0.0.0:9009Jump to behavior
              Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
              Source: unknownTCP traffic detected without corresponding DNS query: 32.0.13.198
              Source: unknownTCP traffic detected without corresponding DNS query: 9.42.6.198
              Source: unknownTCP traffic detected without corresponding DNS query: 78.150.218.241
              Source: unknownTCP traffic detected without corresponding DNS query: 241.84.184.125
              Source: unknownTCP traffic detected without corresponding DNS query: 69.54.142.207
              Source: unknownTCP traffic detected without corresponding DNS query: 241.107.104.142
              Source: unknownTCP traffic detected without corresponding DNS query: 61.250.72.136
              Source: unknownTCP traffic detected without corresponding DNS query: 57.67.161.117
              Source: unknownTCP traffic detected without corresponding DNS query: 38.13.61.155
              Source: unknownTCP traffic detected without corresponding DNS query: 70.239.139.118
              Source: unknownTCP traffic detected without corresponding DNS query: 174.160.99.66
              Source: unknownTCP traffic detected without corresponding DNS query: 42.124.94.230
              Source: unknownTCP traffic detected without corresponding DNS query: 23.150.252.14
              Source: unknownTCP traffic detected without corresponding DNS query: 146.11.253.200
              Source: unknownTCP traffic detected without corresponding DNS query: 99.39.9.152
              Source: unknownTCP traffic detected without corresponding DNS query: 170.213.109.203
              Source: unknownTCP traffic detected without corresponding DNS query: 92.255.46.218
              Source: unknownTCP traffic detected without corresponding DNS query: 213.178.214.85
              Source: unknownTCP traffic detected without corresponding DNS query: 54.47.215.27
              Source: unknownTCP traffic detected without corresponding DNS query: 208.62.54.60
              Source: unknownTCP traffic detected without corresponding DNS query: 34.19.34.218
              Source: unknownTCP traffic detected without corresponding DNS query: 118.11.161.120
              Source: unknownTCP traffic detected without corresponding DNS query: 59.136.29.77
              Source: unknownTCP traffic detected without corresponding DNS query: 95.243.131.255
              Source: unknownTCP traffic detected without corresponding DNS query: 41.171.255.173
              Source: unknownTCP traffic detected without corresponding DNS query: 183.1.105.184
              Source: unknownTCP traffic detected without corresponding DNS query: 180.38.197.187
              Source: unknownTCP traffic detected without corresponding DNS query: 45.15.150.113
              Source: unknownTCP traffic detected without corresponding DNS query: 66.181.63.59
              Source: unknownTCP traffic detected without corresponding DNS query: 168.238.226.62
              Source: unknownTCP traffic detected without corresponding DNS query: 101.95.205.85
              Source: unknownTCP traffic detected without corresponding DNS query: 192.184.63.10
              Source: unknownTCP traffic detected without corresponding DNS query: 182.55.75.142
              Source: unknownTCP traffic detected without corresponding DNS query: 122.199.47.112
              Source: unknownTCP traffic detected without corresponding DNS query: 180.86.25.7
              Source: unknownTCP traffic detected without corresponding DNS query: 74.239.216.130
              Source: unknownTCP traffic detected without corresponding DNS query: 88.211.238.5
              Source: unknownTCP traffic detected without corresponding DNS query: 141.114.74.217
              Source: unknownTCP traffic detected without corresponding DNS query: 222.225.187.191
              Source: unknownTCP traffic detected without corresponding DNS query: 251.92.21.147
              Source: unknownTCP traffic detected without corresponding DNS query: 193.87.7.120
              Source: unknownTCP traffic detected without corresponding DNS query: 180.54.172.219
              Source: unknownTCP traffic detected without corresponding DNS query: 122.216.47.70
              Source: unknownTCP traffic detected without corresponding DNS query: 141.45.170.139
              Source: unknownTCP traffic detected without corresponding DNS query: 57.64.207.233
              Source: unknownTCP traffic detected without corresponding DNS query: 71.42.102.67
              Source: unknownTCP traffic detected without corresponding DNS query: 179.182.231.176
              Source: unknownTCP traffic detected without corresponding DNS query: 135.159.60.207
              Source: unknownTCP traffic detected without corresponding DNS query: 167.115.173.84

              System Summary

              barindex
              Source: xd.spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: xd.spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: xd.spc.elf, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: xd.spc.elf, type: SAMPLEMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: Process Memory Space: xd.spc.elf PID: 5461, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5461, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5464, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5464, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5467, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5467, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5471, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5471, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5473, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.spc.elf PID: 5473, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 936, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 490, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 660, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 726, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 727, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 765, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 767, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 778, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 780, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 783, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 790, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 795, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 800, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1400, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1410, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1411, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1432, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1475, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1565, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1805, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 2926, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 2935, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 2936, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 2970, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 3069, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 3122, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 3132, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 3819, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5296, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5437, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5438, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5478, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5523, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5528, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5529, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5530, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5531, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5532, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5534, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5535, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5536, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5537, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5538, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5541, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5542, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5543, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5544, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5545, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5546, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5547, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5549, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5467)SIGKILL sent: pid: -5467, result: unknownJump to behavior
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 936, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 490, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 660, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 726, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 727, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 765, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 767, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 778, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 780, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 783, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 790, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 795, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 800, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1400, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1410, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1411, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1432, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1475, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1565, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 1805, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 2926, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 2935, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 2936, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 2970, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 3069, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 3122, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 3132, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 3819, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5296, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5437, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5438, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5478, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5523, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5528, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5529, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5530, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5531, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5532, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5534, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5535, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5536, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5537, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5538, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5541, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5542, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5543, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5544, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5545, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5546, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5547, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)SIGKILL sent: pid: 5549, result: successfulJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5467)SIGKILL sent: pid: -5467, result: unknownJump to behavior
              Source: xd.spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: xd.spc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: xd.spc.elf, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: xd.spc.elf, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: Process Memory Space: xd.spc.elf PID: 5461, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5461, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5464, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5464, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5467, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5467, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5471, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5471, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5473, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.spc.elf PID: 5473, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: classification engineClassification label: mal100.spre.troj.evad.linELF@0/0@0/0

              Persistence and Installation Behavior

              barindex
              Source: /bin/fusermount (PID: 5517)File: /proc/5517/mountsJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/914/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/518/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/519/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/917/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3095/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1745/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1588/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/884/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/765/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/800/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/767/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1906/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/802/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/803/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1748/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1482/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/490/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1480/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3814/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1238/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1755/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1751/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1872/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/2961/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/656/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/657/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/778/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/658/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/659/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/418/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/419/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/936/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/816/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1891/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/780/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/660/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/783/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1765/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/2974/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/2972/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3300/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1925/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1648/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1922/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3429/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3442/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/790/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/792/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/792/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3715/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/672/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/793/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/793/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3716/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1930/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3717/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/795/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/674/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/797/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/797/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/676/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/678/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/679/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3714/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/680/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3327/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1940/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5500/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5501/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/726/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/727/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1944/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5481/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5482/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5483/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5484/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5485/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5486/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5487/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5488/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/2496/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3100/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3182/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5480/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/3455/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/855/fdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5479/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5516/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5517/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5492/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5494/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5495/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5496/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5497/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1691/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5490/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5491/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1320/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5401/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/5489/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1609/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/508/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1847/exeJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File opened: /proc/1604/exeJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Source: /tmp/xd.spc.elf (PID: 5463)File: /usr/lib/systemd/systemdJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File: /usr/libexec/gvfsd-fuseJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File: /usr/bin/journalctlJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5463)File: /usr/bin/gpu-managerJump to behavior
              Source: /tmp/xd.spc.elf (PID: 5461)Queries kernel information via 'uname': Jump to behavior
              Source: xd.spc.elf, 5461.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5464.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5467.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5469.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5471.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5473.1.00005561e80ec000.00005561e8171000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
              Source: xd.spc.elf, 5461.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5464.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5467.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5469.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5471.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5473.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/xd.spc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.spc.elf
              Source: xd.spc.elf, 5461.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5464.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5467.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5469.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5471.1.00005561e80ec000.00005561e8171000.rw-.sdmp, xd.spc.elf, 5473.1.00005561e80ec000.00005561e8171000.rw-.sdmpBinary or memory string: aU!/etc/qemu-binfmt/sparc
              Source: xd.spc.elf, 5461.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5464.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5467.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5469.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5471.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmp, xd.spc.elf, 5473.1.00007ffe2af87000.00007ffe2afa8000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: xd.spc.elf, type: SAMPLE
              Source: Yara matchFile source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5461, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5464, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5467, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5471, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5473, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: xd.spc.elf, type: SAMPLE
              Source: Yara matchFile source: 5471.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5464.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5467.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5473.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5461.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5469.1.00007f0adc011000.00007f0adc023000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5461, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5464, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5467, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5471, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.spc.elf PID: 5473, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
              File Deletion              		1
              OS Credential Dumping              		11
              Security Software Discovery              		Remote ServicesData from Local System1
              Non-Standard Port              		Exfiltration Over Other Network Medium1
              Service Stop
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
              File and Directory Discovery              		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655046 Sample: xd.spc.elf Startdate: 02/04/2025 Architecture: LINUX Score: 100 30 165.117.45.114, 23 XO-AS15US United States 2->30 32 2.205.164.50, 23 VODANETInternationalIP-BackboneofVodafoneDE Germany 2->32 34 98 other IPs or domains 2->34 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected Mirai 2->46 8 xd.spc.elf 2->8         started        10 gvfsd-fuse fusermount 2->10         started        13 systemd journalctl 2->13         started        15 24 other processes 2->15 signatures3 process4 signatures5 17 xd.spc.elf 8->17         started        20 xd.spc.elf 8->20         started        22 xd.spc.elf 8->22         started        48 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->48 process6 signatures7 36 Sample tries to kill multiple processes (SIGKILL) 17->36 38 Sample deletes itself 17->38 24 xd.spc.elf 20->24         started        26 xd.spc.elf 20->26         started        28 xd.spc.elf 20->28         started        process8

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              xd.spc.elf62%VirustotalBrowse
              xd.spc.elf69%ReversingLabsLinux.Backdoor.Mirai
              xd.spc.elf100%AviraLINUX/Mirai.bonb

              Dropped Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Download Network PCAP: filteredfull

              Contacted Domains

              No contacted domains info

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              75.73.253.178
              		unknownUnited States
              		7922COMCAST-7922USfalse
              143.41.65.155
              		unknownUnited Kingdom
              		11003PANDGUSfalse
              222.225.187.191
              		unknownJapan2516KDDIKDDICORPORATIONJPfalse
              173.234.83.230
              		unknownUnited States
              		396190LEASEWEB-USA-SEA-10USfalse
              93.247.21.85
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              196.8.21.254
              		unknownSouth Africa
              		21491UGANDA-TELECOMUgandaTelecomUGfalse
              69.54.142.207
              		unknownUnited States
              		19939BCTELCOUSfalse
              160.11.80.75
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              101.95.205.85
              		unknownChina
              		4812CHINANET-SH-APChinaTelecomGroupCNfalse
              242.218.198.201
              		unknownReserved
              		unknownunknownfalse
              61.250.72.136
              		unknownKorea Republic of
              		9848SEJONGTELECOM-AS-KRSejongTelecomKRfalse
              177.171.137.223
              		unknownBrazil
              		26599TELEFONICABRASILSABRfalse
              9.42.6.198
              		unknownUnited States
              		3356LEVEL3USfalse
              83.43.201.57
              		unknownSpain
              		3352TELEFONICA_DE_ESPANAESfalse
              193.148.31.170
              		unknownSpain
              		3324AS3324_FUJITSU_SPAINESfalse
              94.193.69.58
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              180.210.85.71
              		unknownKorea Republic of
              		38661HCLC-AS-KRpurplestonesKRfalse
              89.56.21.105
              		unknownGermany
              		5430FREENETDEfreenetDatenkommunikationsGmbHDEfalse
              45.15.150.113
              		unknownArmenia
              		41965MTS-ARMENIA-ASAMfalse
              209.148.108.145
              		unknownUnited States
              		7065SONOMAUSfalse
              251.92.21.147
              		unknownReserved
              		unknownunknownfalse
              141.45.170.139
              		unknownGermany
              		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
              108.22.109.46
              		unknownUnited States
              		701UUNETUSfalse
              201.218.155.37
              		unknownChile
              		52439OPTICCLfalse
              135.141.225.104
              		unknownUnited States
              		10455LUCENT-CIOUSfalse
              66.181.63.59
              		unknownUnited States
              		64236UNREAL-SERVERSUSfalse
              84.117.48.231
              		unknownNetherlands
              		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
              180.38.197.187
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              16.123.62.220
              		unknownUnited States
              		unknownunknownfalse
              146.11.253.200
              		unknownAustralia
              		158ERI-ASUSfalse
              220.145.165.213
              		unknownJapan2510INFOWEBFUJITSULIMITEDJPfalse
              2.205.164.50
              		unknownGermany
              		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
              110.130.64.141
              		unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
              212.149.138.106
              		unknownFinland
              		16086DNAFIfalse
              27.27.110.64
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              139.154.117.41
              		unknownJapan2497IIJInternetInitiativeJapanIncJPfalse
              32.0.13.198
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              38.13.61.155
              		unknownUnited States
              		174COGENT-174USfalse
              92.255.46.218
              		unknownRussian Federation
              		50797ELIXE-ASRUfalse
              186.218.163.182
              		unknownBrazil
              		28573CLAROSABRfalse
              162.206.129.71
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              40.61.164.62
              		unknownUnited States
              		4249LILLY-ASUSfalse
              71.42.102.67
              		unknownUnited States
              		11427TWC-11427-TEXASUSfalse
              184.126.245.225
              		unknownUnited States
              		7922COMCAST-7922USfalse
              218.99.38.213
              		unknownChina
              		17966CIBNChinaInformationBroadcastNetworkLtdCoCNfalse
              165.117.45.114
              		unknownUnited States
              		2828XO-AS15USfalse
              59.180.45.19
              		unknownIndia
              		17813MTNL-APMahanagarTelephoneNigamLimitedINfalse
              241.107.104.142
              		unknownReserved
              		unknownunknownfalse
              167.115.173.84
              		unknownUnited States
              		17386GRAINGERUSfalse
              174.160.99.66
              		unknownUnited States
              		7922COMCAST-7922USfalse
              36.65.232.221
              		unknownIndonesia
              		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDfalse
              68.150.26.225
              		unknownCanada
              		6327SHAWCAfalse
              170.12.74.190
              		unknownUnited States
              		27283RJF-INTERNETUSfalse
              168.238.226.62
              		unknownUnited States
              		26057MEDIAOCEANUSfalse
              253.121.162.186
              		unknownReserved
              		unknownunknownfalse
              218.185.57.91
              		unknownAustralia
              		10223UECOMM-AUUecommLtdAUfalse
              246.36.71.172
              		unknownReserved
              		unknownunknownfalse
              95.243.131.255
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              180.54.172.219
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              20.104.161.218
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              69.247.1.213
              		unknownUnited States
              		7922COMCAST-7922USfalse
              195.41.43.143
              		unknownDenmark
              		3292TDCTDCASDKfalse
              207.193.201.138
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              42.124.94.230
              		unknownJapan10010TOKAITOKAICommunicationsCorporationJPfalse
              88.211.238.5
              		unknownUnited Kingdom
              		24867ADAPT-ASGBfalse
              121.230.31.126
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              91.57.31.43
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              185.202.47.49
              		unknownUnited States
              		46261QUICKPACKETUSfalse
              147.174.73.83
              		unknownUnited States
              		25968SELUNETUSfalse
              135.159.60.207
              		unknownUnited States
              		14962NCR-252USfalse
              211.217.0.60
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              180.86.25.7
              		unknownChina
              		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
              213.209.129.92
              		unknownGermany
              		42821RAPIDNET-DEHaunstetterStr19DEfalse
              42.12.27.174
              		unknownKorea Republic of
              		4249LILLY-ASUSfalse
              98.175.169.159
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              179.182.231.176
              		unknownBrazil
              		10429TELEFONICABRASILSABRfalse
              255.86.54.67
              		unknownReserved
              		unknownunknownfalse
              57.67.161.117
              		unknownBelgium
              		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
              44.147.63.86
              		unknownUnited States
              		62383LDS-ASBEfalse
              208.62.54.60
              		unknownUnited States
              		6389BELLSOUTH-NET-BLKUSfalse
              74.239.216.130
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              165.181.219.88
              		unknownUnited States
              		7046RFC2270-UUNET-CUSTOMERUSfalse
              172.109.176.237
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              170.72.167.45
              		unknownUnited States
              		16761FEDMOG-ASN-01USfalse
              99.169.34.134
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              220.215.48.32
              		unknownJapan10013FBDCFreeBitCoLtdJPfalse
              46.156.32.188
              		unknownNorway
              		2119TELENOR-NEXTELTelenorNorgeASNOfalse
              183.1.105.184
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              139.159.253.83
              		unknownChina
              		55990HWCSNETHuaweiCloudServicedatacenterCNfalse
              78.217.87.49
              		unknownFrance
              		12322PROXADFRfalse
              82.226.60.243
              		unknownFrance
              		12322PROXADFRfalse
              41.171.255.173
              		unknownSouth Africa
              		36937Neotel-ASZAfalse
              39.42.78.104
              		unknownPakistan
              		45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
              5.120.128.170
              		unknownIran (ISLAMIC Republic Of)
              		44244IRANCELL-ASIRfalse
              34.19.34.218
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              195.9.181.122
              		unknownRussian Federation
              		25513ASN-MGTS-USPDRUfalse
              170.213.109.203
              		unknownUnited States
              		46274UPHSUSfalse
              255.239.43.57
              		unknownReserved
              		unknownunknownfalse
              67.22.250.61
              		unknownUnited States
              		33470CANBYTELEPHONEASSOCIATIONUSfalse
              54.47.215.27
              		unknownUnited States
              		14618AMAZON-AESUSfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              PANDGUSxd.mips.elfGet hashmaliciousMiraiBrowse
              • 151.221.212.102
              xd.mpsl.elfGet hashmaliciousMiraiBrowse
              • 143.8.237.49
              m68k.elfGet hashmaliciousUnknownBrowse
              • 143.30.201.48
              Payment_Activity_0037_2025-3-30.vbsGet hashmaliciousUnknownBrowse
              • 137.184.219.56
              Payment_Activity_0037_2025-3-30.vbsGet hashmaliciousUnknownBrowse
              • 137.184.219.56
              https://promo-offer.site/tnf_ptGet hashmaliciousUnknownBrowse
              • 137.184.78.116
              mpsl.elfGet hashmaliciousMirai, MoobotBrowse
              • 143.35.73.115
              owari.i486.elfGet hashmaliciousUnknownBrowse
              • 155.127.8.71
              owari.arm.elfGet hashmaliciousUnknownBrowse
              • 155.111.32.195
              loligang.ppc.elfGet hashmaliciousMiraiBrowse
              • 143.12.198.81
              KDDIKDDICORPORATIONJPxd.mips.elfGet hashmaliciousMiraiBrowse
              • 114.22.137.203
              xd.x86.elfGet hashmaliciousMiraiBrowse
              • 14.10.211.6
              xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
              • 121.110.71.88
              xd.x86_64.elfGet hashmaliciousMiraiBrowse
              • 113.150.21.42
              xd.mips.elfGet hashmaliciousMiraiBrowse
              • 59.242.4.239
              xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
              • 222.1.83.143
              xd.arm.elfGet hashmaliciousMiraiBrowse
              • 113.148.121.5
              xd.x86.elfGet hashmaliciousMiraiBrowse
              • 125.50.98.121
              xd.arm7.elfGet hashmaliciousMiraiBrowse
              • 222.11.58.229
              xd.i686.elfGet hashmaliciousMiraiBrowse
              • 210.168.244.188
              COMCAST-7922USxd.mips.elfGet hashmaliciousMiraiBrowse
              • 24.127.115.50
              xd.x86.elfGet hashmaliciousMiraiBrowse
              • 96.119.102.215
              xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
              • 96.216.201.246
              xd.x86.elfGet hashmaliciousMiraiBrowse
              • 68.83.210.121
              xd.mips.elfGet hashmaliciousMiraiBrowse
              • 96.207.176.89
              xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
              • 75.73.135.177
              xd.x86.elfGet hashmaliciousMiraiBrowse
              • 96.87.214.7
              xd.i686.elfGet hashmaliciousMiraiBrowse
              • 173.167.69.160
              xd.sh4.elfGet hashmaliciousMiraiBrowse
              • 24.1.63.181
              xd.spc.elfGet hashmaliciousMiraiBrowse
              • 71.198.81.196

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
              Entropy (8bit):6.19447487243725
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:xd.spc.elf
              File size:74'752 bytes
              MD5:554f3a559235b942292f5de6971f3bbc
              SHA1:ff466932340ea33b6b8994a264637c5b5bcdf56e
              SHA256:9e39af18dfe5f4fdc43b6a3cabbb48a1b4be92e137a867b132b8af90c774ca10
              SHA512:2fb7b4921ac8f360ea2bd31b9f4ff7b588ce9a1ba1345dcae19f6e8e9779f785fed30fae35c18b3f0f92981b0d8349c9a4f4cc625f8440b904846d4caa803401
              SSDEEP:768:/57v4Fuzwq9FZsMupR/sKwHJZcand8hAGIquZ6WsDhInH+dUI0ALLH8O+V2tReVK:/Jv9wSFZs/pRFwHTIuZ6vDkwGVCgVFJ+
              TLSH:5B734B24F97A1F23C1D4B17A62FB8B55B5F6138E26B0961D3CB10F5EBF242406406AB7
              File Content Preview:.ELF...........................4.."p.....4. ...(.......................................... ... ... ....0............dt.Q................................@..(....@.Ak................#.....b0..`.....!..... ...@.....".........`......$ ... ...@...........`....

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, big endian
              Version:1 (current)
              Machine:Sparc
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x101a4
              Flags:0x0
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:3
              Section Header Offset:74352
              Section Header Size:40
              Number of Section Headers:10
              Header String Table Index:9

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x100940x940x1c0x00x6AX004
              .textPROGBITS0x100b00xb00x105e40x00x6AX004
              .finiPROGBITS0x206940x106940x140x00x6AX004
              .rodataPROGBITS0x206a80x106a80x19500x00x2A008
              .ctorsPROGBITS0x320000x120000x80x00x3WA004
              .dtorsPROGBITS0x320080x120080x80x00x3WA004
              .dataPROGBITS0x320180x120180x2180x00x3WA008
              .bssNOBITS0x322300x122300x4e00x00x3WA008
              .shstrtabSTRTAB0x00x122300x3e0x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x100000x100000x11ff80x11ff86.21680x5R E0x10000.init .text .fini .rodata
              LOAD0x120000x320000x320000x2300x7102.95530x6RW 0x10000.ctors .dtors .data .bss
              GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

              Network Behavior

              Download Network PCAP: filteredfull

              Network Port Distribution

              • Total Packets: 145
              • 7887 undefined
              • 23 (Telnet)
              TimestampSource PortDest PortSource IPDest IP
              Apr 2, 2025 22:19:26.455297947 CEST526407887192.168.2.13213.209.129.92
              Apr 2, 2025 22:19:26.483283997 CEST5532723192.168.2.1332.0.13.198
              Apr 2, 2025 22:19:26.483387947 CEST5532723192.168.2.139.42.6.198
              Apr 2, 2025 22:19:26.483684063 CEST5532723192.168.2.1378.150.218.241
              Apr 2, 2025 22:19:26.483684063 CEST5532723192.168.2.13241.84.184.125
              Apr 2, 2025 22:19:26.483689070 CEST5532723192.168.2.1369.54.142.207
              Apr 2, 2025 22:19:26.483691931 CEST5532723192.168.2.13241.107.104.142
              Apr 2, 2025 22:19:26.483695030 CEST5532723192.168.2.1361.250.72.136
              Apr 2, 2025 22:19:26.483695030 CEST5532723192.168.2.1357.67.161.117
              Apr 2, 2025 22:19:26.483695030 CEST5532723192.168.2.1338.13.61.155
              Apr 2, 2025 22:19:26.483700991 CEST5532723192.168.2.1370.239.139.118
              Apr 2, 2025 22:19:26.483700991 CEST5532723192.168.2.13174.160.99.66
              Apr 2, 2025 22:19:26.483710051 CEST5532723192.168.2.1342.124.94.230
              Apr 2, 2025 22:19:26.483710051 CEST5532723192.168.2.1323.150.252.14
              Apr 2, 2025 22:19:26.483711958 CEST5532723192.168.2.13146.11.253.200
              Apr 2, 2025 22:19:26.483711958 CEST5532723192.168.2.1399.39.9.152
              Apr 2, 2025 22:19:26.483711958 CEST5532723192.168.2.13170.213.109.203
              Apr 2, 2025 22:19:26.483726978 CEST5532723192.168.2.1392.255.46.218
              Apr 2, 2025 22:19:26.483730078 CEST5532723192.168.2.13213.178.214.85
              Apr 2, 2025 22:19:26.483751059 CEST5532723192.168.2.13180.210.85.71
              Apr 2, 2025 22:19:26.483751059 CEST5532723192.168.2.1354.47.215.27
              Apr 2, 2025 22:19:26.483757973 CEST5532723192.168.2.13208.62.54.60
              Apr 2, 2025 22:19:26.483757973 CEST5532723192.168.2.1334.19.34.218
              Apr 2, 2025 22:19:26.483761072 CEST5532723192.168.2.13118.11.161.120
              Apr 2, 2025 22:19:26.483761072 CEST5532723192.168.2.1359.136.29.77
              Apr 2, 2025 22:19:26.483761072 CEST5532723192.168.2.1395.243.131.255
              Apr 2, 2025 22:19:26.483772993 CEST5532723192.168.2.1341.171.255.173
              Apr 2, 2025 22:19:26.483783007 CEST5532723192.168.2.13183.1.105.184
              Apr 2, 2025 22:19:26.483819008 CEST5532723192.168.2.13180.38.197.187
              Apr 2, 2025 22:19:26.484139919 CEST5532723192.168.2.1345.15.150.113
              Apr 2, 2025 22:19:26.484184980 CEST5532723192.168.2.1366.181.63.59
              Apr 2, 2025 22:19:26.484199047 CEST5532723192.168.2.13168.238.226.62
              Apr 2, 2025 22:19:26.484462976 CEST5532723192.168.2.13110.130.64.141
              Apr 2, 2025 22:19:26.484467983 CEST5532723192.168.2.13101.95.205.85
              Apr 2, 2025 22:19:26.484471083 CEST5532723192.168.2.13192.184.63.10
              Apr 2, 2025 22:19:26.484498024 CEST5532723192.168.2.13182.55.75.142
              Apr 2, 2025 22:19:26.484498024 CEST5532723192.168.2.13122.199.47.112
              Apr 2, 2025 22:19:26.484600067 CEST5532723192.168.2.13180.86.25.7
              Apr 2, 2025 22:19:26.484601021 CEST5532723192.168.2.1374.239.216.130
              Apr 2, 2025 22:19:26.484620094 CEST5532723192.168.2.1388.211.238.5
              Apr 2, 2025 22:19:26.484625101 CEST5532723192.168.2.13141.114.74.217
              Apr 2, 2025 22:19:26.484642982 CEST5532723192.168.2.13222.225.187.191
              Apr 2, 2025 22:19:26.484651089 CEST5532723192.168.2.13251.92.21.147
              Apr 2, 2025 22:19:26.484653950 CEST5532723192.168.2.13193.87.7.120
              Apr 2, 2025 22:19:26.484993935 CEST5532723192.168.2.13180.54.172.219
              Apr 2, 2025 22:19:26.484993935 CEST5532723192.168.2.13122.216.47.70
              Apr 2, 2025 22:19:26.485006094 CEST5532723192.168.2.13141.45.170.139
              Apr 2, 2025 22:19:26.485006094 CEST5532723192.168.2.1357.64.207.233
              Apr 2, 2025 22:19:26.485021114 CEST5532723192.168.2.1371.42.102.67
              Apr 2, 2025 22:19:26.485032082 CEST5532723192.168.2.13179.182.231.176
              Apr 2, 2025 22:19:26.485078096 CEST5532723192.168.2.13135.159.60.207
              Apr 2, 2025 22:19:26.485097885 CEST5532723192.168.2.13167.115.173.84
              Apr 2, 2025 22:19:26.485119104 CEST5532723192.168.2.13184.126.245.225
              Apr 2, 2025 22:19:26.485155106 CEST5532723192.168.2.13209.148.108.145
              Apr 2, 2025 22:19:26.485157013 CEST5532723192.168.2.13218.99.38.213
              Apr 2, 2025 22:19:26.485174894 CEST5532723192.168.2.1378.217.87.49
              Apr 2, 2025 22:19:26.485191107 CEST5532723192.168.2.13108.22.109.46
              Apr 2, 2025 22:19:26.485239983 CEST5532723192.168.2.13104.133.43.37
              Apr 2, 2025 22:19:26.485325098 CEST5532723192.168.2.13139.154.117.41
              Apr 2, 2025 22:19:26.485327959 CEST5532723192.168.2.132.114.200.152
              Apr 2, 2025 22:19:26.485434055 CEST5532723192.168.2.1369.247.1.213
              Apr 2, 2025 22:19:26.485476971 CEST5532723192.168.2.13211.217.0.60
              Apr 2, 2025 22:19:26.485477924 CEST5532723192.168.2.13149.80.16.254
              Apr 2, 2025 22:19:26.485590935 CEST5532723192.168.2.13172.109.176.237
              Apr 2, 2025 22:19:26.485639095 CEST5532723192.168.2.13185.202.47.49
              Apr 2, 2025 22:19:26.485742092 CEST5532723192.168.2.13193.148.31.170
              Apr 2, 2025 22:19:26.485743046 CEST5532723192.168.2.1394.193.69.58
              Apr 2, 2025 22:19:26.485753059 CEST5532723192.168.2.13104.39.33.144
              Apr 2, 2025 22:19:26.485769033 CEST5532723192.168.2.13173.234.83.230
              Apr 2, 2025 22:19:26.485778093 CEST5532723192.168.2.13242.218.198.201
              Apr 2, 2025 22:19:26.485904932 CEST5532723192.168.2.13160.11.80.75
              Apr 2, 2025 22:19:26.485922098 CEST5532723192.168.2.1383.43.201.57
              Apr 2, 2025 22:19:26.485922098 CEST5532723192.168.2.13121.6.52.180
              Apr 2, 2025 22:19:26.485933065 CEST5532723192.168.2.1346.156.32.188
              Apr 2, 2025 22:19:26.486033916 CEST5532723192.168.2.13184.94.206.79
              Apr 2, 2025 22:19:26.486037970 CEST5532723192.168.2.1340.61.164.62
              Apr 2, 2025 22:19:26.486047029 CEST5532723192.168.2.13180.227.22.87
              Apr 2, 2025 22:19:26.486061096 CEST5532723192.168.2.13218.185.57.91
              Apr 2, 2025 22:19:26.486068964 CEST5532723192.168.2.13220.145.165.213
              Apr 2, 2025 22:19:26.486069918 CEST5532723192.168.2.1336.65.232.221
              Apr 2, 2025 22:19:26.486077070 CEST5532723192.168.2.1368.150.26.225
              Apr 2, 2025 22:19:26.486586094 CEST5532723192.168.2.13207.193.201.138
              Apr 2, 2025 22:19:26.486588955 CEST5532723192.168.2.1395.44.189.225
              Apr 2, 2025 22:19:26.486607075 CEST5532723192.168.2.1342.12.27.174
              Apr 2, 2025 22:19:26.486613989 CEST5532723192.168.2.1372.30.80.15
              Apr 2, 2025 22:19:26.486619949 CEST5532723192.168.2.1375.73.253.178
              Apr 2, 2025 22:19:26.486633062 CEST5532723192.168.2.13216.221.172.165
              Apr 2, 2025 22:19:26.486643076 CEST5532723192.168.2.13121.230.31.126
              Apr 2, 2025 22:19:26.486964941 CEST5532723192.168.2.1320.164.107.58
              Apr 2, 2025 22:19:26.486983061 CEST5532723192.168.2.13165.117.45.114
              Apr 2, 2025 22:19:26.487018108 CEST5532723192.168.2.1384.117.48.231
              Apr 2, 2025 22:19:26.487020016 CEST5532723192.168.2.13143.41.65.155
              Apr 2, 2025 22:19:26.487030029 CEST5532723192.168.2.1389.56.21.105
              Apr 2, 2025 22:19:26.487041950 CEST5532723192.168.2.13170.12.74.190
              Apr 2, 2025 22:19:26.487041950 CEST5532723192.168.2.1327.27.110.64
              Apr 2, 2025 22:19:26.487061977 CEST5532723192.168.2.13255.239.43.57
              Apr 2, 2025 22:19:26.487071037 CEST5532723192.168.2.1316.123.62.220
              Apr 2, 2025 22:19:26.487088919 CEST5532723192.168.2.1398.175.169.159
              Apr 2, 2025 22:19:26.487126112 CEST5532723192.168.2.13188.126.110.156
              Apr 2, 2025 22:19:26.487127066 CEST5532723192.168.2.1339.42.78.104
              Apr 2, 2025 22:19:26.487149954 CEST5532723192.168.2.1391.93.188.15
              Apr 2, 2025 22:19:26.487169027 CEST5532723192.168.2.13191.150.55.172
              Apr 2, 2025 22:19:26.487185001 CEST5532723192.168.2.13255.86.54.67
              Apr 2, 2025 22:19:26.487215042 CEST5532723192.168.2.1399.169.34.134
              Apr 2, 2025 22:19:26.487220049 CEST5532723192.168.2.13136.239.50.155
              Apr 2, 2025 22:19:26.487258911 CEST5532723192.168.2.1388.138.215.113
              Apr 2, 2025 22:19:26.487267017 CEST5532723192.168.2.13100.18.218.1
              Apr 2, 2025 22:19:26.487267017 CEST5532723192.168.2.13212.149.138.106
              Apr 2, 2025 22:19:26.487293005 CEST5532723192.168.2.1337.38.17.47
              Apr 2, 2025 22:19:26.487325907 CEST5532723192.168.2.13186.218.163.182
              Apr 2, 2025 22:19:26.487329006 CEST5532723192.168.2.1367.22.250.61
              Apr 2, 2025 22:19:26.487335920 CEST5532723192.168.2.13165.181.219.88
              Apr 2, 2025 22:19:26.487339973 CEST5532723192.168.2.1343.1.171.207
              Apr 2, 2025 22:19:26.487390995 CEST5532723192.168.2.13203.107.78.8
              Apr 2, 2025 22:19:26.487447023 CEST5532723192.168.2.13147.174.73.83
              Apr 2, 2025 22:19:26.487447023 CEST5532723192.168.2.13180.7.116.73
              Apr 2, 2025 22:19:26.487464905 CEST5532723192.168.2.13253.121.162.186
              Apr 2, 2025 22:19:26.487473965 CEST5532723192.168.2.1393.247.21.85
              Apr 2, 2025 22:19:26.487482071 CEST5532723192.168.2.13135.141.225.104
              Apr 2, 2025 22:19:26.487490892 CEST5532723192.168.2.13195.9.181.122
              Apr 2, 2025 22:19:26.487499952 CEST5532723192.168.2.13170.72.167.45
              Apr 2, 2025 22:19:26.487499952 CEST5532723192.168.2.13101.214.229.35
              Apr 2, 2025 22:19:26.487514019 CEST5532723192.168.2.132.205.164.50
              Apr 2, 2025 22:19:26.487531900 CEST5532723192.168.2.1382.226.60.243
              Apr 2, 2025 22:19:26.487551928 CEST5532723192.168.2.13102.148.208.231
              Apr 2, 2025 22:19:26.487551928 CEST5532723192.168.2.1360.85.204.35
              Apr 2, 2025 22:19:26.487564087 CEST5532723192.168.2.13201.218.155.37
              Apr 2, 2025 22:19:26.487570047 CEST5532723192.168.2.13177.171.137.223
              Apr 2, 2025 22:19:26.487581968 CEST5532723192.168.2.1344.147.63.86
              Apr 2, 2025 22:19:26.487586021 CEST5532723192.168.2.13144.15.13.151
              Apr 2, 2025 22:19:26.487588882 CEST5532723192.168.2.1320.104.161.218
              Apr 2, 2025 22:19:26.487602949 CEST5532723192.168.2.1320.61.26.50
              Apr 2, 2025 22:19:26.487615108 CEST5532723192.168.2.1358.14.77.250
              Apr 2, 2025 22:19:26.487642050 CEST5532723192.168.2.135.120.128.170
              Apr 2, 2025 22:19:26.487643003 CEST5532723192.168.2.1347.198.115.34
              Apr 2, 2025 22:19:26.487653971 CEST5532723192.168.2.1359.180.45.19
              Apr 2, 2025 22:19:26.487654924 CEST5532723192.168.2.13196.8.21.254
              Apr 2, 2025 22:19:26.487677097 CEST5532723192.168.2.1344.85.72.48
              Apr 2, 2025 22:19:26.487677097 CEST5532723192.168.2.13139.159.253.83
              Apr 2, 2025 22:19:26.487679005 CEST5532723192.168.2.13154.219.170.186
              Apr 2, 2025 22:19:26.487680912 CEST5532723192.168.2.13105.255.8.199
              Apr 2, 2025 22:19:26.487688065 CEST5532723192.168.2.1391.57.31.43
              Apr 2, 2025 22:19:26.487699986 CEST5532723192.168.2.13195.41.43.143
              Apr 2, 2025 22:19:26.487732887 CEST5532723192.168.2.13162.206.129.71
              Apr 2, 2025 22:19:26.487735033 CEST5532723192.168.2.13220.215.48.32
              Apr 2, 2025 22:19:26.487735033 CEST5532723192.168.2.13246.36.71.172
              Apr 2, 2025 22:19:26.686652899 CEST788752640213.209.129.92192.168.2.13
              TimestampSource IPDest IPChecksumCodeType
              Apr 2, 2025 22:19:51.427145004 CEST192.168.2.13192.168.2.18279(Port unreachable)Destination Unreachable
              Apr 2, 2025 22:21:11.444179058 CEST192.168.2.13192.168.2.18279(Port unreachable)Destination Unreachable

              System Behavior

              General

              Start time (UTC):20:19:25
              Start date (UTC):02/04/2025
              Path:/tmp/xd.spc.elf
              Arguments:/tmp/xd.spc.elf
              File size:4379400 bytes
              MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

              File Activities

              Process Activities

              System Activities

              Network Activities


              General

              Start time (UTC):20:19:25
              Start date (UTC):02/04/2025
              Path:/tmp/xd.spc.elf
              Arguments:-
              File size:4379400 bytes
              MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:25
              Start date (UTC):02/04/2025
              Path:/tmp/xd.spc.elf
              Arguments:-
              File size:4379400 bytes
              MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

              File Activities

              Process Activities


              General

              Start time (UTC):20:19:25
              Start date (UTC):02/04/2025
              Path:/tmp/xd.spc.elf
              Arguments:-
              File size:4379400 bytes
              MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:25
              Start date (UTC):02/04/2025
              Path:/tmp/xd.spc.elf
              Arguments:-
              File size:4379400 bytes
              MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

              File Activities

              Process Activities


              General

              Start time (UTC):20:19:25
              Start date (UTC):02/04/2025
              Path:/tmp/xd.spc.elf
              Arguments:-
              File size:4379400 bytes
              MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

              File Activities

              Process Activities


              General

              Start time (UTC):20:19:26
              Start date (UTC):02/04/2025
              Path:/tmp/xd.spc.elf
              Arguments:-
              File size:4379400 bytes
              MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:29
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):20:19:29
              Start date (UTC):02/04/2025
              Path:/usr/bin/journalctl
              Arguments:/usr/bin/journalctl --smart-relinquish-var
              File size:80120 bytes
              MD5 hash:bf3a987344f3bacafc44efd882abda8b

              File Activities


              General

              Start time (UTC):20:19:29
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/libexec/gvfsd-fuse
              Arguments:-
              File size:47632 bytes
              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

              Process Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/bin/fusermount
              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
              File size:39144 bytes
              MD5 hash:576a1b135c82bdcbc97a91acea900566

              File Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3 (deleted)
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3 (deleted)
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3 (deleted)
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:30
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:31
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):20:19:31
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):20:19:31
              Start date (UTC):02/04/2025
              Path:/usr/bin/gpu-manager
              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
              File size:76616 bytes
              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

              File Activities


              General

              Start time (UTC):20:19:31
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:32
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities


              General

              Start time (UTC):20:19:32
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:33
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:34
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:19:35
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):20:19:35
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):20:19:36
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):20:19:37
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities